Skip to main content
Threat Radar animated logo
DashboardThreatsMapFeedsAPILifetime Access
reconnecting
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

ThreatFox IOCs for 2025-12-29

0
Medium
Malwaretype:osinttlp:white
Published: Mon Dec 29 2025 (12/29/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2025-12-29

AI-Powered Analysis

AILast updated: 12/30/2025, 22:15:02 UTC

Technical Analysis

This threat entry from the ThreatFox MISP feed dated December 29, 2025, references a set of Indicators of Compromise (IOCs) associated with malware activity primarily categorized under OSINT (Open Source Intelligence), network activity, and payload delivery. The information provided is minimal, lacking specific affected software versions, detailed technical indicators, or exploit descriptions. The threat is assigned a medium severity and a threat level of 2, suggesting moderate risk but without confirmed active exploitation in the wild. The absence of patches or known exploits indicates that this may be an emerging or low-confidence threat profile rather than an active widespread campaign. The focus on OSINT and network activity implies that the threat actors may be conducting reconnaissance or preparing for payload delivery, potentially targeting network infrastructure or endpoints through indirect means. The lack of concrete indicators or CWE references limits the ability to pinpoint exact attack vectors or vulnerabilities. Overall, this appears to be an intelligence update highlighting potential malware-related activity with moderate concern but limited actionable technical details at this time.

Potential Impact

For European organizations, the impact of this threat is currently uncertain due to the lack of specific exploitation details or targeted products. However, the categorization under payload delivery and network activity suggests potential risks including unauthorized access, data exfiltration, or disruption if the payloads are successfully delivered. Organizations with extensive network infrastructure or those relying on OSINT for threat detection may face increased reconnaissance activity, which could precede more targeted attacks. The medium severity indicates that while immediate critical impact is unlikely, the threat could evolve, necessitating vigilance. Potential impacts include temporary service disruption, compromise of sensitive information, or foothold establishment by threat actors. The absence of known exploits in the wild reduces immediate risk but does not eliminate the possibility of future exploitation. European entities involved in critical infrastructure, finance, or government sectors should be particularly attentive given their strategic importance and attractiveness to threat actors.

Mitigation Recommendations

Given the limited technical details and absence of patches, mitigation should focus on proactive detection and response strategies. Organizations should enhance network traffic monitoring to identify unusual patterns indicative of payload delivery attempts or reconnaissance activities. Integration of ThreatFox and other OSINT feeds into Security Information and Event Management (SIEM) systems can improve early detection of emerging IOCs. Regularly updating and tuning intrusion detection/prevention systems (IDS/IPS) to recognize new threat signatures is essential. Conducting threat hunting exercises focused on network anomalies and suspicious payloads can help identify potential compromises early. Employee awareness training on phishing and social engineering remains critical to prevent initial infection vectors. Network segmentation and strict access controls can limit lateral movement if payloads are delivered. Finally, maintaining robust incident response plans ensures rapid containment and remediation if an infection occurs.

Affected Countries

GermanyGermany
FranceFrance
United KingdomUnited Kingdom
NetherlandsNetherlands
ItalyItaly
Need more detailed analysis?Upgrade to Pro Console

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
00df263f-c2ee-4350-ad1b-d156f29d9123
Original Timestamp
1767052986

Indicators of Compromise

Url

ValueDescriptionCopy
urlhttp://91.215.85.42:3003/login
Unknown malware botnet C2 (confidence level: 100%)
urlhttps://41.216.188.41/login
Unknown malware botnet C2 (confidence level: 100%)
urlhttps://20.92.160.27/
Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://54.197.245.249/
Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://216.172.170.236/
Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://173.254.106.143/
Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://172.191.195.85/
Unknown malware payload delivery URL (confidence level: 90%)
urlhttp://130.12.180.20:36695/cat.sh
Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://phrupmv.su/vkd
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://sinitjq.cyou/api
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://t.me/noriastopchelik1
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://t.me/skoolabvgd192
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttp://130.12.180.85/file/ssh.sh
Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://108.179.231.237/
Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://easycart.in.net/
Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://captcha-online.live/
Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://203.161.60.226/
Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://125.253.125.72/
Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://vpnkit.tech/
Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://54.254.254.50/
Unknown malware payload delivery URL (confidence level: 90%)
urlhttp://151.243.113.74
Stealc botnet C2 (confidence level: 100%)
urlhttp://62.164.177.35/be1577246a994a10.php
Stealc botnet C2 (confidence level: 100%)
urlhttps://kak.is/get_it.php
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://93.152.230.9/h8jfdmdws/index.php
Amadey botnet C2 (confidence level: 100%)
urlhttps://118.139.167.36/
Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://165.22.182.5/
Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://52.23.9.8/
Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://103.241.42.39/
Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://51.77.34.184/
Unknown malware payload delivery URL (confidence level: 90%)
urlhttp://93.152.230.9/h8jfdmdws/login.php
Amadey botnet C2 (confidence level: 100%)
urlhttps://metavrze.com/5h5h.js
KongTuke payload delivery URL (confidence level: 100%)
urlhttps://metavrze.com/js.php
KongTuke payload delivery URL (confidence level: 100%)
urlhttps://www.mobileloavestc.org/
Unknown malware payload delivery URL (confidence level: 90%)

