Reconnecting to live updates…

ThreatFox IOCs for 2026-01-18

Severity: mediumType: malware

AI Analysis

Technical Summary

The provided information pertains to a malware-related threat intelligence update from the ThreatFox MISP feed dated January 18, 2026. The entry is classified under OSINT (Open Source Intelligence), payload delivery, and network activity categories, indicating that it involves indicators useful for detecting malware delivery mechanisms and associated network behaviors. The absence of specific affected product versions or known exploits in the wild suggests that this is an intelligence collection rather than a report of an active or novel vulnerability. The threat level is rated as 2 on an unspecified scale, with distribution rated at 3, implying moderate dissemination or relevance. The technical details do not include concrete IOCs or attack vectors, which limits the ability to perform targeted defensive actions. The medium severity rating reflects a balanced view of potential risk without immediate evidence of widespread exploitation. This intelligence is primarily useful for security teams to update detection rules, enrich threat hunting datasets, and improve situational awareness regarding malware payload delivery and network activity patterns. The lack of patches or fixes indicates that this is not a vulnerability per se but rather a threat intelligence update to aid in defense.

Potential Impact

For European organizations, the impact of this threat is primarily related to the potential for malware delivery and network-based compromise if the indicators are relevant to their environments. Although no active exploits or specific vulnerabilities are identified, the presence of new IOCs can help attackers evade detection if organizations do not update their threat intelligence and monitoring tools accordingly. Failure to incorporate these IOCs into security controls could lead to delayed detection of malware infections, resulting in data breaches, operational disruption, or lateral movement within networks. The medium severity suggests that while the threat is not immediately critical, it warrants attention to prevent escalation. Organizations in sectors with high exposure to malware campaigns, such as finance, critical infrastructure, and government, may face increased risk if they do not proactively integrate this intelligence. Additionally, the lack of patches means that defensive measures must focus on detection and response rather than remediation of a software flaw.

Mitigation Recommendations

European organizations should integrate the provided IOCs into their existing security information and event management (SIEM) systems and endpoint detection and response (EDR) tools to enhance detection capabilities. Regularly updating threat intelligence feeds, including ThreatFox and MISP, is essential to maintain situational awareness. Network monitoring should be intensified to identify suspicious payload delivery attempts and anomalous network activity consistent with the indicators. Conducting threat hunting exercises using the new IOCs can help identify latent infections or ongoing attacks. Organizations should also ensure that their incident response teams are prepared to analyze and respond to malware infections promptly. Since no patches are available, emphasis should be placed on hardening network segmentation, enforcing least privilege access, and maintaining up-to-date backups to mitigate potential damage from malware infections. Employee awareness training on phishing and social engineering remains critical to reduce the risk of initial compromise via payload delivery.

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy

Indicators of Compromise

url: https://ownvitality.xsrv.jp/
url: https://qualitylivingpm.com/
url: https://polbath.co.uk/
url: https://primaveraveiculos.com.imagineweb.dev.br/
url: https://planocreativo.com/
url: https://ramyjuicy-109c437.ingress-haven.ewp.live/
url: https://residencialgolapa.com.br/
url: https://pola-koko288.baby/
url: https://private.kusherp.com/
url: https://ppsac.com/
url: https://service.master-ok.net/
url: https://robertevans.retirevillage.com/
url: https://safridi.ictclients.site/
url: https://ragdoll-blog.online/
url: https://sleeve.diamantflex.com/
url: https://shop.intermusica.pe/
url: https://stephan-mielke.de/
url: https://tinklapiuprieziura.lt/
url: https://tottenhamtraders.co.uk/
url: https://sushilanepal.com.np.nepalpaymentshub.com/
url: https://theapptrix.com/
url: https://toolspro.su/
url: https://traqc.net/
url: https://web.serenichron.com/
url: https://website-927187ff.khl.exm.mybluehost.me/
url: https://toyama-housenavi.net/
url: https://videoo.fit/
url: https://viraghagymafesztival.hu/
url: https://zestsolar.pt/
url: https://zoloh.starlandhotel.com/
url: https://zoolatours.com/
url: http://103.233.8.39:8888/supershell/login/
url: http://130.12.182.91/pages/login.php
url: https://petrozavodsk.logomebel.ru/
url: http://91.92.243.254/young2/five/pvqdq929bsx_a_d_m1n_a.php
url: http://91.92.243.254/young1/five/pvqdq929bsx_a_d_m1n_a.php
file: 138.124.108.212
hash: 80
file: 82.130.136.50
hash: 8181
file: 103.79.79.105
hash: 8444
file: 217.216.48.9
hash: 8808
file: 54.204.117.176
hash: 443
file: 139.177.205.92
hash: 1337
file: 193.161.193.99
hash: 31554
url: https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/state-sync-prototype/streaming-system-r1
file: 213.176.73.149
hash: 80
domain: webcloudplt2.oss-cn-shanghai.aliyuncs.com
url: https://saboresdomalte.com.br/
file: 56.124.34.57
hash: 443
file: 95.9.236.229
hash: 2004
file: 94.154.35.73
hash: 6606
file: 54.226.241.245
hash: 443
file: 5.231.58.129
hash: 80
file: 45.156.87.145
hash: 1337
file: 52.207.40.52
hash: 20511
file: 52.207.40.52
hash: 1911
file: 52.207.40.52
hash: 1961
file: 52.207.40.52
hash: 5061
url: http://173.214.162.172/e2c6d26eac3d49d5.php
url: https://cdn.jsdelivr.net/gh/strict-knoll-interface/difficult-kitty-tp1/garden
url: https://cdn.jsdelivr.net/gh/strict-knoll-interface/difficult-kitty-tp1/grape2
url: https://website-cd9a3473.khl.exm.mybluehost.me/
domain: fljdslfjdsf-57814.portmap.host
domain: matvey-41302.portmap.host
file: 79.250.143.165
hash: 55667
domain: ou6161.com
domain: ou6262.com
domain: ou6363.com
url: http://213.176.73.149
file: 172.86.127.205
hash: 80
file: 23.145.4.164
hash: 4444
url: http://103.246.247.118:8888/supershell/login/
file: 192.142.4.232
hash: 2404
file: 137.220.136.9
hash: 444
file: 45.158.230.43
hash: 808
file: 103.177.47.128
hash: 3790
file: 103.177.47.127
hash: 3790
file: 123.57.34.41
hash: 80
file: 146.190.127.20
hash: 8888
file: 148.178.76.23
hash: 443
file: 148.178.80.14
hash: 443
file: 148.178.80.5
hash: 443
file: 154.12.94.210
hash: 9001
file: 169.40.135.48
hash: 8080
file: 188.23.171.202
hash: 8000
file: 193.123.235.201
hash: 8384
file: 200.40.131.89
hash: 443
file: 207.56.196.89
hash: 443
file: 23.94.28.185
hash: 8888
file: 31.13.195.74
hash: 8443
file: 45.143.167.7
hash: 443
file: 45.84.196.137
hash: 8888
file: 52.223.43.230
hash: 8022
file: 64.23.231.32
hash: 8888
file: 67.213.212.5
hash: 8888
file: 8.138.184.79
hash: 8888
file: 84.247.168.191
hash: 21
file: 86.48.5.53
hash: 8888
url: https://cdn.jsdelivr.net/gh/strict-knoll-interface/difficult-kitty-tp1/brave2
url: https://threenetragroup.kusherp.com/
url: https://tylerbosch.retirevillage.com/
url: https://zelenograd.logomebel.ru/
file: 134.236.49.2
hash: 30349
file: 165.22.24.103
hash: 3333
file: 51.178.26.113
hash: 3333
file: 38.55.194.146
hash: 2020
file: 142.93.211.197
hash: 3333
file: 167.86.68.180
hash: 3333
file: 92.205.30.62
hash: 443
domain: ba.za.com
domain: bfcg5.ru.com
domain: forums.uk.net
domain: haf.uk.com
domain: hz88-bet.vip
domain: keramogranit.ru.com
domain: nqxuvd.za.com
domain: stileunico.it.com
domain: wwc.uk.com
domain: xszcuj.sa.com
domain: yrbaidu.za.com
url: https://wp.retirevillage.com/
url: https://cdn.jsdelivr.net/gh/strict-knoll-interface/difficult-kitty-tp1/pink
file: 158.94.210.95
hash: 2404
file: 212.95.55.76
hash: 2404
file: 137.220.136.161
hash: 444
file: 137.220.136.171
hash: 444
file: 102.98.115.42
hash: 443
file: 146.19.191.131
hash: 23
file: 54.82.101.215
hash: 2080
file: 54.82.101.215
hash: 56430
url: https://cdn.jsdelivr.net/gh/strict-knoll-interface/inc-meme-clock57/blade75
file: 162.212.157.107
hash: 23
file: 179.43.189.17
hash: 9443
file: 49.213.132.153
hash: 4444
domain: asphoau.cyou
domain: galleqi.cyou
domain: crossat.cyou
domain: hanggxx.cyou
domain: requieiy.cyou
domain: traumadj.cyou
domain: sakuratea.cfd
file: 89.125.48.125
hash: 1443
url: http://astrologickeconoablos.cc:8080/updater?for=0aa6b9f07a5b27b2069c137c69ec91eb
domain: borinakis.fun
file: 88.210.12.95
hash: 9000
file: 146.190.155.26
hash: 7443
file: 86.54.42.229
hash: 5000
file: 58.244.41.125
hash: 10001
file: 98.93.142.191
hash: 6514
url: https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/networked-transform-sync-srv13/lightweight-ecs-500
domain: jlgwbfxtol.a.pinggy.link
domain: abdulraheem6-50903.portmap.host
domain: slze8kkuh.localto.net
domain: quasarrat220-24487.portmap.io
file: 154.36.161.109
hash: 32111
file: 154.36.161.109
hash: 32222
file: 154.36.161.109
hash: 32333
domain: yxtu8a6fk.localto.net
domain: dxp4s2ibc.localto.net
domain: brodyy-39471.portmap.host
domain: hytagow69.localto.net
domain: pymrweslf.localto.net
domain: 181.ip.gl.ply.gg
domain: v9oe2nsym.localto.net
domain: aet2fkdj7.localto.net
file: 1.161.90.202
hash: 443
file: 148.178.39.55
hash: 443
file: 148.178.42.151
hash: 443
file: 148.178.58.153
hash: 443
file: 148.178.80.187
hash: 443
file: 103.181.134.186
hash: 5552
file: 159.65.156.200
hash: 8080
file: 159.203.164.101
hash: 443
domain: buildnetcrew.com
domain: fgwqojpr.buildnetcrew.com
domain: incelcuck.duckdns.org
url: https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/networked-transform-sync-srv13/grv-matchmaking-l1
file: 193.106.196.128
hash: 1964
domain: cyberplg.cyou
file: 130.12.182.167
hash: 5000
domain: 2c48hup.uk.com
domain: 2co7rrv.uk.com
domain: 78win.ru.com
domain: granitfliesen.de.com
domain: mb66znet.com
domain: shbet-casino.co
domain: titth.za.com
domain: zqqhyp.sa.com
domain: etvidanueva.com
domain: api.loseallyour.money
url: https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/systems-win64-sandbox/tick-based77
domain: vn168a.link
file: 82.147.84.54
hash: 443
file: 60.205.131.83
hash: 443
file: 47.83.182.237
hash: 20000
file: 51.83.254.62
hash: 445
file: 158.94.210.195
hash: 7777
file: 158.94.210.195
hash: 8008
file: 164.92.164.71
hash: 443
file: 186.169.75.2
hash: 1313
file: 154.201.94.141
hash: 443
file: 77.110.112.91
hash: 8888
file: 44.195.207.182
hash: 443
file: 203.145.168.114
hash: 443
file: 51.254.143.243
hash: 3333
file: 54.215.193.232
hash: 8080
file: 118.107.26.200
hash: 8084

ThreatFox IOCs for 2026-01-18

Severity: medium

Type: malware

ThreatFox IOCs for 2026-01-18

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy

Indicators of Compromise

url: https://ownvitality.xsrv.jp/
url: https://qualitylivingpm.com/
url: https://polbath.co.uk/
url: https://primaveraveiculos.com.imagineweb.dev.br/
url: https://planocreativo.com/
url: https://ramyjuicy-109c437.ingress-haven.ewp.live/
url: https://residencialgolapa.com.br/
url: https://pola-koko288.baby/
url: https://private.kusherp.com/
url: https://ppsac.com/
url: https://service.master-ok.net/
url: https://robertevans.retirevillage.com/
url: https://safridi.ictclients.site/
url: https://ragdoll-blog.online/
url: https://sleeve.diamantflex.com/
url: https://shop.intermusica.pe/
url: https://stephan-mielke.de/
url: https://tinklapiuprieziura.lt/
url: https://tottenhamtraders.co.uk/
url: https://sushilanepal.com.np.nepalpaymentshub.com/
url: https://theapptrix.com/
url: https://toolspro.su/
url: https://traqc.net/
url: https://web.serenichron.com/
url: https://website-927187ff.khl.exm.mybluehost.me/
url: https://toyama-housenavi.net/
url: https://videoo.fit/
url: https://viraghagymafesztival.hu/
url: https://zestsolar.pt/
url: https://zoloh.starlandhotel.com/
url: https://zoolatours.com/
url: http://103.233.8.39:8888/supershell/login/
url: http://130.12.182.91/pages/login.php
url: https://petrozavodsk.logomebel.ru/
url: http://91.92.243.254/young2/five/pvqdq929bsx_a_d_m1n_a.php
url: http://91.92.243.254/young1/five/pvqdq929bsx_a_d_m1n_a.php
file: 138.124.108.212
hash: 80
file: 82.130.136.50
hash: 8181
file: 103.79.79.105
hash: 8444
file: 217.216.48.9
hash: 8808
file: 54.204.117.176
hash: 443
file: 139.177.205.92
hash: 1337
file: 193.161.193.99
hash: 31554
url: https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/state-sync-prototype/streaming-system-r1
file: 213.176.73.149
hash: 80
domain: webcloudplt2.oss-cn-shanghai.aliyuncs.com
url: https://saboresdomalte.com.br/
file: 56.124.34.57
hash: 443
file: 95.9.236.229
hash: 2004
file: 94.154.35.73
hash: 6606
file: 54.226.241.245
hash: 443
file: 5.231.58.129
hash: 80
file: 45.156.87.145
hash: 1337
file: 52.207.40.52
hash: 20511
file: 52.207.40.52
hash: 1911
file: 52.207.40.52
hash: 1961
file: 52.207.40.52
hash: 5061
url: http://173.214.162.172/e2c6d26eac3d49d5.php
url: https://cdn.jsdelivr.net/gh/strict-knoll-interface/difficult-kitty-tp1/garden
url: https://cdn.jsdelivr.net/gh/strict-knoll-interface/difficult-kitty-tp1/grape2
url: https://website-cd9a3473.khl.exm.mybluehost.me/
domain: fljdslfjdsf-57814.portmap.host
domain: matvey-41302.portmap.host
file: 79.250.143.165
hash: 55667
domain: ou6161.com
domain: ou6262.com
domain: ou6363.com
url: http://213.176.73.149
file: 172.86.127.205
hash: 80
file: 23.145.4.164
hash: 4444
url: http://103.246.247.118:8888/supershell/login/
file: 192.142.4.232
hash: 2404
file: 137.220.136.9
hash: 444
file: 45.158.230.43
hash: 808
file: 103.177.47.128
hash: 3790
file: 103.177.47.127
hash: 3790
file: 123.57.34.41
hash: 80
file: 146.190.127.20
hash: 8888
file: 148.178.76.23
hash: 443
file: 148.178.80.14
hash: 443
file: 148.178.80.5
hash: 443
file: 154.12.94.210
hash: 9001
file: 169.40.135.48
hash: 8080
file: 188.23.171.202
hash: 8000
file: 193.123.235.201
hash: 8384
file: 200.40.131.89
hash: 443
file: 207.56.196.89
hash: 443
file: 23.94.28.185
hash: 8888
file: 31.13.195.74
hash: 8443
file: 45.143.167.7
hash: 443
file: 45.84.196.137
hash: 8888
file: 52.223.43.230
hash: 8022
file: 64.23.231.32
hash: 8888
file: 67.213.212.5
hash: 8888
file: 8.138.184.79
hash: 8888
file: 84.247.168.191
hash: 21
file: 86.48.5.53
hash: 8888
url: https://cdn.jsdelivr.net/gh/strict-knoll-interface/difficult-kitty-tp1/brave2
url: https://threenetragroup.kusherp.com/
url: https://tylerbosch.retirevillage.com/
url: https://zelenograd.logomebel.ru/
file: 134.236.49.2
hash: 30349
file: 165.22.24.103
hash: 3333
file: 51.178.26.113
hash: 3333
file: 38.55.194.146
hash: 2020
file: 142.93.211.197
hash: 3333
file: 167.86.68.180
hash: 3333
file: 92.205.30.62
hash: 443
domain: ba.za.com
domain: bfcg5.ru.com
domain: forums.uk.net
domain: haf.uk.com
domain: hz88-bet.vip
domain: keramogranit.ru.com
domain: nqxuvd.za.com
domain: stileunico.it.com
domain: wwc.uk.com
domain: xszcuj.sa.com
domain: yrbaidu.za.com
url: https://wp.retirevillage.com/
url: https://cdn.jsdelivr.net/gh/strict-knoll-interface/difficult-kitty-tp1/pink
file: 158.94.210.95
hash: 2404
file: 212.95.55.76
hash: 2404
file: 137.220.136.161
hash: 444
file: 137.220.136.171
hash: 444
file: 102.98.115.42
hash: 443
file: 146.19.191.131
hash: 23
file: 54.82.101.215
hash: 2080
file: 54.82.101.215
hash: 56430
url: https://cdn.jsdelivr.net/gh/strict-knoll-interface/inc-meme-clock57/blade75
file: 162.212.157.107
hash: 23
file: 179.43.189.17
hash: 9443
file: 49.213.132.153
hash: 4444
domain: asphoau.cyou
domain: galleqi.cyou
domain: crossat.cyou
domain: hanggxx.cyou
domain: requieiy.cyou
domain: traumadj.cyou
domain: sakuratea.cfd
file: 89.125.48.125
hash: 1443
url: http://astrologickeconoablos.cc:8080/updater?for=0aa6b9f07a5b27b2069c137c69ec91eb
domain: borinakis.fun
file: 88.210.12.95
hash: 9000
file: 146.190.155.26
hash: 7443
file: 86.54.42.229
hash: 5000
file: 58.244.41.125
hash: 10001
file: 98.93.142.191
hash: 6514
url: https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/networked-transform-sync-srv13/lightweight-ecs-500
domain: jlgwbfxtol.a.pinggy.link
domain: abdulraheem6-50903.portmap.host
domain: slze8kkuh.localto.net
domain: quasarrat220-24487.portmap.io
file: 154.36.161.109
hash: 32111
file: 154.36.161.109
hash: 32222
file: 154.36.161.109
hash: 32333
domain: yxtu8a6fk.localto.net
domain: dxp4s2ibc.localto.net
domain: brodyy-39471.portmap.host
domain: hytagow69.localto.net
domain: pymrweslf.localto.net
domain: 181.ip.gl.ply.gg
domain: v9oe2nsym.localto.net
domain: aet2fkdj7.localto.net
file: 1.161.90.202
hash: 443
file: 148.178.39.55
hash: 443
file: 148.178.42.151
hash: 443
file: 148.178.58.153
hash: 443
file: 148.178.80.187
hash: 443
file: 103.181.134.186
hash: 5552
file: 159.65.156.200
hash: 8080
file: 159.203.164.101
hash: 443
domain: buildnetcrew.com
domain: fgwqojpr.buildnetcrew.com
domain: incelcuck.duckdns.org
url: https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/networked-transform-sync-srv13/grv-matchmaking-l1
file: 193.106.196.128
hash: 1964
domain: cyberplg.cyou
file: 130.12.182.167
hash: 5000
domain: 2c48hup.uk.com
domain: 2co7rrv.uk.com
domain: 78win.ru.com
domain: granitfliesen.de.com
domain: mb66znet.com
domain: shbet-casino.co
domain: titth.za.com
domain: zqqhyp.sa.com
domain: etvidanueva.com
domain: api.loseallyour.money
url: https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/systems-win64-sandbox/tick-based77
domain: vn168a.link
file: 82.147.84.54
hash: 443
file: 60.205.131.83
hash: 443
file: 47.83.182.237
hash: 20000
file: 51.83.254.62
hash: 445
file: 158.94.210.195
hash: 7777
file: 158.94.210.195
hash: 8008
file: 164.92.164.71
hash: 443
file: 186.169.75.2
hash: 1313
file: 154.201.94.141
hash: 443
file: 77.110.112.91
hash: 8888
file: 44.195.207.182
hash: 443
file: 203.145.168.114
hash: 443
file: 51.254.143.243
hash: 3333
file: 54.215.193.232
hash: 8080
file: 118.107.26.200
hash: 8084

Source: ThreatFox MISP Feed

Published: Sun Jan 18 2026

ThreatFox IOCs for 2026-01-18

Medium

Malwaretype:osint tlp:white

Published: Sun Jan 18 2026 (01/18/2026, 00:00:00 UTC)

Source: ThreatFox MISP Feed

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2026-01-18

AI-Powered Analysis

AILast updated: 01/19/2026, 00:11:06 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Upgrade to Pro Console

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: b1269268-4781-4a07-a587-7f1cd5dc769a
Original Timestamp: 1768780988

Indicators of Compromise

Url

Value	Description	Copy
urlhttps://ownvitality.xsrv.jp/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://qualitylivingpm.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://polbath.co.uk/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://primaveraveiculos.com.imagineweb.dev.br/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://planocreativo.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://ramyjuicy-109c437.ingress-haven.ewp.live/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://residencialgolapa.com.br/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://pola-koko288.baby/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://private.kusherp.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://ppsac.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://service.master-ok.net/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://robertevans.retirevillage.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://safridi.ictclients.site/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://ragdoll-blog.online/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://sleeve.diamantflex.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://shop.intermusica.pe/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://stephan-mielke.de/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://tinklapiuprieziura.lt/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://tottenhamtraders.co.uk/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://sushilanepal.com.np.nepalpaymentshub.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://theapptrix.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://toolspro.su/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://traqc.net/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://web.serenichron.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://website-927187ff.khl.exm.mybluehost.me/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://toyama-housenavi.net/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://videoo.fit/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://viraghagymafesztival.hu/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://zestsolar.pt/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://zoloh.starlandhotel.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://zoolatours.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttp://103.233.8.39:8888/supershell/login/	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://130.12.182.91/pages/login.php	Unknown malware botnet C2 (confidence level: 100%)
urlhttps://petrozavodsk.logomebel.ru/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttp://91.92.243.254/young2/five/pvqdq929bsx_a_d_m1n_a.php	LokiBot botnet C2 (confidence level: 100%)
urlhttp://91.92.243.254/young1/five/pvqdq929bsx_a_d_m1n_a.php	LokiBot botnet C2 (confidence level: 100%)
urlhttps://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/state-sync-prototype/streaming-system-r1	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://saboresdomalte.com.br/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttp://173.214.162.172/e2c6d26eac3d49d5.php	Stealc botnet C2 (confidence level: 100%)
urlhttps://cdn.jsdelivr.net/gh/strict-knoll-interface/difficult-kitty-tp1/garden	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://cdn.jsdelivr.net/gh/strict-knoll-interface/difficult-kitty-tp1/grape2	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://website-cd9a3473.khl.exm.mybluehost.me/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttp://213.176.73.149	Stealc botnet C2 (confidence level: 100%)
urlhttp://103.246.247.118:8888/supershell/login/	Unknown malware botnet C2 (confidence level: 100%)
urlhttps://cdn.jsdelivr.net/gh/strict-knoll-interface/difficult-kitty-tp1/brave2	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://threenetragroup.kusherp.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://tylerbosch.retirevillage.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://zelenograd.logomebel.ru/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://wp.retirevillage.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://cdn.jsdelivr.net/gh/strict-knoll-interface/difficult-kitty-tp1/pink	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://cdn.jsdelivr.net/gh/strict-knoll-interface/inc-meme-clock57/blade75	ClearFake payload delivery URL (confidence level: 100%)
urlhttp://astrologickeconoablos.cc:8080/updater?for=0aa6b9f07a5b27b2069c137c69ec91eb	Unknown malware botnet C2 (confidence level: 100%)
urlhttps://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/networked-transform-sync-srv13/lightweight-ecs-500	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/networked-transform-sync-srv13/grv-matchmaking-l1	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/systems-win64-sandbox/tick-based77	ClearFake payload delivery URL (confidence level: 100%)

File

Value	Description	Copy
file138.124.108.212	Stealc botnet C2 server (confidence level: 100%)
file82.130.136.50	Unknown malware botnet C2 server (confidence level: 100%)
file103.79.79.105	pupy botnet C2 server (confidence level: 100%)
file217.216.48.9	AsyncRAT botnet C2 server (confidence level: 100%)
file54.204.117.176	Nimplant botnet C2 server (confidence level: 100%)
file139.177.205.92	Empire Downloader botnet C2 server (confidence level: 100%)
file193.161.193.99	NjRAT botnet C2 server (confidence level: 100%)
file213.176.73.149	Stealc botnet C2 server (confidence level: 100%)
file56.124.34.57	Sliver botnet C2 server (confidence level: 100%)
file95.9.236.229	AsyncRAT botnet C2 server (confidence level: 100%)
file94.154.35.73	AsyncRAT botnet C2 server (confidence level: 100%)
file54.226.241.245	Nimplant botnet C2 server (confidence level: 100%)
file5.231.58.129	Unknown malware botnet C2 server (confidence level: 100%)
file45.156.87.145	Bashlite botnet C2 server (confidence level: 100%)
file52.207.40.52	Meterpreter botnet C2 server (confidence level: 100%)
file52.207.40.52	Meterpreter botnet C2 server (confidence level: 100%)
file52.207.40.52	Meterpreter botnet C2 server (confidence level: 100%)
file52.207.40.52	Meterpreter botnet C2 server (confidence level: 100%)
file79.250.143.165	XWorm botnet C2 server (confidence level: 100%)
file172.86.127.205	Cobalt Strike botnet C2 server (confidence level: 100%)
file23.145.4.164	Cobalt Strike botnet C2 server (confidence level: 100%)
file192.142.4.232	Remcos botnet C2 server (confidence level: 100%)
file137.220.136.9	Unknown RAT botnet C2 server (confidence level: 100%)
file45.158.230.43	Kaiji botnet C2 server (confidence level: 100%)
file103.177.47.128	Meterpreter botnet C2 server (confidence level: 100%)
file103.177.47.127	Meterpreter botnet C2 server (confidence level: 100%)
file123.57.34.41	Cobalt Strike botnet C2 server (confidence level: 100%)
file146.190.127.20	Sliver botnet C2 server (confidence level: 75%)
file148.178.76.23	DeimosC2 botnet C2 server (confidence level: 75%)
file148.178.80.14	DeimosC2 botnet C2 server (confidence level: 75%)
file148.178.80.5	DeimosC2 botnet C2 server (confidence level: 75%)
file154.12.94.210	Sliver botnet C2 server (confidence level: 75%)
file169.40.135.48	Sliver botnet C2 server (confidence level: 75%)
file188.23.171.202	Eye Pyramid botnet C2 server (confidence level: 75%)
file193.123.235.201	DeimosC2 botnet C2 server (confidence level: 75%)
file200.40.131.89	Sliver botnet C2 server (confidence level: 75%)
file207.56.196.89	DeimosC2 botnet C2 server (confidence level: 75%)
file23.94.28.185	Sliver botnet C2 server (confidence level: 75%)
file31.13.195.74	BianLian botnet C2 server (confidence level: 75%)
file45.143.167.7	Sliver botnet C2 server (confidence level: 75%)
file45.84.196.137	Sliver botnet C2 server (confidence level: 75%)
file52.223.43.230	DeimosC2 botnet C2 server (confidence level: 75%)
file64.23.231.32	Sliver botnet C2 server (confidence level: 75%)
file67.213.212.5	Sliver botnet C2 server (confidence level: 75%)
file8.138.184.79	Sliver botnet C2 server (confidence level: 75%)
file84.247.168.191	Sliver botnet C2 server (confidence level: 75%)
file86.48.5.53	Sliver botnet C2 server (confidence level: 75%)
file134.236.49.2	Quasar RAT botnet C2 server (confidence level: 100%)
file165.22.24.103	Unknown malware botnet C2 server (confidence level: 100%)
file51.178.26.113	Unknown malware botnet C2 server (confidence level: 100%)
file38.55.194.146	Unknown malware botnet C2 server (confidence level: 100%)
file142.93.211.197	Unknown malware botnet C2 server (confidence level: 100%)
file167.86.68.180	Unknown malware botnet C2 server (confidence level: 100%)
file92.205.30.62	Unknown malware botnet C2 server (confidence level: 100%)
file158.94.210.95	Remcos botnet C2 server (confidence level: 100%)
file212.95.55.76	Remcos botnet C2 server (confidence level: 100%)
file137.220.136.161	Unknown RAT botnet C2 server (confidence level: 100%)
file137.220.136.171	Unknown RAT botnet C2 server (confidence level: 100%)
file102.98.115.42	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file146.19.191.131	Bashlite botnet C2 server (confidence level: 100%)
file54.82.101.215	Meterpreter botnet C2 server (confidence level: 100%)
file54.82.101.215	Meterpreter botnet C2 server (confidence level: 100%)
file162.212.157.107	Meterpreter botnet C2 server (confidence level: 75%)
file179.43.189.17	Cobalt Strike botnet C2 server (confidence level: 75%)
file49.213.132.153	Meterpreter botnet C2 server (confidence level: 75%)
file89.125.48.125	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file88.210.12.95	SectopRAT botnet C2 server (confidence level: 100%)
file146.190.155.26	Unknown malware botnet C2 server (confidence level: 100%)
file86.54.42.229	MimiKatz botnet C2 server (confidence level: 100%)
file58.244.41.125	Meterpreter botnet C2 server (confidence level: 100%)
file98.93.142.191	Meterpreter botnet C2 server (confidence level: 100%)
file154.36.161.109	ValleyRAT botnet C2 server (confidence level: 100%)
file154.36.161.109	ValleyRAT botnet C2 server (confidence level: 100%)
file154.36.161.109	ValleyRAT botnet C2 server (confidence level: 100%)
file1.161.90.202	QakBot botnet C2 server (confidence level: 75%)
file148.178.39.55	DeimosC2 botnet C2 server (confidence level: 75%)
file148.178.42.151	DeimosC2 botnet C2 server (confidence level: 75%)
file148.178.58.153	DeimosC2 botnet C2 server (confidence level: 75%)
file148.178.80.187	DeimosC2 botnet C2 server (confidence level: 75%)
file103.181.134.186	Unknown malware botnet C2 server (confidence level: 75%)
file159.65.156.200	VShell botnet C2 server (confidence level: 100%)
file159.203.164.101	VShell botnet C2 server (confidence level: 100%)
file193.106.196.128	AsyncRAT botnet C2 server (confidence level: 100%)
file130.12.182.167	Remcos botnet C2 server (confidence level: 75%)
file82.147.84.54	Cobalt Strike botnet C2 server (confidence level: 100%)
file60.205.131.83	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.83.182.237	Sliver botnet C2 server (confidence level: 90%)
file51.83.254.62	Sliver botnet C2 server (confidence level: 90%)
file158.94.210.195	AsyncRAT botnet C2 server (confidence level: 100%)
file158.94.210.195	AsyncRAT botnet C2 server (confidence level: 100%)
file164.92.164.71	Unknown malware botnet C2 server (confidence level: 100%)
file186.169.75.2	Quasar RAT botnet C2 server (confidence level: 100%)
file154.201.94.141	Venom RAT botnet C2 server (confidence level: 100%)
file77.110.112.91	DCRat botnet C2 server (confidence level: 100%)
file44.195.207.182	Nimplant botnet C2 server (confidence level: 100%)
file203.145.168.114	Unknown malware botnet C2 server (confidence level: 100%)
file51.254.143.243	Unknown malware botnet C2 server (confidence level: 100%)
file54.215.193.232	Unknown malware botnet C2 server (confidence level: 100%)
file118.107.26.200	ValleyRAT botnet C2 server (confidence level: 100%)

Hash

Value	Description	Copy
hash80	Stealc botnet C2 server (confidence level: 100%)
hash8181	Unknown malware botnet C2 server (confidence level: 100%)
hash8444	pupy botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash443	Nimplant botnet C2 server (confidence level: 100%)
hash1337	Empire Downloader botnet C2 server (confidence level: 100%)
hash31554	NjRAT botnet C2 server (confidence level: 100%)
hash80	Stealc botnet C2 server (confidence level: 100%)
hash443	Sliver botnet C2 server (confidence level: 100%)
hash2004	AsyncRAT botnet C2 server (confidence level: 100%)
hash6606	AsyncRAT botnet C2 server (confidence level: 100%)
hash443	Nimplant botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash1337	Bashlite botnet C2 server (confidence level: 100%)
hash20511	Meterpreter botnet C2 server (confidence level: 100%)
hash1911	Meterpreter botnet C2 server (confidence level: 100%)
hash1961	Meterpreter botnet C2 server (confidence level: 100%)
hash5061	Meterpreter botnet C2 server (confidence level: 100%)
hash55667	XWorm botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash4444	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash444	Unknown RAT botnet C2 server (confidence level: 100%)
hash808	Kaiji botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888	Sliver botnet C2 server (confidence level: 75%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash9001	Sliver botnet C2 server (confidence level: 75%)
hash8080	Sliver botnet C2 server (confidence level: 75%)
hash8000	Eye Pyramid botnet C2 server (confidence level: 75%)
hash8384	DeimosC2 botnet C2 server (confidence level: 75%)
hash443	Sliver botnet C2 server (confidence level: 75%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash8888	Sliver botnet C2 server (confidence level: 75%)
hash8443	BianLian botnet C2 server (confidence level: 75%)
hash443	Sliver botnet C2 server (confidence level: 75%)
hash8888	Sliver botnet C2 server (confidence level: 75%)
hash8022	DeimosC2 botnet C2 server (confidence level: 75%)
hash8888	Sliver botnet C2 server (confidence level: 75%)
hash8888	Sliver botnet C2 server (confidence level: 75%)
hash8888	Sliver botnet C2 server (confidence level: 75%)
hash21	Sliver botnet C2 server (confidence level: 75%)
hash8888	Sliver botnet C2 server (confidence level: 75%)
hash30349	Quasar RAT botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash2020	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash444	Unknown RAT botnet C2 server (confidence level: 100%)
hash444	Unknown RAT botnet C2 server (confidence level: 100%)
hash443	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash23	Bashlite botnet C2 server (confidence level: 100%)
hash2080	Meterpreter botnet C2 server (confidence level: 100%)
hash56430	Meterpreter botnet C2 server (confidence level: 100%)
hash23	Meterpreter botnet C2 server (confidence level: 75%)
hash9443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash4444	Meterpreter botnet C2 server (confidence level: 75%)
hash1443	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash9000	SectopRAT botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash5000	MimiKatz botnet C2 server (confidence level: 100%)
hash10001	Meterpreter botnet C2 server (confidence level: 100%)
hash6514	Meterpreter botnet C2 server (confidence level: 100%)
hash32111	ValleyRAT botnet C2 server (confidence level: 100%)
hash32222	ValleyRAT botnet C2 server (confidence level: 100%)
hash32333	ValleyRAT botnet C2 server (confidence level: 100%)
hash443	QakBot botnet C2 server (confidence level: 75%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash5552	Unknown malware botnet C2 server (confidence level: 75%)
hash8080	VShell botnet C2 server (confidence level: 100%)
hash443	VShell botnet C2 server (confidence level: 100%)
hash1964	AsyncRAT botnet C2 server (confidence level: 100%)
hash5000	Remcos botnet C2 server (confidence level: 75%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash20000	Sliver botnet C2 server (confidence level: 90%)
hash445	Sliver botnet C2 server (confidence level: 90%)
hash7777	AsyncRAT botnet C2 server (confidence level: 100%)
hash8008	AsyncRAT botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash1313	Quasar RAT botnet C2 server (confidence level: 100%)
hash443	Venom RAT botnet C2 server (confidence level: 100%)
hash8888	DCRat botnet C2 server (confidence level: 100%)
hash443	Nimplant botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash8080	Unknown malware botnet C2 server (confidence level: 100%)
hash8084	ValleyRAT botnet C2 server (confidence level: 100%)

Domain

Value	Description	Copy
domainwebcloudplt2.oss-cn-shanghai.aliyuncs.com	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainfljdslfjdsf-57814.portmap.host	XWorm botnet C2 domain (confidence level: 100%)
domainmatvey-41302.portmap.host	XWorm botnet C2 domain (confidence level: 100%)
domainou6161.com	AsyncRAT botnet C2 domain (confidence level: 100%)
domainou6262.com	AsyncRAT botnet C2 domain (confidence level: 100%)
domainou6363.com	AsyncRAT botnet C2 domain (confidence level: 100%)
domainba.za.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainbfcg5.ru.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainforums.uk.net	AsyncRAT botnet C2 domain (confidence level: 75%)
domainhaf.uk.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainhz88-bet.vip	AsyncRAT botnet C2 domain (confidence level: 75%)
domainkeramogranit.ru.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainnqxuvd.za.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainstileunico.it.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainwwc.uk.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainxszcuj.sa.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainyrbaidu.za.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainasphoau.cyou	Lumma Stealer botnet C2 domain (confidence level: 75%)
domaingalleqi.cyou	Lumma Stealer botnet C2 domain (confidence level: 75%)
domaincrossat.cyou	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainhanggxx.cyou	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainrequieiy.cyou	Lumma Stealer botnet C2 domain (confidence level: 75%)
domaintraumadj.cyou	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainsakuratea.cfd	Aura Stealer botnet C2 domain (confidence level: 75%)
domainborinakis.fun	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainjlgwbfxtol.a.pinggy.link	XWorm botnet C2 domain (confidence level: 100%)
domainabdulraheem6-50903.portmap.host	XWorm botnet C2 domain (confidence level: 100%)
domainslze8kkuh.localto.net	Quasar RAT botnet C2 domain (confidence level: 100%)
domainquasarrat220-24487.portmap.io	Quasar RAT botnet C2 domain (confidence level: 100%)
domainyxtu8a6fk.localto.net	SpyNote botnet C2 domain (confidence level: 100%)
domaindxp4s2ibc.localto.net	SpyNote botnet C2 domain (confidence level: 100%)
domainbrodyy-39471.portmap.host	SpyNote botnet C2 domain (confidence level: 100%)
domainhytagow69.localto.net	SpyNote botnet C2 domain (confidence level: 100%)
domainpymrweslf.localto.net	SpyNote botnet C2 domain (confidence level: 100%)
domain181.ip.gl.ply.gg	SpyNote botnet C2 domain (confidence level: 100%)
domainv9oe2nsym.localto.net	SpyNote botnet C2 domain (confidence level: 100%)
domainaet2fkdj7.localto.net	SpyNote botnet C2 domain (confidence level: 100%)
domainbuildnetcrew.com	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainfgwqojpr.buildnetcrew.com	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainincelcuck.duckdns.org	XWorm botnet C2 domain (confidence level: 75%)
domaincyberplg.cyou	Lumma Stealer botnet C2 domain (confidence level: 100%)
domain2c48hup.uk.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domain2co7rrv.uk.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domain78win.ru.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domaingranitfliesen.de.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainmb66znet.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainshbet-casino.co	AsyncRAT botnet C2 domain (confidence level: 75%)
domaintitth.za.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainzqqhyp.sa.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainetvidanueva.com	Agent Tesla botnet C2 domain (confidence level: 50%)
domainapi.loseallyour.money	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainvn168a.link	AsyncRAT botnet C2 domain (confidence level: 75%)

Threat ID: 696d768bd302b072d90acd92

Added to database: 1/19/2026, 12:10:51 AM

Last enriched: 1/19/2026, 12:11:06 AM

Last updated: 1/19/2026, 4:01:36 AM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Related Threats

ThreatFox IOCs for 2026-01-17

Medium

MalwareSun Jan 18 2026

LOTUSLITE Backdoor Targets U.S. Policy Entities Using Venezuela-Themed Spear Phishing

Medium

MalwareSat Jan 17 2026

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need more coverage?

Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

ThreatFox IOCs for 2026-01-18

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

ThreatFox IOCs for 2026-01-18

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

Url

File

Hash

Domain

Community Reviews

Related Threats

ThreatFox IOCs for 2026-01-17

LOTUSLITE Backdoor Targets U.S. Policy Entities Using Venezuela-Themed Spear Phishing

GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection

ThreatFox IOCs for 2026-01-16

ThreatFox IOCs for 2026-01-15

Actions

External Links

Need more coverage?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility