Reconnecting to live updates…
ThreatFox IOCs for 2025-12-21
Severity: mediumType: malware
ThreatFox IOCs for 2025-12-21
AI Analysis
Technical Summary
This entry from ThreatFox represents a set of Indicators of Compromise (IOCs) related to malware activities, specifically focusing on OSINT (Open Source Intelligence) and network activity associated with payload delivery. The data was published on December 21, 2025, and is sourced from the ThreatFox MISP feed, a platform known for sharing threat intelligence. The threat is categorized under OSINT and network activity, indicating that it involves reconnaissance or information gathering techniques possibly used to facilitate malware payload delivery. However, no specific affected software versions or products are identified, and no patches or known exploits are currently available, suggesting this is an intelligence report rather than a description of an active exploit. The technical details indicate a threat level of 2 (on an unspecified scale) and a distribution rating of 3, implying moderate spread or dissemination potential. The absence of concrete indicators or detailed technical analysis limits the ability to fully characterize the threat's mechanisms or targets. The medium severity rating reflects a balanced view of potential risk without evidence of active exploitation or critical vulnerabilities. This intelligence is valuable for security teams to update detection signatures and monitor for related activity but does not represent an immediate operational threat.
Potential Impact
For European organizations, the impact of this threat is currently limited due to the lack of specific exploit details or active attacks. The primary risk lies in potential reconnaissance and information gathering activities that could precede more targeted malware campaigns. Organizations relying heavily on OSINT tools or those with critical infrastructure that could be targeted by payload delivery mechanisms should be aware of these IOCs to enhance their detection capabilities. If these IOCs are integrated into threat detection systems, they can improve early warning and incident response. However, without active exploitation or known vulnerabilities, the immediate operational impact remains low to moderate. The threat could serve as a precursor to more sophisticated attacks, so maintaining situational awareness and readiness is important. Overall, the impact is primarily on the confidentiality and integrity of information if reconnaissance leads to successful payload delivery in the future.
Mitigation Recommendations
European organizations should incorporate the provided IOCs into their existing security monitoring and threat intelligence platforms to enhance detection of related network activity. Strengthening OSINT capabilities and ensuring continuous monitoring of network traffic for unusual payload delivery attempts can help identify early signs of compromise. Organizations should also conduct regular threat hunting exercises using these IOCs to proactively detect potential intrusions. Updating firewall and intrusion detection/prevention system (IDS/IPS) rules to flag suspicious network behaviors associated with these indicators is recommended. Since no patches or direct exploits are identified, focus should be on improving visibility and response readiness rather than patch management. Collaboration with national cybersecurity centers and sharing intelligence within trusted communities can improve collective defense. Training security analysts to recognize patterns related to OSINT-driven reconnaissance and payload delivery tactics will further enhance mitigation efforts.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy
Indicators of Compromise
- file: 45.93.20.134
- hash: 80
- domain: koz1.in.net
- url: http://160.250.132.50/ohshit.sh
- domain: convergepay.co.com
- domain: southstateonline.co.com
- domain: saferpay.co.com
- domain: spendesk.co.com
- domain: carterfcu.co.com
- domain: flagstarbank.co.com
- domain: tivimate.co.com
- domain: app-slash.co.com
- domain: fleetone.co.com
- domain: tronskan.co.com
- domain: skinbaaron.com
- domain: skinbaron.co.com
- domain: firstcitizensonline.co.com
- domain: websterbank.co.com
- domain: achievacredit.co.com
- domain: synovusbank.co.com
- domain: bannerbank.co.com
- domain: ephratanational.co.com
- domain: numericacredit.co.com
- domain: renasantbank.co.com
- domain: commercebank.co.com
- domain: comericawebbanking.co.com
- domain: amerisbank.co.com
- domain: vacuonline.co.com
- domain: psecumember.co.com
- domain: fusebox-elavon.co.com
- url: http://43.103.44.66:8888/supershell/login/
- domain: horizon-united-cherry.com
- file: 191.96.78.196
- hash: 2404
- file: 110.172.104.140
- hash: 443
- file: 202.155.11.205
- hash: 7443
- file: 91.108.27.135
- hash: 4782
- file: 102.98.77.193
- hash: 443
- file: 140.99.83.234
- hash: 23
- file: 85.9.202.108
- hash: 443
- file: 139.199.160.80
- hash: 31539
- file: 123.156.62.67
- hash: 3790
- file: 45.79.216.201
- hash: 80
- domain: bridge.sunf0rest.ru
- domain: stone.datap1xel.ru
- domain: ai.datap1xel.ru
- url: http://verify-captcha.sbs:3000/
- file: 83.217.209.224
- hash: 3000
- url: http://www.msk-captcha.cfd:3000/
- domain: q8jd.datap1xel.ru
- domain: akk.datap1xel.ru
- domain: 6zir.bluel1ght.ru
- url: http://38.148.242.220:8888/supershell/login/
- domain: h20.bluel1ght.ru
- domain: 5zp7i.bluel1ght.ru
- domain: gd7k1.bluel1ght.ru
- domain: mingle.gritpillow.ru
- domain: fern.gritpillow.ru
- domain: 81nm8.gritpillow.ru
- domain: ed0c6.gritpillow.ru
- domain: delta.sn1rlpatch.ru
- domain: shift.sn1rlpatch.ru
- domain: shadow.sn1rlpatch.ru
- domain: 3ji4a.sn1rlpatch.ru
- domain: c1.yourbigbro.shop
- file: 120.232.59.55
- hash: 63201
- file: 168.107.35.93
- hash: 8443
- domain: 56.quarkspoon.ru
- domain: ember.quarkspoon.ru
- domain: 1sx.quarkspoon.ru
- domain: w45p.quarkspoon.ru
- domain: quark.sn-1-rlpatch.ru
- domain: knob.sn-1-rlpatch.ru
- domain: 9lp0.sn-1-rlpatch.ru
- domain: e2etestsworker.localhost
- file: 110.172.104.140
- hash: 2404
- file: 45.61.140.137
- hash: 29972
- file: 77.3.173.158
- hash: 7443
- file: 52.184.27.75
- hash: 8443
- file: 103.177.47.107
- hash: 3790
- file: 98.89.37.138
- hash: 25783
- file: 35.95.13.51
- hash: 2000
- file: 171.6.121.184
- hash: 81
- file: 112.220.72.117
- hash: 443
- domain: grit.sn-1-rlpatch.ru
- domain: domain1.sa.com
- domain: snarl.quark-spoon.ru
- domain: 8a.quark-spoon.ru
- domain: g8xs.quark-spoon.ru
- domain: 16s.quark-spoon.ru
- domain: azcw.v0xencrate.ru
- domain: coil.v0xencrate.ru
- domain: fizz.v0xencrate.ru
- domain: gamma.v0xencrate.ru
- domain: wa.grit-pillow.ru
- domain: klpjx.grit-pillow.ru
- domain: bracket.grit-pillow.ru
- domain: psh09.grit-pillow.ru
- domain: alpha.ambercoil.ru
- domain: omega.ambercoil.ru
- domain: vixen.ambercoil.ru
- domain: 8ux.ambercoil.ru
- domain: nova.amber-coil.ru
- domain: torch.amber-coil.ru
- domain: qt.amber-coil.ru
- file: 45.153.34.176
- hash: 3778
- domain: nxu6.amber-coil.ru
- domain: crackle.fl1ntrelay.ru
- domain: warp.fl1ntrelay.ru
- domain: 0k.fl1ntrelay.ru
- domain: tvgiv.fl1ntrelay.ru
- file: 147.45.179.12
- hash: 32091
- file: 172.111.150.201
- hash: 3872
- file: 64.23.146.248
- hash: 31337
- file: 34.55.154.62
- hash: 8808
- file: 104.238.144.80
- hash: 7443
- file: 103.177.47.62
- hash: 3790
- file: 196.75.111.80
- hash: 2222
- file: 103.177.47.171
- hash: 3790
- domain: do.t0rchmingle.ru
- domain: jap7.t0rchmingle.ru
- domain: he.t0rchmingle.ru
- domain: 2to.t0rchmingle.ru
- file: 141.95.59.236
- hash: 1338
- domain: a9.j1ngleknob.ru
- file: 116.26.10.136
- hash: 36086
- file: 52.18.226.248
- hash: 443
- file: 52.18.239.4
- hash: 443
- file: 62.60.177.94
- hash: 8888
- file: 75.109.113.50
- hash: 8080
- domain: odd.j1ngleknob.ru
- domain: 3ek56.j1ngleknob.ru
- domain: b3g3.j1ngleknob.ru
- domain: nm1.hollow-fizz.ru
- domain: patchwork.hollow-fizz.ru
- domain: beta.hollow-fizz.ru
- domain: xze.hollow-fizz.ru
- domain: 8udp8.j-1-ngleknob.ru
- domain: yf2i.j-1-ngleknob.ru
- domain: spark.j-1-ngleknob.ru
- domain: crate.j-1-ngleknob.ru
- domain: glitch.hollowfizz.ru
- domain: jingle.hollowfizz.ru
- domain: weird.hollowfizz.ru
- file: 45.121.51.26
- hash: 80
- file: 1.12.233.147
- hash: 8001
- file: 107.172.31.101
- hash: 80
- file: 162.243.28.13
- hash: 7077
- file: 43.133.78.252
- hash: 7443
- file: 217.60.6.170
- hash: 7443
- file: 194.169.163.140
- hash: 7777
- file: 5.223.60.142
- hash: 60000
- file: 159.89.22.242
- hash: 3333
- file: 168.119.214.202
- hash: 810
- file: 146.190.55.237
- hash: 3333
- domain: km.hollowfizz.ru
- domain: 832ez.fl-1-ntrelay.ru
- domain: 8o9r.fl-1-ntrelay.ru
- domain: trace.fl-1-ntrelay.ru
- domain: 507.fl-1-ntrelay.ru
- domain: cc.bracketfern.ru
- domain: scd.bracketfern.ru
- file: 89.32.41.193
- hash: 80
- domain: danaloids-38924.portmap.host
- domain: maaahao.vip
- domain: rblfh.bracketfern.ru
- file: 34.142.254.254
- hash: 1024
- domain: py9.bracketfern.ru
- domain: 10.bracket-fern.ru
- domain: kurol.io
- domain: oi.bracket-fern.ru
- file: 104.244.76.93
- hash: 1454
- domain: jgdjo.bracket-fern.ru
- domain: 6i.bracket-fern.ru
- domain: s5ni.frei1r2tions.ru
- domain: gu.frei1r2tions.ru
- domain: pixel.frei1r2tions.ru
- domain: 9o.frei1r2tions.ru
- domain: i40.f1atte5tudies.ru
- domain: cloud.f1atte5tudies.ru
- domain: shadow.f1atte5tudies.ru
- domain: guard.f1atte5tudies.ru
- domain: 5of.ki7kar0und.ru
- domain: newapi-ffxg.onrender.com
- domain: jqgpu1.sp2ceba7tie.ru
- url: https://newapi-ffxg.onrender.com/api/send
- domain: i6kod8i.sp2ceba7tie.ru
- domain: peibxrv.sp2ceba7tie.ru
- domain: xyfkt0.sp2ceba7tie.ru
- domain: lpabx9f.ch2rredm0urn.ru
- domain: oqryhi.ch2rredm0urn.ru
- file: 152.136.247.9
- hash: 9999
- file: 154.36.165.102
- hash: 80
- file: 107.175.94.110
- hash: 80
- file: 47.94.208.110
- hash: 443
- domain: e09f4p3.d0nat1mpenet.ru
- domain: vzo9h.d0nat1mpenet.ru
- domain: ruev6.d0nat1mpenet.ru
- domain: mpen0d.d0nat1mpenet.ru
- domain: j29n0.d0nat1mpenet.ru
- file: 116.97.240.228
- hash: 6606
- domain: galciausuarios.shop
- domain: uxth9t.g2erharve5t.ru
- file: 54.174.121.164
- hash: 19287
- domain: zofe5k.g2erharve5t.ru
- domain: miqvut.g2erharve5t.ru
- file: 195.24.236.115
- hash: 8990
- domain: hadren.g2erharve5t.ru
- domain: pylc0x.g2erharve5t.ru
- domain: qjsbap.d0ubletr2ffic.ru
- domain: xurtev.d0ubletr2ffic.ru
- domain: lazf7o.d0ubletr2ffic.ru
- domain: qfegi1.d0ubletr2ffic.ru
- domain: hacgy.d0ubletr2ffic.ru
- file: 156.247.40.57
- hash: 6667
- domain: mmvzir.ha1fsovnarc0m.ru
- domain: fycgop.ha1fsovnarc0m.ru
- domain: hen0qt.ha1fsovnarc0m.ru
- domain: lyrbem.ha1fsovnarc0m.ru
- domain: pavqig.ha1fsovnarc0m.ru
- domain: bhgqaz.bed0kur5noop.ru
- url: http://taymurazwarclavow.space:8080/updater?for=e57cbc8db3cd6dfc22897bc02fee13d8
- domain: jsmufe.bed0kur5noop.ru
- domain: fytqon.bed0kur5noop.ru
- file: 113.240.86.19
- hash: 10250
- file: 185.29.11.117
- hash: 2404
- file: 195.20.17.49
- hash: 8888
- domain: qivk8o.bed0kur5noop.ru
- file: 62.60.177.94
- hash: 8443
- file: 106.250.166.45
- hash: 5709
- domain: naxul7.bed0kur5noop.ru
- file: 47.109.189.74
- hash: 80
- file: 212.192.15.225
- hash: 80
- file: 157.20.182.25
- hash: 4443
- file: 157.20.182.25
- hash: 4444
- file: 156.234.32.82
- hash: 3955
- file: 156.234.32.84
- hash: 3955
- file: 13.48.43.92
- hash: 7443
- file: 114.66.59.216
- hash: 4499
- file: 34.224.67.51
- hash: 1723
- domain: zvmdi3.fi7erup2ca.ru
- domain: rucgev.fi7erup2ca.ru
- domain: kdtriw.fi7erup2ca.ru
- domain: tqyhob.fi7erup2ca.ru
- file: 138.68.155.86
- hash: 5050
- domain: pnumtq.fi7erup2ca.ru
- domain: vqhrez.ki7kar0und.ru
- domain: czjot6.ki7kar0und.ru
- file: 193.32.190.177
- hash: 443
- domain: mykfeu.ki7kar0und.ru
- domain: flgqer.ki7kar0und.ru
- domain: wusgik.ki7kar0und.ru
- domain: uijy5p.f1atte5tudies.ru
- domain: qtrmew.f1atte5tudies.ru
- domain: xiwfut.f1atte5tudies.ru
- domain: bexiq9.f1atte5tudies.ru
- domain: hulsaf.f1atte5tudies.ru
- file: 125.227.20.205
- hash: 4279
- domain: iclw7k.frei1r2tions.ru
- file: 45.149.154.31
- hash: 4782
- domain: gsbqot.frei1r2tions.ru
- domain: pvnemi.frei1r2tions.ru
- domain: zuhxoq.frei1r2tions.ru
- file: 43.142.162.211
- hash: 7777
- domain: jafkim.frei1r2tions.ru
- file: 43.154.85.148
- hash: 6666
- file: 118.25.236.187
- hash: 6666
- file: 62.60.226.159
- hash: 27015
- url: http://62.60.226.159/xopbixc/data.php
- domain: xyrfom.stumbv1gil2nt.ru
- url: http://62.60.178.9/ce369e7324834845.php
- file: 62.60.178.9
- hash: 80
- domain: vutmeq.stumbv1gil2nt.ru
- domain: lbqhiw.stumbv1gil2nt.ru
- domain: qepzot.stumbv1gil2nt.ru
ThreatFox IOCs for 2025-12-21
0
MediumPublished: Sun Dec 21 2025 (12/21/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-12-21
AI-Powered Analysis
AILast updated: 12/22/2025, 00:12:03 UTC
Technical Analysis
This entry from ThreatFox represents a set of Indicators of Compromise (IOCs) related to malware activities, specifically focusing on OSINT (Open Source Intelligence) and network activity associated with payload delivery. The data was published on December 21, 2025, and is sourced from the ThreatFox MISP feed, a platform known for sharing threat intelligence. The threat is categorized under OSINT and network activity, indicating that it involves reconnaissance or information gathering techniques possibly used to facilitate malware payload delivery. However, no specific affected software versions or products are identified, and no patches or known exploits are currently available, suggesting this is an intelligence report rather than a description of an active exploit. The technical details indicate a threat level of 2 (on an unspecified scale) and a distribution rating of 3, implying moderate spread or dissemination potential. The absence of concrete indicators or detailed technical analysis limits the ability to fully characterize the threat's mechanisms or targets. The medium severity rating reflects a balanced view of potential risk without evidence of active exploitation or critical vulnerabilities. This intelligence is valuable for security teams to update detection signatures and monitor for related activity but does not represent an immediate operational threat.
Potential Impact
For European organizations, the impact of this threat is currently limited due to the lack of specific exploit details or active attacks. The primary risk lies in potential reconnaissance and information gathering activities that could precede more targeted malware campaigns. Organizations relying heavily on OSINT tools or those with critical infrastructure that could be targeted by payload delivery mechanisms should be aware of these IOCs to enhance their detection capabilities. If these IOCs are integrated into threat detection systems, they can improve early warning and incident response. However, without active exploitation or known vulnerabilities, the immediate operational impact remains low to moderate. The threat could serve as a precursor to more sophisticated attacks, so maintaining situational awareness and readiness is important. Overall, the impact is primarily on the confidentiality and integrity of information if reconnaissance leads to successful payload delivery in the future.
Mitigation Recommendations
European organizations should incorporate the provided IOCs into their existing security monitoring and threat intelligence platforms to enhance detection of related network activity. Strengthening OSINT capabilities and ensuring continuous monitoring of network traffic for unusual payload delivery attempts can help identify early signs of compromise. Organizations should also conduct regular threat hunting exercises using these IOCs to proactively detect potential intrusions. Updating firewall and intrusion detection/prevention system (IDS/IPS) rules to flag suspicious network behaviors associated with these indicators is recommended. Since no patches or direct exploits are identified, focus should be on improving visibility and response readiness rather than patch management. Collaboration with national cybersecurity centers and sharing intelligence within trusted communities can improve collective defense. Training security analysts to recognize patterns related to OSINT-driven reconnaissance and payload delivery tactics will further enhance mitigation efforts.
Affected Countries
Need more detailed analysis?Upgrade to Pro Console
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- dcb03905-d144-4576-93c9-d81d4519d0e1
- Original Timestamp
- 1766361786
Indicators of Compromise
File
| Value | Description | Copy |
|---|---|---|
file45.93.20.134 | Stealc botnet C2 server (confidence level: 100%) | |
file191.96.78.196 | Remcos botnet C2 server (confidence level: 100%) | |
file110.172.104.140 | Remcos botnet C2 server (confidence level: 100%) | |
file202.155.11.205 | Unknown malware botnet C2 server (confidence level: 100%) | |
file91.108.27.135 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file102.98.77.193 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file140.99.83.234 | Bashlite botnet C2 server (confidence level: 100%) | |
file85.9.202.108 | MimiKatz botnet C2 server (confidence level: 100%) | |
file139.199.160.80 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file123.156.62.67 | Meterpreter botnet C2 server (confidence level: 100%) | |
file45.79.216.201 | Unknown malware botnet C2 server (confidence level: 100%) | |
file83.217.209.224 | Unknown malware botnet C2 server (confidence level: 100%) | |
file120.232.59.55 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file168.107.35.93 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file110.172.104.140 | Remcos botnet C2 server (confidence level: 100%) | |
file45.61.140.137 | Sliver botnet C2 server (confidence level: 100%) | |
file77.3.173.158 | Unknown malware botnet C2 server (confidence level: 100%) | |
file52.184.27.75 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file103.177.47.107 | Meterpreter botnet C2 server (confidence level: 100%) | |
file98.89.37.138 | Meterpreter botnet C2 server (confidence level: 100%) | |
file35.95.13.51 | Empire Downloader botnet C2 server (confidence level: 100%) | |
file171.6.121.184 | Unknown malware botnet C2 server (confidence level: 100%) | |
file112.220.72.117 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.153.34.176 | Mirai botnet C2 server (confidence level: 80%) | |
file147.45.179.12 | Remcos botnet C2 server (confidence level: 100%) | |
file172.111.150.201 | Remcos botnet C2 server (confidence level: 100%) | |
file64.23.146.248 | Sliver botnet C2 server (confidence level: 100%) | |
file34.55.154.62 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file104.238.144.80 | Unknown malware botnet C2 server (confidence level: 100%) | |
file103.177.47.62 | Meterpreter botnet C2 server (confidence level: 100%) | |
file196.75.111.80 | Meterpreter botnet C2 server (confidence level: 100%) | |
file103.177.47.171 | Meterpreter botnet C2 server (confidence level: 100%) | |
file141.95.59.236 | Mirai botnet C2 server (confidence level: 100%) | |
file116.26.10.136 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file52.18.226.248 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file52.18.239.4 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file62.60.177.94 | Sliver botnet C2 server (confidence level: 75%) | |
file75.109.113.50 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file45.121.51.26 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file1.12.233.147 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file107.172.31.101 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file162.243.28.13 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file43.133.78.252 | Unknown malware botnet C2 server (confidence level: 100%) | |
file217.60.6.170 | Unknown malware botnet C2 server (confidence level: 100%) | |
file194.169.163.140 | DCRat botnet C2 server (confidence level: 100%) | |
file5.223.60.142 | Unknown malware botnet C2 server (confidence level: 100%) | |
file159.89.22.242 | Unknown malware botnet C2 server (confidence level: 100%) | |
file168.119.214.202 | Unknown malware botnet C2 server (confidence level: 100%) | |
file146.190.55.237 | Unknown malware botnet C2 server (confidence level: 100%) | |
file89.32.41.193 | MooBot botnet C2 server (confidence level: 100%) | |
file34.142.254.254 | Mirai botnet C2 server (confidence level: 80%) | |
file104.244.76.93 | XMRIG botnet C2 server (confidence level: 100%) | |
file152.136.247.9 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.36.165.102 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file107.175.94.110 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.94.208.110 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file116.97.240.228 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file54.174.121.164 | Meterpreter botnet C2 server (confidence level: 100%) | |
file195.24.236.115 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file156.247.40.57 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file113.240.86.19 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file185.29.11.117 | Remcos botnet C2 server (confidence level: 75%) | |
file195.20.17.49 | Sliver botnet C2 server (confidence level: 75%) | |
file62.60.177.94 | Havoc botnet C2 server (confidence level: 75%) | |
file106.250.166.45 | RMS botnet C2 server (confidence level: 100%) | |
file47.109.189.74 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file212.192.15.225 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file157.20.182.25 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file157.20.182.25 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file156.234.32.82 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file156.234.32.84 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file13.48.43.92 | Unknown malware botnet C2 server (confidence level: 100%) | |
file114.66.59.216 | Venom RAT botnet C2 server (confidence level: 100%) | |
file34.224.67.51 | Meterpreter botnet C2 server (confidence level: 100%) | |
file138.68.155.86 | NjRAT botnet C2 server (confidence level: 100%) | |
file193.32.190.177 | Cobalt Strike botnet C2 server (confidence level: 90%) | |
file125.227.20.205 | RMS botnet C2 server (confidence level: 100%) | |
file45.149.154.31 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file43.142.162.211 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.154.85.148 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file118.25.236.187 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file62.60.226.159 | Unknown Stealer botnet C2 server (confidence level: 100%) | |
file62.60.178.9 | Stealc botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash80 | Stealc botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Remcos botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash23 | Bashlite botnet C2 server (confidence level: 100%) | |
hash443 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash31539 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash63201 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash29972 | Sliver botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash25783 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash2000 | Empire Downloader botnet C2 server (confidence level: 100%) | |
hash81 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3778 | Mirai botnet C2 server (confidence level: 80%) | |
hash32091 | Remcos botnet C2 server (confidence level: 100%) | |
hash3872 | Remcos botnet C2 server (confidence level: 100%) | |
hash31337 | Sliver botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash2222 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash1338 | Mirai botnet C2 server (confidence level: 100%) | |
hash36086 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash8080 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8001 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7077 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7777 | DCRat botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash810 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash1024 | Mirai botnet C2 server (confidence level: 80%) | |
hash1454 | XMRIG botnet C2 server (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash19287 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash8990 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash6667 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash10250 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash2404 | Remcos botnet C2 server (confidence level: 75%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash8443 | Havoc botnet C2 server (confidence level: 75%) | |
hash5709 | RMS botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4443 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4444 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash3955 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash3955 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4499 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash1723 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash5050 | NjRAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 90%) | |
hash4279 | RMS botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash7777 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash6666 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash6666 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash27015 | Unknown Stealer botnet C2 server (confidence level: 100%) | |
hash80 | Stealc botnet C2 server (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainkoz1.in.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainconvergepay.co.com | Unknown malware botnet C2 domain (confidence level: 75%) | |
domainsouthstateonline.co.com | Unknown malware botnet C2 domain (confidence level: 75%) | |
domainsaferpay.co.com | Unknown malware botnet C2 domain (confidence level: 75%) | |
domainspendesk.co.com | Unknown malware botnet C2 domain (confidence level: 75%) | |
domaincarterfcu.co.com | Unknown malware botnet C2 domain (confidence level: 75%) | |
domainflagstarbank.co.com | Unknown malware botnet C2 domain (confidence level: 75%) | |
domaintivimate.co.com | Unknown malware botnet C2 domain (confidence level: 75%) | |
domainapp-slash.co.com | Unknown malware botnet C2 domain (confidence level: 75%) | |
domainfleetone.co.com | Unknown malware botnet C2 domain (confidence level: 75%) | |
domaintronskan.co.com | Unknown malware botnet C2 domain (confidence level: 75%) | |
domainskinbaaron.com | Unknown malware botnet C2 domain (confidence level: 75%) | |
domainskinbaron.co.com | Unknown malware botnet C2 domain (confidence level: 75%) | |
domainfirstcitizensonline.co.com | Unknown malware botnet C2 domain (confidence level: 75%) | |
domainwebsterbank.co.com | Unknown malware botnet C2 domain (confidence level: 75%) | |
domainachievacredit.co.com | Unknown malware botnet C2 domain (confidence level: 75%) | |
domainsynovusbank.co.com | Unknown malware botnet C2 domain (confidence level: 75%) | |
domainbannerbank.co.com | Unknown malware botnet C2 domain (confidence level: 75%) | |
domainephratanational.co.com | Unknown malware botnet C2 domain (confidence level: 75%) | |
domainnumericacredit.co.com | Unknown malware botnet C2 domain (confidence level: 75%) | |
domainrenasantbank.co.com | Unknown malware botnet C2 domain (confidence level: 75%) | |
domaincommercebank.co.com | Unknown malware botnet C2 domain (confidence level: 75%) | |
domaincomericawebbanking.co.com | Unknown malware botnet C2 domain (confidence level: 75%) | |
domainamerisbank.co.com | Unknown malware botnet C2 domain (confidence level: 75%) | |
domainvacuonline.co.com | Unknown malware botnet C2 domain (confidence level: 75%) | |
domainpsecumember.co.com | Unknown malware botnet C2 domain (confidence level: 75%) | |
domainfusebox-elavon.co.com | Unknown malware botnet C2 domain (confidence level: 75%) | |
domainhorizon-united-cherry.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainbridge.sunf0rest.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainstone.datap1xel.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainai.datap1xel.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainq8jd.datap1xel.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainakk.datap1xel.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain6zir.bluel1ght.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainh20.bluel1ght.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain5zp7i.bluel1ght.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingd7k1.bluel1ght.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmingle.gritpillow.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfern.gritpillow.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain81nm8.gritpillow.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domained0c6.gritpillow.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindelta.sn1rlpatch.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainshift.sn1rlpatch.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainshadow.sn1rlpatch.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain3ji4a.sn1rlpatch.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainc1.yourbigbro.shop | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domain56.quarkspoon.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainember.quarkspoon.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain1sx.quarkspoon.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainw45p.quarkspoon.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainquark.sn-1-rlpatch.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainknob.sn-1-rlpatch.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain9lp0.sn-1-rlpatch.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaine2etestsworker.localhost | Cobalt Strike botnet C2 domain (confidence level: 50%) | |
domaingrit.sn-1-rlpatch.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindomain1.sa.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainsnarl.quark-spoon.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain8a.quark-spoon.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaing8xs.quark-spoon.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain16s.quark-spoon.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainazcw.v0xencrate.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincoil.v0xencrate.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfizz.v0xencrate.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingamma.v0xencrate.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwa.grit-pillow.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainklpjx.grit-pillow.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbracket.grit-pillow.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpsh09.grit-pillow.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainalpha.ambercoil.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainomega.ambercoil.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainvixen.ambercoil.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain8ux.ambercoil.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainnova.amber-coil.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintorch.amber-coil.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainqt.amber-coil.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainnxu6.amber-coil.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincrackle.fl1ntrelay.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwarp.fl1ntrelay.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain0k.fl1ntrelay.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintvgiv.fl1ntrelay.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindo.t0rchmingle.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainjap7.t0rchmingle.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhe.t0rchmingle.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain2to.t0rchmingle.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaina9.j1ngleknob.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainodd.j1ngleknob.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain3ek56.j1ngleknob.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainb3g3.j1ngleknob.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainnm1.hollow-fizz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpatchwork.hollow-fizz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbeta.hollow-fizz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainxze.hollow-fizz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain8udp8.j-1-ngleknob.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainyf2i.j-1-ngleknob.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainspark.j-1-ngleknob.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincrate.j-1-ngleknob.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainglitch.hollowfizz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainjingle.hollowfizz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainweird.hollowfizz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainkm.hollowfizz.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain832ez.fl-1-ntrelay.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain8o9r.fl-1-ntrelay.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintrace.fl-1-ntrelay.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain507.fl-1-ntrelay.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincc.bracketfern.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainscd.bracketfern.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindanaloids-38924.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainmaaahao.vip | ValleyRAT botnet C2 domain (confidence level: 100%) | |
domainrblfh.bracketfern.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpy9.bracketfern.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain10.bracket-fern.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainkurol.io | Mirai botnet C2 domain (confidence level: 100%) | |
domainoi.bracket-fern.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainjgdjo.bracket-fern.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain6i.bracket-fern.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domains5ni.frei1r2tions.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingu.frei1r2tions.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpixel.frei1r2tions.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain9o.frei1r2tions.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaini40.f1atte5tudies.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincloud.f1atte5tudies.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainshadow.f1atte5tudies.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainguard.f1atte5tudies.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain5of.ki7kar0und.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainnewapi-ffxg.onrender.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainjqgpu1.sp2ceba7tie.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaini6kod8i.sp2ceba7tie.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpeibxrv.sp2ceba7tie.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainxyfkt0.sp2ceba7tie.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainlpabx9f.ch2rredm0urn.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainoqryhi.ch2rredm0urn.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaine09f4p3.d0nat1mpenet.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainvzo9h.d0nat1mpenet.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainruev6.d0nat1mpenet.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmpen0d.d0nat1mpenet.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainj29n0.d0nat1mpenet.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingalciausuarios.shop | Havoc botnet C2 domain (confidence level: 100%) | |
domainuxth9t.g2erharve5t.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainzofe5k.g2erharve5t.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmiqvut.g2erharve5t.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhadren.g2erharve5t.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpylc0x.g2erharve5t.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainqjsbap.d0ubletr2ffic.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainxurtev.d0ubletr2ffic.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainlazf7o.d0ubletr2ffic.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainqfegi1.d0ubletr2ffic.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhacgy.d0ubletr2ffic.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmmvzir.ha1fsovnarc0m.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfycgop.ha1fsovnarc0m.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhen0qt.ha1fsovnarc0m.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainlyrbem.ha1fsovnarc0m.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpavqig.ha1fsovnarc0m.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbhgqaz.bed0kur5noop.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainjsmufe.bed0kur5noop.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfytqon.bed0kur5noop.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainqivk8o.bed0kur5noop.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainnaxul7.bed0kur5noop.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainzvmdi3.fi7erup2ca.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainrucgev.fi7erup2ca.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainkdtriw.fi7erup2ca.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintqyhob.fi7erup2ca.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpnumtq.fi7erup2ca.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainvqhrez.ki7kar0und.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainczjot6.ki7kar0und.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmykfeu.ki7kar0und.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainflgqer.ki7kar0und.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwusgik.ki7kar0und.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainuijy5p.f1atte5tudies.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainqtrmew.f1atte5tudies.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainxiwfut.f1atte5tudies.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbexiq9.f1atte5tudies.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhulsaf.f1atte5tudies.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainiclw7k.frei1r2tions.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingsbqot.frei1r2tions.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpvnemi.frei1r2tions.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainzuhxoq.frei1r2tions.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainjafkim.frei1r2tions.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainxyrfom.stumbv1gil2nt.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainvutmeq.stumbv1gil2nt.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainlbqhiw.stumbv1gil2nt.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainqepzot.stumbv1gil2nt.ru | ClearFake payload delivery domain (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://160.250.132.50/ohshit.sh | Unknown malware payload delivery URL (confidence level: 75%) | |
urlhttp://43.103.44.66:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://verify-captcha.sbs:3000/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://www.msk-captcha.cfd:3000/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://38.148.242.220:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://newapi-ffxg.onrender.com/api/send | Unknown Stealer botnet C2 (confidence level: 100%) | |
urlhttp://taymurazwarclavow.space:8080/updater?for=e57cbc8db3cd6dfc22897bc02fee13d8 | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://62.60.226.159/xopbixc/data.php | Unknown Stealer botnet C2 (confidence level: 100%) | |
urlhttp://62.60.178.9/ce369e7324834845.php | Stealc botnet C2 (confidence level: 100%) |
Threat ID: 69488cc7a595d307a781fae9
Added to database: 12/22/2025, 12:11:52 AM
Last enriched: 12/22/2025, 12:12:03 AM
Last updated: 2/4/2026, 1:19:51 PM
Views: 133
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Sort by
Loading community insights…
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks
MediumMalwareWed Feb 04 2026
ThreatFox IOCs for 2026-02-03
MediumMalwareWed Feb 04 2026
Notepad++ supply chain attack breakdown
MediumMalwareTue Feb 03 2026
Infostealers without borders: macOS, Python stealers, and platform abuse
MediumMalwareTue Feb 03 2026
The Chrysalis Backdoor: A Deep Dive into Lotus Blossom's toolkit
MediumMalwareTue Feb 03 2026
Actions
PRO
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Please log in to the Console to use AI analysis features.
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.