File

ValueDescriptionCopy
file45.145.42.226
Unknown malware botnet C2 server (confidence level: 100%)
file134.209.96.175
Mirai botnet C2 server (confidence level: 80%)
file77.110.114.203
Stealc botnet C2 server (confidence level: 100%)
file154.193.216.54
Cobalt Strike botnet C2 server (confidence level: 100%)
file216.126.227.58
Sliver botnet C2 server (confidence level: 90%)
file154.53.35.211
AsyncRAT botnet C2 server (confidence level: 100%)
file45.76.44.47
Unknown malware botnet C2 server (confidence level: 100%)
file34.180.25.91
Unknown malware botnet C2 server (confidence level: 100%)
file193.29.13.89
Unknown malware botnet C2 server (confidence level: 100%)
file62.60.176.108
Hook botnet C2 server (confidence level: 100%)
file116.102.237.0
Venom RAT botnet C2 server (confidence level: 100%)
file157.173.113.68
Unknown malware botnet C2 server (confidence level: 100%)
file79.137.202.203
Unknown malware botnet C2 server (confidence level: 100%)
file51.21.170.220
Unknown malware botnet C2 server (confidence level: 100%)
file37.64.81.118
Unknown malware botnet C2 server (confidence level: 100%)
file138.197.119.79
Unknown malware botnet C2 server (confidence level: 100%)
file51.21.181.163
Unknown malware botnet C2 server (confidence level: 100%)
file154.53.35.133
Unknown malware botnet C2 server (confidence level: 100%)
file101.43.39.154
Unknown malware botnet C2 server (confidence level: 100%)
file82.23.246.27
FatalRat botnet C2 server (confidence level: 100%)
file38.181.20.30
FatalRat botnet C2 server (confidence level: 100%)
file45.58.126.216
Remcos botnet C2 server (confidence level: 100%)
file104.234.114.50
Remcos botnet C2 server (confidence level: 100%)
file178.16.54.81
Remcos botnet C2 server (confidence level: 100%)
file150.241.68.11
Sliver botnet C2 server (confidence level: 100%)
file213.14.158.35
DCRat botnet C2 server (confidence level: 100%)
file154.193.216.54
MimiKatz botnet C2 server (confidence level: 100%)
file192.69.181.145
Empire Downloader botnet C2 server (confidence level: 100%)
file108.179.231.237
Unknown malware botnet C2 server (confidence level: 100%)
file77.110.109.2
Stealc botnet C2 server (confidence level: 100%)
file114.66.38.114
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.242.13.32
Cobalt Strike botnet C2 server (confidence level: 100%)
file102.117.171.199
Unknown malware botnet C2 server (confidence level: 100%)
file45.76.44.47
Unknown malware botnet C2 server (confidence level: 100%)
file103.177.46.105
Meterpreter botnet C2 server (confidence level: 100%)
file103.177.46.109
Meterpreter botnet C2 server (confidence level: 100%)
file203.161.60.226
Unknown malware botnet C2 server (confidence level: 100%)
file125.253.125.72
Unknown malware botnet C2 server (confidence level: 100%)
file54.254.254.50
Unknown malware botnet C2 server (confidence level: 100%)
file209.250.2.244
Unknown malware botnet C2 server (confidence level: 100%)
file108.179.231.237
Unknown malware botnet C2 server (confidence level: 100%)
file151.243.113.74
Stealc botnet C2 server (confidence level: 100%)
file94.103.84.143
Unknown malware botnet C2 server (confidence level: 75%)
file108.165.147.72
Cobalt Strike botnet C2 server (confidence level: 100%)
file81.70.17.79
Cobalt Strike botnet C2 server (confidence level: 100%)
file41.251.119.120
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file54.242.48.186
Meterpreter botnet C2 server (confidence level: 100%)
file103.177.46.120
Meterpreter botnet C2 server (confidence level: 100%)
file54.147.60.76
Meterpreter botnet C2 server (confidence level: 100%)
file103.177.47.16
Meterpreter botnet C2 server (confidence level: 100%)
file103.177.47.17
Meterpreter botnet C2 server (confidence level: 100%)
file103.177.46.119
Meterpreter botnet C2 server (confidence level: 100%)
file165.22.182.5
Unknown malware botnet C2 server (confidence level: 100%)
file118.139.167.36
Unknown malware botnet C2 server (confidence level: 100%)
file51.77.34.184
Unknown malware botnet C2 server (confidence level: 100%)
file52.23.9.8
Unknown malware botnet C2 server (confidence level: 100%)
file52.23.9.8
Unknown malware botnet C2 server (confidence level: 100%)
file103.25.172.132
DeimosC2 botnet C2 server (confidence level: 75%)
file149.28.226.227
DeimosC2 botnet C2 server (confidence level: 75%)
file222.186.17.103
DeimosC2 botnet C2 server (confidence level: 75%)
file178.128.54.100
Mirai botnet C2 server (confidence level: 75%)
file134.122.13.243
Mirai botnet C2 server (confidence level: 75%)
file185.241.208.183
Mirai botnet C2 server (confidence level: 75%)
file91.208.206.49
Mirai botnet C2 server (confidence level: 75%)
file45.153.34.199
Mirai botnet C2 server (confidence level: 75%)
file93.152.230.9
Amadey botnet C2 server (confidence level: 50%)
file107.149.212.204
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.105.37.162
Cobalt Strike botnet C2 server (confidence level: 100%)
file180.97.215.152
Cobalt Strike botnet C2 server (confidence level: 100%)
file95.9.236.229
AsyncRAT botnet C2 server (confidence level: 100%)
file144.126.149.104
AsyncRAT botnet C2 server (confidence level: 100%)
file62.60.177.252
Hook botnet C2 server (confidence level: 100%)
file161.22.41.115
Havoc botnet C2 server (confidence level: 100%)
file104.248.218.2
Unknown malware botnet C2 server (confidence level: 100%)
file95.179.240.53
Unknown malware botnet C2 server (confidence level: 100%)
file180.184.71.154
Unknown malware botnet C2 server (confidence level: 100%)
file67.201.10.186
Unknown malware botnet C2 server (confidence level: 100%)
file194.15.36.106
Remcos botnet C2 server (confidence level: 100%)
file51.178.11.179
Remcos botnet C2 server (confidence level: 100%)
file3.83.240.155
Meterpreter botnet C2 server (confidence level: 100%)
file3.84.15.102
Meterpreter botnet C2 server (confidence level: 100%)
file125.253.125.72
Unknown malware botnet C2 server (confidence level: 100%)
file51.77.34.184
Unknown malware botnet C2 server (confidence level: 100%)
file54.197.245.249
Unknown malware botnet C2 server (confidence level: 100%)
file154.201.64.231
Meterpreter botnet C2 server (confidence level: 75%)
file77.110.115.239
Meterpreter botnet C2 server (confidence level: 75%)
file38.190.198.55
Cobalt Strike botnet C2 server (confidence level: 75%)
file192.227.152.193
Cobalt Strike botnet C2 server (confidence level: 100%)
file65.109.115.25
AsyncRAT botnet C2 server (confidence level: 100%)
file144.126.149.104
AsyncRAT botnet C2 server (confidence level: 100%)
file137.184.177.153
Unknown malware botnet C2 server (confidence level: 100%)
file54.145.155.184
Meterpreter botnet C2 server (confidence level: 100%)
file3.83.240.155
Meterpreter botnet C2 server (confidence level: 100%)
file3.83.240.155
Meterpreter botnet C2 server (confidence level: 100%)
file54.175.169.250
Meterpreter botnet C2 server (confidence level: 100%)
file159.89.93.96
Unknown malware botnet C2 server (confidence level: 100%)
file104.199.169.72
Unknown malware botnet C2 server (confidence level: 100%)
file34.94.210.64
Unknown malware botnet C2 server (confidence level: 100%)
file85.235.145.247
Unknown malware botnet C2 server (confidence level: 100%)
file196.251.100.52
PureLogs Stealer botnet C2 server (confidence level: 100%)
file95.81.123.169
XWorm botnet C2 server (confidence level: 100%)
file159.0.9.187
QakBot botnet C2 server (confidence level: 75%)
file47.115.50.168
Havoc botnet C2 server (confidence level: 75%)
file94.154.172.27
Cobalt Strike botnet C2 server (confidence level: 100%)
file118.178.243.114
Cobalt Strike botnet C2 server (confidence level: 100%)
file198.12.85.86
Cobalt Strike botnet C2 server (confidence level: 100%)
file198.12.85.86
Cobalt Strike botnet C2 server (confidence level: 100%)
file77.83.198.157
Unknown RAT botnet C2 server (confidence level: 100%)
file66.154.127.200
Sliver botnet C2 server (confidence level: 100%)
file161.248.179.43
AsyncRAT botnet C2 server (confidence level: 100%)
file107.189.20.95
SectopRAT botnet C2 server (confidence level: 100%)
file116.102.237.0
Venom RAT botnet C2 server (confidence level: 100%)
file95.40.110.232
Nimplant botnet C2 server (confidence level: 100%)
file67.205.182.255
Unknown malware botnet C2 server (confidence level: 100%)
file173.231.199.178
Unknown malware botnet C2 server (confidence level: 100%)
file34.60.93.120
Unknown malware botnet C2 server (confidence level: 100%)
file134.209.102.103
Unknown malware botnet C2 server (confidence level: 100%)
file143.110.235.189
Unknown malware botnet C2 server (confidence level: 100%)

Hash

ValueDescriptionCopy
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash9869
Mirai botnet C2 server (confidence level: 80%)
hash80
Stealc botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash27773
Sliver botnet C2 server (confidence level: 90%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash6001
Venom RAT botnet C2 server (confidence level: 100%)
hash13333
Unknown malware botnet C2 server (confidence level: 100%)
hash2087
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash1080
FatalRat botnet C2 server (confidence level: 100%)
hash1080
FatalRat botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash4341
Remcos botnet C2 server (confidence level: 100%)
hash2405
Remcos botnet C2 server (confidence level: 100%)
hash80
Sliver botnet C2 server (confidence level: 100%)
hash6000
DCRat botnet C2 server (confidence level: 100%)
hash8080
MimiKatz botnet C2 server (confidence level: 100%)
hash443
Empire Downloader botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Stealc botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash3790
Meterpreter botnet C2 server (confidence level: 100%)
hash3790
Meterpreter botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Stealc botnet C2 server (confidence level: 100%)
hash5528
Unknown malware botnet C2 server (confidence level: 75%)
hash5008
Cobalt Strike botnet C2 server (confidence level: 100%)
hash62202
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash2455
Meterpreter botnet C2 server (confidence level: 100%)
hash3790
Meterpreter botnet C2 server (confidence level: 100%)
hash40342
Meterpreter botnet C2 server (confidence level: 100%)
hash3790
Meterpreter botnet C2 server (confidence level: 100%)
hash3790
Meterpreter botnet C2 server (confidence level: 100%)
hash3790
Meterpreter botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash8450
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash4506
DeimosC2 botnet C2 server (confidence level: 75%)
hash38241
Mirai botnet C2 server (confidence level: 75%)
hash39691
Mirai botnet C2 server (confidence level: 75%)
hash1312
Mirai botnet C2 server (confidence level: 75%)
hash6970
Mirai botnet C2 server (confidence level: 75%)
hash56999
Mirai botnet C2 server (confidence level: 75%)
hash80
Amadey botnet C2 server (confidence level: 50%)
hash2444
Cobalt Strike botnet C2 server (confidence level: 100%)
hash12345
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9100
Cobalt Strike botnet C2 server (confidence level: 100%)
hash888
AsyncRAT botnet C2 server (confidence level: 100%)
hash7777
AsyncRAT botnet C2 server (confidence level: 100%)
hash8082
Hook botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash5672
Meterpreter botnet C2 server (confidence level: 100%)
hash888
Meterpreter botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Meterpreter botnet C2 server (confidence level: 75%)
hash8443
Meterpreter botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash2083
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2025
AsyncRAT botnet C2 server (confidence level: 100%)
hash20900
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash33747
Meterpreter botnet C2 server (confidence level: 100%)
hash22422
Meterpreter botnet C2 server (confidence level: 100%)
hash22922
Meterpreter botnet C2 server (confidence level: 100%)
hash9300
Meterpreter botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash11200
PureLogs Stealer botnet C2 server (confidence level: 100%)
hash7777
XWorm botnet C2 server (confidence level: 100%)
hash443
QakBot botnet C2 server (confidence level: 75%)
hash443
Havoc botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash88
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Unknown RAT botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash80
AsyncRAT botnet C2 server (confidence level: 100%)
hash9000
SectopRAT botnet C2 server (confidence level: 100%)
hash9999
Venom RAT botnet C2 server (confidence level: 100%)
hash80
Nimplant botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)

Domain

ValueDescriptionCopy
domainmosmet.ru.com
AsyncRAT botnet C2 domain (confidence level: 50%)
domainfitspresso.co.com
AsyncRAT botnet C2 domain (confidence level: 50%)
domain356gfbo3to.gb.net
AsyncRAT botnet C2 domain (confidence level: 100%)
domainname.sa.com
DCRat botnet C2 domain (confidence level: 100%)
domainnationalwaste.uk.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domain9850.cn.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domain44471.jp.net
AsyncRAT botnet C2 domain (confidence level: 100%)
domainlogin.44471.jp.net
AsyncRAT botnet C2 domain (confidence level: 100%)
domainhhu.uk.com
Quasar RAT botnet C2 domain (confidence level: 100%)
domainmjo.uk.com
Quasar RAT botnet C2 domain (confidence level: 100%)
domainenergysave.uk.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domaincrsc.eu.com
Quasar RAT botnet C2 domain (confidence level: 100%)
domainngo.uk.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainj7wp03f8.rainshield.ru
ClearFake payload delivery domain (confidence level: 100%)
domainra6pw4r3.rainshield.ru
ClearFake payload delivery domain (confidence level: 100%)
domain2h5ydzqo.rainshield.ru
ClearFake payload delivery domain (confidence level: 100%)
domaina5cciv20.rainshield.ru
ClearFake payload delivery domain (confidence level: 100%)
domain47ogw79y.deepmi5t.ru
ClearFake payload delivery domain (confidence level: 100%)
domain9oowqjso.deepmi5t.ru
ClearFake payload delivery domain (confidence level: 100%)
domainvermclta.deepmi5t.ru
ClearFake payload delivery domain (confidence level: 100%)
domain99lss5vw.deepmi5t.ru
ClearFake payload delivery domain (confidence level: 100%)
domainy7euy6ea.deepmi5t.ru
ClearFake payload delivery domain (confidence level: 100%)
domaintqi7q7rf.deepmi5t.ru
ClearFake payload delivery domain (confidence level: 100%)
domain4kgnpztl.deepmi5t.ru
ClearFake payload delivery domain (confidence level: 100%)
domainsamniqqas12.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domainreelshare.in.net
DCRat botnet C2 domain (confidence level: 100%)
domainwww.la-beaute.jp.net
DCRat botnet C2 domain (confidence level: 100%)
domainpart.ru.com
DCRat botnet C2 domain (confidence level: 100%)
domaintwitch.za.com
DCRat botnet C2 domain (confidence level: 100%)
domainykurk-143-244-47-87.a.free.pinggy.link
Unknown malware botnet C2 domain (confidence level: 100%)
domaingripsleep.xyz
Unknown Loader botnet C2 domain (confidence level: 100%)
domainpizzasthread.xyz
Unknown Loader botnet C2 domain (confidence level: 100%)
domainou5858.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainou5959.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainou6060.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainbot.devnguvcl.dev
Mirai botnet C2 domain (confidence level: 100%)
domainoxycodone.email
Mirai botnet C2 domain (confidence level: 100%)
domainzzz.leproxy.blog
Mirai botnet C2 domain (confidence level: 100%)
domainwza2i4g3.fr0stw1ng.ru
ClearFake payload delivery domain (confidence level: 100%)
domaine5aild1m.fr0stw1ng.ru
ClearFake payload delivery domain (confidence level: 100%)
domaing4q5p73e.fr0stw1ng.ru
ClearFake payload delivery domain (confidence level: 100%)
domainu6mf1131.fr0stw1ng.ru
ClearFake payload delivery domain (confidence level: 100%)
domainyrwx65jv.w1ndshift.ru
ClearFake payload delivery domain (confidence level: 100%)
domainfwypvent.w1ndshift.ru
ClearFake payload delivery domain (confidence level: 100%)
domain8i60caub.w1ndshift.ru
ClearFake payload delivery domain (confidence level: 100%)
domainly7p6r10.w1ndshift.ru
ClearFake payload delivery domain (confidence level: 100%)
domain0oq3vcby.skyf1ow.ru
ClearFake payload delivery domain (confidence level: 100%)
domainurj2bp9a.skyf1ow.ru
ClearFake payload delivery domain (confidence level: 100%)
domainumnj5g1g.skyf1ow.ru
ClearFake payload delivery domain (confidence level: 100%)
domain84hjxo5f.skyf1ow.ru
ClearFake payload delivery domain (confidence level: 100%)
domain8ivg8p58.cl0udr1dge.ru
ClearFake payload delivery domain (confidence level: 100%)
domainxcd2tiab.cl0udr1dge.ru
ClearFake payload delivery domain (confidence level: 100%)
domain522bmwhj.cl0udr1dge.ru
ClearFake payload delivery domain (confidence level: 100%)
domain3n64fa05.blueh1ll.ru
ClearFake payload delivery domain (confidence level: 100%)
domainhopaa18r.blueh1ll.ru
ClearFake payload delivery domain (confidence level: 100%)
domain0do79h4s.blueh1ll.ru
ClearFake payload delivery domain (confidence level: 100%)
domainit8zf5px.darkc0a5t.ru
ClearFake payload delivery domain (confidence level: 100%)
domaindv09pgac.darkc0a5t.ru
ClearFake payload delivery domain (confidence level: 100%)
domainhsvltty0.darkc0a5t.ru
ClearFake payload delivery domain (confidence level: 100%)
domainqgy86o6o.cl0ud5tream.ru
ClearFake payload delivery domain (confidence level: 100%)
domaini7ov2xvv.cl0ud5tream.ru
ClearFake payload delivery domain (confidence level: 100%)
domainagriomaymaite22.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domainlogs.tczflw.za.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainlogin.reelshare.in.net
AsyncRAT botnet C2 domain (confidence level: 100%)
domainlogin.la-beaute.jp.net
AsyncRAT botnet C2 domain (confidence level: 100%)
domainlogin.twitch.za.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainn37dschg.windf1eld.ru
ClearFake payload delivery domain (confidence level: 100%)
domainhpel0i42.windf1eld.ru
ClearFake payload delivery domain (confidence level: 100%)
domain988gfbyb.n1ghtsh0re.ru
ClearFake payload delivery domain (confidence level: 100%)
domain2ueuas0z.n1ghtsh0re.ru
ClearFake payload delivery domain (confidence level: 100%)
domain2oof5izm.mi5tpath.ru
ClearFake payload delivery domain (confidence level: 100%)
domain9xllntvv.mi5tpath.ru
ClearFake payload delivery domain (confidence level: 100%)
domain4yyzsm3c107cp.cfc-execute.bj.baidubce.com
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainkwjscfh0.rainfail.ru
ClearFake payload delivery domain (confidence level: 100%)
domain15cazygd.rainfail.ru
ClearFake payload delivery domain (confidence level: 100%)
domainlnb0oyvs.sun5tone.ru
ClearFake payload delivery domain (confidence level: 100%)
domain7pdbgocs.sun5tone.ru
ClearFake payload delivery domain (confidence level: 100%)
domainurl8uzxf.bi8otz1on.ru
ClearFake payload delivery domain (confidence level: 100%)
domainyox8dork.bi8otz1on.ru
ClearFake payload delivery domain (confidence level: 100%)
domainp2ov4cfd.bi8otz1on.ru
ClearFake payload delivery domain (confidence level: 100%)
domainf36h8hcw.p2ciftamp0n.ru
ClearFake payload delivery domain (confidence level: 100%)
domain4r6kbm0t.p2ciftamp0n.ru
ClearFake payload delivery domain (confidence level: 100%)
domainiad0tpub.p2ciftamp0n.ru
ClearFake payload delivery domain (confidence level: 100%)
domainw3djb3j2.p2ciftamp0n.ru
ClearFake payload delivery domain (confidence level: 100%)
domaintxw9b5bd.r2nkteh2.ru
ClearFake payload delivery domain (confidence level: 100%)
domainzyfkjj8j.r2nkteh2.ru
ClearFake payload delivery domain (confidence level: 100%)
domaindftc360y.r2nkteh2.ru
ClearFake payload delivery domain (confidence level: 100%)
domainyabmmkny.r2nkteh2.ru
ClearFake payload delivery domain (confidence level: 100%)
domainnkomvdvv.r2nkteh2.ru
ClearFake payload delivery domain (confidence level: 100%)
domaindiv8r45h.pu7eer0d.ru
ClearFake payload delivery domain (confidence level: 100%)
domainks34dkft.pu7eer0d.ru
ClearFake payload delivery domain (confidence level: 100%)
domainnrx6vae6.pu7eer0d.ru
ClearFake payload delivery domain (confidence level: 100%)
domaino0m22pyf.pu7eer0d.ru
ClearFake payload delivery domain (confidence level: 100%)
domain8jy2rq0q.bohem1apred0m.ru
ClearFake payload delivery domain (confidence level: 100%)
domainf2gxwgbg.bohem1apred0m.ru
ClearFake payload delivery domain (confidence level: 100%)
domain6hcht7x5.bohem1apred0m.ru
ClearFake payload delivery domain (confidence level: 100%)
domaino7rlcblf.bohem1apred0m.ru
ClearFake payload delivery domain (confidence level: 100%)
domainnibiru3333.duckdns.org
Nanocore RAT botnet C2 domain (confidence level: 75%)
domaineisotb55.heh0vli8ht.ru
ClearFake payload delivery domain (confidence level: 100%)
domain2wz05npa.heh0vli8ht.ru
ClearFake payload delivery domain (confidence level: 100%)
domainbk8mrtzd.heh0vli8ht.ru
ClearFake payload delivery domain (confidence level: 100%)
domainlbjkxct4.heh0vli8ht.ru
ClearFake payload delivery domain (confidence level: 100%)
domainl1bsnifm.dep2rtmen0va.ru
ClearFake payload delivery domain (confidence level: 100%)
domain5p21lmj4.dep2rtmen0va.ru
ClearFake payload delivery domain (confidence level: 100%)
domain3w5r3wk1.dep2rtmen0va.ru
ClearFake payload delivery domain (confidence level: 100%)
domainv4oof0fy.dep2rtmen0va.ru
ClearFake payload delivery domain (confidence level: 100%)
domaindz9gfvy4.a5hsuper1or.ru
ClearFake payload delivery domain (confidence level: 100%)
domain8v1y8lrh.a5hsuper1or.ru
ClearFake payload delivery domain (confidence level: 100%)
domainymr7m49r.a5hsuper1or.ru
ClearFake payload delivery domain (confidence level: 100%)
domaink6ug314m.a5hsuper1or.ru
ClearFake payload delivery domain (confidence level: 100%)
domainmetavrze.com
KongTuke payload delivery domain (confidence level: 100%)
domaincjj0aler.f0refraterni5.ru
ClearFake payload delivery domain (confidence level: 100%)
domaind67ut0k6.f0refraterni5.ru
ClearFake payload delivery domain (confidence level: 100%)
domaint7sk4ia4.f0refraterni5.ru
ClearFake payload delivery domain (confidence level: 100%)
domainvghecu28.f0refraterni5.ru
ClearFake payload delivery domain (confidence level: 100%)
domainmch1h009.c2nd1esubject.ru
ClearFake payload delivery domain (confidence level: 100%)
domain5hjl1k36.c2nd1esubject.ru
ClearFake payload delivery domain (confidence level: 100%)
domainl0hkzeg7.c2nd1esubject.ru
ClearFake payload delivery domain (confidence level: 100%)
domain8viqlh72.c2nd1esubject.ru
ClearFake payload delivery domain (confidence level: 100%)
domain2b32noaw.impercepm0no8.ru
ClearFake payload delivery domain (confidence level: 100%)
domainzjr11tft.impercepm0no8.ru
ClearFake payload delivery domain (confidence level: 100%)
domainkk77dkmi.impercepm0no8.ru
ClearFake payload delivery domain (confidence level: 100%)
domainvxkap1bk.impercepm0no8.ru
ClearFake payload delivery domain (confidence level: 100%)
domain6xfyczud.b0utontran5fer.ru
ClearFake payload delivery domain (confidence level: 100%)
domain5uwinka9.b0utontran5fer.ru
ClearFake payload delivery domain (confidence level: 100%)
domainqyjqlxrj.b0utontran5fer.ru
ClearFake payload delivery domain (confidence level: 100%)
domaincvgekgnf.b0utontran5fer.ru
ClearFake payload delivery domain (confidence level: 100%)
domain93y3usks.cl0ud5tream.ru
ClearFake payload delivery domain (confidence level: 100%)
domainodokcrd9.cl0ud5tream.ru
ClearFake payload delivery domain (confidence level: 100%)
domainh650evc4.cl0ud5tream.ru
ClearFake payload delivery domain (confidence level: 100%)
domaingxcgn6lf.cl0ud5tream.ru
ClearFake payload delivery domain (confidence level: 100%)
domaindoancqli.windf1eld.ru
ClearFake payload delivery domain (confidence level: 100%)
domaine519nftb.windf1eld.ru
ClearFake payload delivery domain (confidence level: 100%)
domaintu6eo4za.windf1eld.ru
ClearFake payload delivery domain (confidence level: 100%)
domainonj3pw7c.windf1eld.ru
ClearFake payload delivery domain (confidence level: 100%)
domain7f6qkaoj.n1ghtsh0re.ru
ClearFake payload delivery domain (confidence level: 100%)
domainxwu3w4no.n1ghtsh0re.ru
ClearFake payload delivery domain (confidence level: 100%)
domain2wwhaoq1.n1ghtsh0re.ru
ClearFake payload delivery domain (confidence level: 100%)
domain6r7t5g36.n1ghtsh0re.ru
ClearFake payload delivery domain (confidence level: 100%)
domainwcmfioc9.mi5tpath.ru
ClearFake payload delivery domain (confidence level: 100%)
domain7rx3n03w.mi5tpath.ru
ClearFake payload delivery domain (confidence level: 100%)
domainaddpvqtn.mi5tpath.ru
ClearFake payload delivery domain (confidence level: 100%)
domainf7nm8f7u.mi5tpath.ru
ClearFake payload delivery domain (confidence level: 100%)
domainlyciemyh.mi5tpath.ru
ClearFake payload delivery domain (confidence level: 100%)
domainj8pyilr9.rainfail.ru
ClearFake payload delivery domain (confidence level: 100%)
domain7cuvr31b.rainfail.ru
ClearFake payload delivery domain (confidence level: 100%)
domain3uyvehbx.rainfail.ru
ClearFake payload delivery domain (confidence level: 100%)
domain3z2oj9ab.rainfail.ru
ClearFake payload delivery domain (confidence level: 100%)
domain50oxk787.rainfail.ru
ClearFake payload delivery domain (confidence level: 100%)
domaino5ypymeo.sun5tone.ru
ClearFake payload delivery domain (confidence level: 100%)
domainn35t4imn.sun5tone.ru
ClearFake payload delivery domain (confidence level: 100%)
domains7mur7b2.sun5tone.ru
ClearFake payload delivery domain (confidence level: 100%)
domainekei2n7i.sun5tone.ru
ClearFake payload delivery domain (confidence level: 100%)
domainof03juqh.sun5tone.ru
ClearFake payload delivery domain (confidence level: 100%)
domain1lnn4qxu.fr0stmirr0r.ru
ClearFake payload delivery domain (confidence level: 100%)
domain5vjkehxx.fr0stmirr0r.ru
ClearFake payload delivery domain (confidence level: 100%)
domainf81hf1gu.fr0stmirr0r.ru
ClearFake payload delivery domain (confidence level: 100%)
domainjnk9otsf.fr0stmirr0r.ru
ClearFake payload delivery domain (confidence level: 100%)
domainax8h9m7lf.localto.net
XWorm botnet C2 domain (confidence level: 100%)
domain85a24fyd.blu3c0ve.ru
ClearFake payload delivery domain (confidence level: 100%)
domain8yd0ulx3.blu3c0ve.ru
ClearFake payload delivery domain (confidence level: 100%)
domainhv9cn13u.blu3c0ve.ru
ClearFake payload delivery domain (confidence level: 100%)
domain5l6zy0pd.blu3c0ve.ru
ClearFake payload delivery domain (confidence level: 100%)
domain54lutvha.darkf0rm.ru
ClearFake payload delivery domain (confidence level: 100%)
domain4cr9o29p.darkf0rm.ru
ClearFake payload delivery domain (confidence level: 100%)
domainqhwiamqd.darkf0rm.ru
ClearFake payload delivery domain (confidence level: 100%)
domaintw7bcy6z.darkf0rm.ru
ClearFake payload delivery domain (confidence level: 100%)
domainey264gv6.5kylight.ru
ClearFake payload delivery domain (confidence level: 100%)
domaingubczc92.5kylight.ru
ClearFake payload delivery domain (confidence level: 100%)
domain10zseo44.5kylight.ru
ClearFake payload delivery domain (confidence level: 100%)
domain171f42aj.5kylight.ru
ClearFake payload delivery domain (confidence level: 100%)
domainji4shbmc.5hadowfiow.ru
ClearFake payload delivery domain (confidence level: 100%)
domainqp1u4hkw.5hadowfiow.ru
ClearFake payload delivery domain (confidence level: 100%)
domainws444w3h.5hadowfiow.ru
ClearFake payload delivery domain (confidence level: 100%)
domainal93cs24.5hadowfiow.ru
ClearFake payload delivery domain (confidence level: 100%)
domainmo1lzvar.5hadowfiow.ru
ClearFake payload delivery domain (confidence level: 100%)
domainqrlkhxv2.5hadowfiow.ru
ClearFake payload delivery domain (confidence level: 100%)
domain4c0ivjpf.5t0rmr1dge.ru
ClearFake payload delivery domain (confidence level: 100%)
domaing5ar9l6v.5t0rmr1dge.ru
ClearFake payload delivery domain (confidence level: 100%)
domainubjqtmom.5t0rmr1dge.ru
ClearFake payload delivery domain (confidence level: 100%)
domain7yq9kkyk.5t0rmr1dge.ru
ClearFake payload delivery domain (confidence level: 100%)
domain4j8feabv.bi8otz1on.ru
ClearFake payload delivery domain (confidence level: 100%)
domainjt5d8kku.bi8otz1on.ru
ClearFake payload delivery domain (confidence level: 100%)
domain7jzu3b8t.bi8otz1on.ru
ClearFake payload delivery domain (confidence level: 100%)
domain2i7bgqa2.bi8otz1on.ru
ClearFake payload delivery domain (confidence level: 100%)
domaini0992ejq.5t0rmr1dge.ru
ClearFake payload delivery domain (confidence level: 100%)
domainer9gvnqq.5t0rmr1dge.ru
ClearFake payload delivery domain (confidence level: 100%)
domains638zqw3.5t0rmr1dge.ru
ClearFake payload delivery domain (confidence level: 100%)
domainihfhrpxy.5t0rmr1dge.ru
ClearFake payload delivery domain (confidence level: 100%)
domain3zqouc0q.cl0udv1sta.ru
ClearFake payload delivery domain (confidence level: 100%)
domainq9c6enqm.cl0udv1sta.ru
ClearFake payload delivery domain (confidence level: 100%)
domainzb5c8o44.cl0udv1sta.ru
ClearFake payload delivery domain (confidence level: 100%)
domain5o8vbjbm.cl0udv1sta.ru
ClearFake payload delivery domain (confidence level: 100%)
domainckhok15r.wind5tone.ru
ClearFake payload delivery domain (confidence level: 100%)
domainbp9zik7i.wind5tone.ru
ClearFake payload delivery domain (confidence level: 100%)
domain1xucln9y.wind5tone.ru
ClearFake payload delivery domain (confidence level: 100%)
domain3bvphmwg.wind5tone.ru
ClearFake payload delivery domain (confidence level: 100%)
domainpqhsef86.blu3field.ru
ClearFake payload delivery domain (confidence level: 100%)
domainec0fh86q.blu3field.ru
ClearFake payload delivery domain (confidence level: 100%)
domainrq5aflxn.blu3field.ru
ClearFake payload delivery domain (confidence level: 100%)
domain2tfg15f1.blu3field.ru
ClearFake payload delivery domain (confidence level: 100%)

Threat ID: 69544e27b932a5a22ffaf0f8

Added to database: 12/30/2025, 10:11:51 PM

Last enriched: 12/30/2025, 10:15:02 PM

Last updated: 2/5/2026, 7:41:23 PM

Views: 132

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Related Threats

SystemBC Infects 10,000 Devices After Defying Law Enforcement Takedown

Medium
MalwareThu Feb 05 2026

They Got In Through SonicWall. Then They Tried to Kill Every Security Tool

Medium
MalwareThu Feb 05 2026

DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files

Medium
MalwareThu Feb 05 2026

ThreatFox IOCs for 2026-02-04

Medium
MalwareThu Feb 05 2026

The Godfather of Ransomware? Inside Cartel Ambitions

Medium
MalwareWed Feb 04 2026

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need more coverage?

Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats