Skip to main content
Threat Radar animated logo
DashboardThreatsMapFeedsAPILifetime Access
reconnecting
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

ThreatFox IOCs for 2026-01-11

0
Medium
Malwaretype:osinttlp:white
Published: Sun Jan 11 2026 (01/11/2026, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2026-01-11

AI-Powered Analysis

AILast updated: 01/12/2026, 00:08:13 UTC

Technical Analysis

The provided information describes a set of Indicators of Compromise (IOCs) published on 2026-01-11 by the ThreatFox MISP feed, focusing on malware-related activities involving OSINT (Open Source Intelligence), payload delivery, and network activity. The entry does not specify affected software versions or products, indicating that it is likely a collection of threat intelligence rather than a vulnerability or exploit targeting a specific system. The threat level is rated as medium, with no known exploits in the wild and no patches available, suggesting that this intelligence is either preliminary or related to observed malicious infrastructure or campaigns rather than active exploitation. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, which may imply moderate confidence and dissemination of the indicators. The absence of CWEs and CVEs further supports that this is an intelligence update rather than a direct vulnerability report. The tags and categories emphasize OSINT and network activity, pointing to potential reconnaissance or initial stages of payload delivery in cyberattack chains. The lack of concrete indicators in the provided data limits the ability to perform a detailed technical dissection, but the information serves as a situational awareness update for security teams to incorporate into their threat hunting and monitoring processes.

Potential Impact

For European organizations, the impact of this threat is currently limited due to the absence of known active exploits or specific affected systems. However, the focus on OSINT and network activity suggests potential reconnaissance or preparatory stages for more targeted attacks, which could lead to data exfiltration, unauthorized access, or disruption if followed by successful payload delivery. Organizations relying heavily on OSINT tools or with exposed network services might be more susceptible to reconnaissance activities that precede more severe attacks. The medium severity rating indicates a moderate risk that should not be ignored, especially for critical infrastructure, government entities, and sectors with high-value data. The lack of patches or direct mitigation measures means that defensive strategies must rely on detection, monitoring, and incident response readiness. If threat actors leverage these IOCs effectively, there could be an increased risk of intrusion attempts or malware deployment, impacting confidentiality, integrity, and availability of systems.

Mitigation Recommendations

Given the nature of this threat intelligence update, European organizations should focus on enhancing their threat detection and monitoring capabilities. Specific recommendations include: 1) Integrate the provided IOCs into Security Information and Event Management (SIEM) systems and Endpoint Detection and Response (EDR) tools to identify potential malicious activity early. 2) Conduct regular network traffic analysis to detect unusual payload delivery attempts or reconnaissance behaviors. 3) Strengthen OSINT tool usage policies and monitor for suspicious queries or data access patterns. 4) Implement strict network segmentation and access controls to limit lateral movement if an intrusion occurs. 5) Maintain up-to-date threat intelligence feeds and collaborate with information sharing groups to stay informed about evolving threats. 6) Train security teams to recognize early indicators of compromise related to OSINT and network activity. 7) Prepare incident response plans that include scenarios involving payload delivery and network-based attacks. These measures go beyond generic advice by emphasizing proactive detection and operational readiness in the absence of direct patches or known exploits.

Affected Countries

GermanyGermany
FranceFrance
United KingdomUnited Kingdom
NetherlandsNetherlands
ItalyItaly
SpainSpain
Need more detailed analysis?Upgrade to Pro Console

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
aa948e09-a109-476c-9838-cbe6269f3e91
Original Timestamp
1768176187

Indicators of Compromise

Url

ValueDescriptionCopy
urlhttps://iamdavidachom.com/tentrady-confirmation/
Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://cdn.jsdelivr.net/gh/token-issuer-svc/api80-1int-m35461/jhjfjj
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://cdn.jsdelivr.net/gh/token-issuer-svc/api80-1int-m35461/b12
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://cdn.jsdelivr.net/gh/token-issuer-svc/s3/back
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://cdn.jsdelivr.net/gh/token-issuer-svc/s3/boom
ClearFake payload delivery URL (confidence level: 100%)
urlhttp://77.110.102.154/ce369e7324834845.php
Stealc botnet C2 (confidence level: 100%)
urlhttps://cdn.jsdelivr.net/gh/id-core-rs-com/err2/local
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://cdn.jsdelivr.net/gh/token-id-4-api/api50-mint-ok/fl
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://cdn.jsdelivr.net/gh/id-core-rs-com/power2/fast
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://cdn.jsdelivr.net/gh/browse-via-api/fb-api-keys/keys
ClearFake payload delivery URL (confidence level: 100%)
urlhttp://194.164.34.182
Stealc botnet C2 (confidence level: 100%)
urlhttps://cdn.jsdelivr.net/gh/token-issuer-svc/7cdtdbq6uewmq5/bn9
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://cdn.jsdelivr.net/gh/token-issuer-svc/7cdtdbq6uewmq5/tem46
ClearFake payload delivery URL (confidence level: 100%)
urlhttp://69.164.242.27:3000/auth
Unknown malware botnet C2 (confidence level: 100%)
urlhttps://whitegambit.com:8080/auth
Unknown malware botnet C2 (confidence level: 100%)
urlhttps://cdn.jsdelivr.net/gh/az2-prd-rs01/canary-bg01/ufo
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://cdn.jsdelivr.net/gh/az2-prd-rs01/canary-bg01/echo
ClearFake payload delivery URL (confidence level: 100%)
urlhttp://k0d3in.myftp.org/webpanel/pages/login.php
Unknown malware botnet C2 (confidence level: 100%)
urlhttps://evih.scamfreeweb.com/webpanel/
Unknown malware botnet C2 (confidence level: 100%)
urlhttps://cdn.jsdelivr.net/gh/az2-prd-rs01/canary-bg01/add-48
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://cdn.jsdelivr.net/gh/az2-prd-rs01/s3-backet-cloud73-s1/final
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://cdn.jsdelivr.net/gh/az2-prd-rs01/s3-backet-cloud73-s1/gfn-srvc
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://cdn.jsdelivr.net/gh/service28-discovery-registr/fexw8qvyvqj8qe-identity-token-issuer/trc20
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://cdn.jsdelivr.net/gh/service28-discovery-registr/fexw8qvyvqj8qe-identity-token-issuer/set1
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://cdn.jsdelivr.net/gh/service28-discovery-registr/fexw8qvyvqj8qe-identity-token-issuer/outh
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://cdn.jsdelivr.net/gh/service28-discovery-registr/fexw8qvyvqj8qe-identity-token-issuer/oiaaai
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://cdn.jsdelivr.net/gh/service28-discovery-registr/n-state-manager-cache128/sdvvv12
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://cdn.jsdelivr.net/gh/service28-discovery-registr/n-state-manager-cache128/jpg
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://cdn.jsdelivr.net/gh/service28-discovery-registr/n-state-manager-cache128/load
ClearFake payload delivery URL (confidence level: 100%)

File

ValueDescriptionCopy
file138.124.89.194
Stealc botnet C2 server (confidence level: 100%)
file107.189.24.255
SectopRAT botnet C2 server (confidence level: 100%)
file54.168.37.22
Brute Ratel C4 botnet C2 server (confidence level: 100%)
file182.254.168.212
AdaptixC2 botnet C2 server (confidence level: 100%)
file54.236.229.118
Meterpreter botnet C2 server (confidence level: 100%)
file54.236.229.118
Meterpreter botnet C2 server (confidence level: 100%)
file54.236.229.118
Meterpreter botnet C2 server (confidence level: 100%)
file54.236.229.118
Meterpreter botnet C2 server (confidence level: 100%)
file103.177.47.76
Meterpreter botnet C2 server (confidence level: 100%)
file199.101.111.34
Meterpreter botnet C2 server (confidence level: 100%)
file18.188.140.51
Nanocore RAT botnet C2 server (confidence level: 75%)
file43.157.212.233
ValleyRAT botnet C2 server (confidence level: 100%)
file137.175.16.1
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.196.11.235
Sliver botnet C2 server (confidence level: 100%)
file184.174.32.240
Sliver botnet C2 server (confidence level: 100%)
file51.195.201.251
Unknown malware botnet C2 server (confidence level: 100%)
file195.24.237.166
Havoc botnet C2 server (confidence level: 100%)
file185.76.242.166
DCRat botnet C2 server (confidence level: 100%)
file199.101.111.41
Meterpreter botnet C2 server (confidence level: 100%)
file196.75.135.191
Meterpreter botnet C2 server (confidence level: 100%)
file54.236.229.118
Meterpreter botnet C2 server (confidence level: 100%)
file85.203.4.143
XWorm botnet C2 server (confidence level: 100%)
file90.165.55.41
Quasar RAT botnet C2 server (confidence level: 100%)
file5.175.136.77
Quasar RAT botnet C2 server (confidence level: 100%)
file43.157.212.233
ValleyRAT botnet C2 server (confidence level: 100%)
file43.157.212.233
ValleyRAT botnet C2 server (confidence level: 100%)
file45.156.87.158
Mirai botnet C2 server (confidence level: 80%)
file87.121.112.124
Mirai botnet C2 server (confidence level: 80%)
file185.208.159.209
AsyncRAT botnet C2 server (confidence level: 100%)
file54.158.147.232
Meterpreter botnet C2 server (confidence level: 100%)
file38.14.250.196
Cobalt Strike botnet C2 server (confidence level: 100%)
file39.97.62.187
Cobalt Strike botnet C2 server (confidence level: 100%)
file182.92.132.195
Cobalt Strike botnet C2 server (confidence level: 100%)
file83.229.123.61
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.134.120.6
ValleyRAT botnet C2 server (confidence level: 100%)
file148.178.40.170
DeimosC2 botnet C2 server (confidence level: 75%)
file148.178.48.116
DeimosC2 botnet C2 server (confidence level: 75%)
file148.178.51.44
DeimosC2 botnet C2 server (confidence level: 75%)
file148.178.56.139
DeimosC2 botnet C2 server (confidence level: 75%)
file148.178.65.38
DeimosC2 botnet C2 server (confidence level: 75%)
file148.178.66.103
DeimosC2 botnet C2 server (confidence level: 75%)
file148.178.69.17
DeimosC2 botnet C2 server (confidence level: 75%)
file148.178.69.241
DeimosC2 botnet C2 server (confidence level: 75%)
file148.178.71.239
DeimosC2 botnet C2 server (confidence level: 75%)
file148.178.77.92
DeimosC2 botnet C2 server (confidence level: 75%)
file148.178.79.57
DeimosC2 botnet C2 server (confidence level: 75%)
file148.178.82.238
DeimosC2 botnet C2 server (confidence level: 75%)
file148.178.83.19
DeimosC2 botnet C2 server (confidence level: 75%)
file148.178.92.67
DeimosC2 botnet C2 server (confidence level: 75%)
file207.56.193.158
DeimosC2 botnet C2 server (confidence level: 75%)
file207.56.201.147
DeimosC2 botnet C2 server (confidence level: 75%)
file207.56.205.87
DeimosC2 botnet C2 server (confidence level: 75%)
file207.56.215.40
DeimosC2 botnet C2 server (confidence level: 75%)
file5.75.200.211
DeimosC2 botnet C2 server (confidence level: 75%)
file216.158.235.14
Unknown malware botnet C2 server (confidence level: 100%)
file102.117.170.125
Unknown malware botnet C2 server (confidence level: 100%)
file158.247.255.98
Unknown malware botnet C2 server (confidence level: 100%)
file45.156.87.73
MooBot botnet C2 server (confidence level: 100%)
file8.215.205.13
Unknown malware botnet C2 server (confidence level: 100%)
file168.119.214.202
Unknown malware botnet C2 server (confidence level: 100%)
file85.215.187.75
Chaos botnet C2 server (confidence level: 100%)
file43.134.120.6
ValleyRAT botnet C2 server (confidence level: 100%)
file154.73.110.37
Unknown malware botnet C2 server (confidence level: 100%)
file43.134.120.6
ValleyRAT botnet C2 server (confidence level: 100%)
file139.196.206.174
VShell botnet C2 server (confidence level: 100%)
file69.164.242.27
Unknown malware botnet C2 server (confidence level: 100%)
file109.107.177.135
Unknown malware botnet C2 server (confidence level: 100%)
file45.81.113.180
Unknown malware botnet C2 server (confidence level: 100%)
file146.235.201.30
Cobalt Strike botnet C2 server (confidence level: 75%)
file103.205.253.87
Ghost RAT botnet C2 server (confidence level: 100%)
file185.222.58.38
RedLine Stealer botnet C2 server (confidence level: 100%)
file154.26.214.161
Cobalt Strike botnet C2 server (confidence level: 100%)
file173.211.106.21
Remcos botnet C2 server (confidence level: 100%)
file111.230.19.96
Unknown malware botnet C2 server (confidence level: 100%)
file23.26.129.180
Remcos botnet C2 server (confidence level: 100%)
file111.48.234.110
DeimosC2 botnet C2 server (confidence level: 75%)
file136.0.157.158
AsyncRAT botnet C2 server (confidence level: 75%)
file148.178.43.87
DeimosC2 botnet C2 server (confidence level: 75%)
file148.178.44.227
DeimosC2 botnet C2 server (confidence level: 75%)
file148.178.70.49
DeimosC2 botnet C2 server (confidence level: 75%)
file148.178.71.71
DeimosC2 botnet C2 server (confidence level: 75%)
file148.178.83.49
DeimosC2 botnet C2 server (confidence level: 75%)
file148.178.85.246
DeimosC2 botnet C2 server (confidence level: 75%)
file148.178.87.48
DeimosC2 botnet C2 server (confidence level: 75%)
file148.178.89.46
DeimosC2 botnet C2 server (confidence level: 75%)
file18.190.71.162
DeimosC2 botnet C2 server (confidence level: 75%)
file207.56.192.203
DeimosC2 botnet C2 server (confidence level: 75%)
file207.56.195.76
DeimosC2 botnet C2 server (confidence level: 75%)
file3.209.181.254
DeimosC2 botnet C2 server (confidence level: 75%)
file99.83.220.247
DeimosC2 botnet C2 server (confidence level: 75%)
file83.217.209.11
PureLogs Stealer botnet C2 server (confidence level: 100%)
file91.92.240.211
Remcos botnet C2 server (confidence level: 100%)
file185.11.61.223
SectopRAT botnet C2 server (confidence level: 100%)
file96.9.124.110
Havoc botnet C2 server (confidence level: 100%)
file18.212.247.86
Meterpreter botnet C2 server (confidence level: 100%)
file18.212.247.86
Meterpreter botnet C2 server (confidence level: 100%)
file3.86.33.166
Meterpreter botnet C2 server (confidence level: 100%)
file95.81.123.133
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file185.222.58.40
RedLine Stealer botnet C2 server (confidence level: 100%)
file100.51.239.164
Nimplant botnet C2 server (confidence level: 100%)
file52.21.176.23
Unknown malware botnet C2 server (confidence level: 100%)

Hash

ValueDescriptionCopy
hash80
Stealc botnet C2 server (confidence level: 100%)
hash9000
SectopRAT botnet C2 server (confidence level: 100%)
hash80
Brute Ratel C4 botnet C2 server (confidence level: 100%)
hash30586
AdaptixC2 botnet C2 server (confidence level: 100%)
hash9301
Meterpreter botnet C2 server (confidence level: 100%)
hash9601
Meterpreter botnet C2 server (confidence level: 100%)
hash11101
Meterpreter botnet C2 server (confidence level: 100%)
hash20001
Meterpreter botnet C2 server (confidence level: 100%)
hash3790
Meterpreter botnet C2 server (confidence level: 100%)
hash3790
Meterpreter botnet C2 server (confidence level: 100%)
hash943
Nanocore RAT botnet C2 server (confidence level: 75%)
hash45
ValleyRAT botnet C2 server (confidence level: 100%)
hash8896
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Sliver botnet C2 server (confidence level: 100%)
hash9000
Sliver botnet C2 server (confidence level: 100%)
hash3443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash7777
DCRat botnet C2 server (confidence level: 100%)
hash3790
Meterpreter botnet C2 server (confidence level: 100%)
hash2222
Meterpreter botnet C2 server (confidence level: 100%)
hash9201
Meterpreter botnet C2 server (confidence level: 100%)
hash7000
XWorm botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash5000
Quasar RAT botnet C2 server (confidence level: 100%)
hash443
ValleyRAT botnet C2 server (confidence level: 100%)
hash442
ValleyRAT botnet C2 server (confidence level: 100%)
hash3884
Mirai botnet C2 server (confidence level: 80%)
hash911
Mirai botnet C2 server (confidence level: 80%)
hash8080
AsyncRAT botnet C2 server (confidence level: 100%)
hash5176
Meterpreter botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash7777
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
ValleyRAT botnet C2 server (confidence level: 100%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash8443
DeimosC2 botnet C2 server (confidence level: 75%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash812
Unknown malware botnet C2 server (confidence level: 100%)
hash9090
Chaos botnet C2 server (confidence level: 100%)
hash442
ValleyRAT botnet C2 server (confidence level: 100%)
hash2024
Unknown malware botnet C2 server (confidence level: 100%)
hash45
ValleyRAT botnet C2 server (confidence level: 100%)
hash50012
VShell botnet C2 server (confidence level: 100%)
hash3000
Unknown malware botnet C2 server (confidence level: 100%)
hash8000
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash53
Cobalt Strike botnet C2 server (confidence level: 75%)
hash54111
Ghost RAT botnet C2 server (confidence level: 100%)
hash55615
RedLine Stealer botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash24053
Remcos botnet C2 server (confidence level: 100%)
hash10250
DeimosC2 botnet C2 server (confidence level: 75%)
hash6606
AsyncRAT botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash7705
PureLogs Stealer botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash15647
SectopRAT botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash1962
Meterpreter botnet C2 server (confidence level: 100%)
hash2762
Meterpreter botnet C2 server (confidence level: 100%)
hash2456
Meterpreter botnet C2 server (confidence level: 100%)
hash2040
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash55615
RedLine Stealer botnet C2 server (confidence level: 100%)
hash443
Nimplant botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)

Domain

ValueDescriptionCopy
domainnewunveiled.com
Havoc botnet C2 domain (confidence level: 100%)
domaineticaret.yonlendir.cfd
Havoc botnet C2 domain (confidence level: 100%)
domaine-konutbasvuruekran.sbs
Havoc botnet C2 domain (confidence level: 100%)
domainsosyalkonut.cfd
Havoc botnet C2 domain (confidence level: 100%)
domaintoki.sosyalkonutunuz.cfd
Havoc botnet C2 domain (confidence level: 100%)
domainsosyalkonutprojesi.sbs
Havoc botnet C2 domain (confidence level: 100%)
domaintoki.konutbasvurutr.cfd
Havoc botnet C2 domain (confidence level: 100%)
domaingd0.com.co
Unknown malware botnet C2 domain (confidence level: 100%)
domainpromole16.ddns.net
Unknown RAT botnet C2 domain (confidence level: 100%)
domainrehumedece.ru.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domaintamilrockers.gr.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainwabnewszamanpaper22.za.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domain58win8.in.net
AsyncRAT botnet C2 domain (confidence level: 75%)
domain8xx.it.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainnobrains.localto.net
XWorm botnet C2 domain (confidence level: 100%)
domainexveyra-52557.portmap.host
XWorm botnet C2 domain (confidence level: 100%)
domainqueijoz-38545.portmap.host
XWorm botnet C2 domain (confidence level: 100%)
domainremgreat2740.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domainholdremco.bumbleshrimp.com
Remcos botnet C2 domain (confidence level: 100%)
domainguarderia.hopto.org
CyberGate botnet C2 domain (confidence level: 100%)
domainbacan4d.jp.net
AsyncRAT botnet C2 domain (confidence level: 75%)
domaincrwqin.ru.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainmdf.uk.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainxar.uk.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainubdofr.sa.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainns1.mhtmzl.top
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainns2.mhtmzl.top
Cobalt Strike botnet C2 domain (confidence level: 75%)
domaineqp.lol
Unknown Stealer botnet C2 domain (confidence level: 100%)
domain789bet-trangchu.vip
AsyncRAT botnet C2 domain (confidence level: 75%)
domainalloparentsbebe.org
AsyncRAT botnet C2 domain (confidence level: 75%)
domainokvip168th.net
AsyncRAT botnet C2 domain (confidence level: 75%)
domainopen88top1.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainxacmgm.za.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domain58win.ae.org
AsyncRAT botnet C2 domain (confidence level: 75%)
domain8xx00.cn.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domaincort.uk.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainfcw.br.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainyqs.uk.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainaf88.cn.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainaf88.eu.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainaf88.jpn.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainaf88.uk.net
AsyncRAT botnet C2 domain (confidence level: 75%)
domainaf88.us.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainportal.de.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domain58win1.it.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainaf88.co.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainirbjlv.sa.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainknownsmianespecially.sa.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainuco.it.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainda88.in.net
Quasar RAT botnet C2 domain (confidence level: 75%)
domainhamo1221-54107.portmap.host
XWorm botnet C2 domain (confidence level: 100%)
domain9ju3rdlvz.localto.net
XWorm botnet C2 domain (confidence level: 100%)
domaind1.qwertyx.host
XWorm botnet C2 domain (confidence level: 100%)
domainbaba-asliiiii-20.sa.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainwww.petro-chem.uk.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainwww.58win.hu.net
AsyncRAT botnet C2 domain (confidence level: 100%)
domainbiglobe-auth.jp.net
AsyncRAT botnet C2 domain (confidence level: 100%)
domaindeltaone.ddns.net
Quasar RAT botnet C2 domain (confidence level: 100%)
domainhssshsh-33054.portmap.host
SpyNote botnet C2 domain (confidence level: 100%)
domainartemmakarov-30233.portmap.host
SpyNote botnet C2 domain (confidence level: 100%)
domainwmware.no-ip.biz
CyberGate botnet C2 domain (confidence level: 100%)

Threat ID: 69643b57da2266e838ab12c0

Added to database: 1/12/2026, 12:07:51 AM

Last enriched: 1/12/2026, 12:08:13 AM

Last updated: 1/12/2026, 3:58:42 AM

Views: 5

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Related Threats

ThreatFox IOCs for 2026-01-10

Medium
MalwareSun Jan 11 2026

ThreatFox IOCs for 2026-01-09

Medium
MalwareSat Jan 10 2026

Threat Research: PHALT#BLYX: Fake BSODs and Trusted Build Tools

Medium
MalwareFri Jan 09 2026

Reborn in Rust: MuddyWater Evolves Tooling with RustyWater Implant

Medium
MalwareFri Jan 09 2026

Guloader Malware Being Disguised as Employee Performance Reports

Medium
MalwareFri Jan 09 2026

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need more coverage?

Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats