Reconnecting to live updates…
ThreatFox IOCs for 2026-01-21
Severity: mediumType: malware
ThreatFox IOCs for 2026-01-21
AI Analysis
Technical Summary
The data provided corresponds to a ThreatFox feed entry containing Indicators of Compromise (IOCs) dated January 21, 2026. ThreatFox is a platform that aggregates and shares threat intelligence, particularly focusing on malware-related indicators, network activity, and payload delivery mechanisms. This entry is tagged as 'osint' and 'tlp:white', indicating it is open for public sharing and relates to open-source intelligence. No specific affected software versions or products are identified, and no patches or known exploits are associated with this entry. The technical details show a moderate threat level (2 on an unspecified scale), with distribution rated as 3, suggesting some degree of spread or prevalence. However, the absence of concrete indicators or detailed analysis limits the ability to pinpoint exact attack methods or malware families involved. This entry likely serves as a general alert or intelligence update rather than a report of an active, targeted attack or vulnerability. Organizations can use this information to update detection signatures and enhance monitoring for related network activity or payload delivery attempts. The lack of CVEs or CWEs and no known exploits in the wild further supports the interpretation that this is intelligence for situational awareness rather than an immediate threat requiring urgent patching or remediation.
Potential Impact
The impact of this intelligence feed on European organizations is primarily indirect, serving as a resource for enhancing detection capabilities and situational awareness rather than indicating an immediate operational threat. Since no specific vulnerabilities or exploits are identified, the direct risk to confidentiality, integrity, or availability is low at this stage. However, the presence of malware-related IOCs and network activity indicators suggests that organizations should remain vigilant against potential payload delivery attempts or network intrusions. European entities that rely heavily on OSINT tools and network monitoring can leverage this intelligence to improve their threat hunting and incident response processes. Failure to incorporate such threat intelligence could result in delayed detection of emerging malware campaigns, potentially increasing exposure to subsequent attacks. The medium severity rating reflects the potential for these IOCs to be part of broader attack campaigns, emphasizing the importance of proactive monitoring and analysis.
Mitigation Recommendations
1. Integrate the ThreatFox IOCs into existing Security Information and Event Management (SIEM) and threat intelligence platforms to enhance detection and correlation capabilities. 2. Regularly update intrusion detection and prevention system (IDS/IPS) signatures with the latest IOCs from ThreatFox and similar feeds. 3. Conduct proactive network traffic analysis focusing on payload delivery patterns and suspicious network activity aligned with the provided intelligence. 4. Enhance endpoint detection and response (EDR) tools to recognize behaviors associated with the malware types indicated by the feed. 5. Train security operations center (SOC) analysts to interpret and act upon OSINT-based threat intelligence effectively. 6. Establish automated workflows to ingest and operationalize threat intelligence feeds, reducing the time to detect and respond. 7. Collaborate with industry Information Sharing and Analysis Centers (ISACs) to contextualize the intelligence within sector-specific threat landscapes. 8. Perform regular threat hunting exercises using the IOCs to identify potential compromises early. 9. Maintain robust network segmentation and least privilege principles to limit the impact of potential payload delivery. 10. Ensure incident response plans include procedures for handling alerts generated from OSINT-based IOCs.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Italy
Indicators of Compromise
- domain: panel.kalygenesis.xyz
- file: 45.141.215.60
- hash: 443
- file: 109.172.91.23
- hash: 443
- domain: gl1g7tts-5500.euw.devtunnels.ms
- file: 165.245.129.3
- hash: 81
- file: 138.124.79.35
- hash: 80
- file: 81.71.82.54
- hash: 10086
- file: 198.23.177.214
- hash: 2404
- file: 45.93.20.159
- hash: 443
- file: 105.157.55.3
- hash: 443
- file: 185.196.11.163
- hash: 5555
- file: 206.189.39.125
- hash: 8888
- file: 188.166.59.151
- hash: 443
- url: https://cdn.jsdelivr.net/gh/ws40-delta-xchg-fab8/23phys-step2-det-sim/asset-mgr11
- file: 89.125.48.195
- hash: 80
- domain: chl.ru.com
- domain: dc2.sa.com
- domain: nuestraboda.it.com
- domain: tosifu.jp.net
- file: 159.198.75.187
- hash: 80
- file: 23.235.146.5
- hash: 13530
- file: 112.124.32.100
- hash: 18444
- file: 164.68.120.30
- hash: 1997
- file: 213.152.161.52
- hash: 55990
- file: 5.59.249.142
- hash: 80
- file: 199.101.111.193
- hash: 3790
- file: 199.101.111.192
- hash: 3790
- url: https://mebelinki.ru/xamster.html
- url: https://kinugort.ru/xhamster.html
- url: http://astrologickeconoablos.cc:8080/updater?for=e0cd6a53d52a08539a9787e388ff1d3b
- domain: losespadadz.myftp.biz
- domain: us-neuroquiet.co.com
- file: 5.189.132.160
- hash: 3
- url: http://172.86.66.132
- url: http://159.198.75.187
- domain: atlretf7m.localto.net
- file: 79.134.225.18
- hash: 3371
- url: https://cdn.jsdelivr.net/gh/brush-tablet-win7/tg-sector-add/dare
- domain: xxblessing2026now.duckdns.org
- url: https://www.appleslicesllc.com/
- url: http://118.31.168.221:80/iqqr
- file: 77.110.102.149
- hash: 80
- file: 116.62.189.232
- hash: 80
- file: 114.55.13.17
- hash: 80
- file: 198.23.177.210
- hash: 2404
- file: 172.111.213.112
- hash: 2404
- file: 47.109.33.245
- hash: 8888
- file: 95.9.236.229
- hash: 2001
- file: 35.92.162.80
- hash: 80
- file: 192.162.70.172
- hash: 443
- file: 103.177.47.26
- hash: 3790
- domain: a9wi86h.uk.com
- domain: fastandfastairconditioner.in.net
- domain: kaf.uk.com
- domain: mfd.uk.com
- domain: vibrations.ru.com
- domain: zx88.ae.org
- url: https://medhrrst.com/1h6f.js
- domain: medhrrst.com
- url: https://medhrrst.com/js.php
- file: 139.155.247.44
- hash: 60055
- url: http://139.155.247.44:60055/ht7j
- file: 116.31.165.25
- hash: 36150
- file: 139.84.226.162
- hash: 8443
- file: 144.31.224.224
- hash: 443
- file: 3.33.138.70
- hash: 443
- file: 183.90.187.139
- hash: 5178
- domain: ultradatahost3.baby
- domain: imper-strlk5.com
- domain: ultradatahost2.baby
- domain: ultradatahost4.baby
- url: https://stm.agfoodpos.com/
- url: https://tenoro.mobilefoundationrepair.com/
- url: https://hrm.yago.fun/
- url: https://77.42.48.196/
- url: https://195.201.47.94/
- url: https://192.177.26.99/
- url: https://138.226.237.208/
- url: https://77.42.48.198/
- url: https://138.226.237.209/
- url: https://77.42.48.193/
- url: https://77.42.49.41/
- url: https://77.42.48.192/
- url: https://77.42.48.194/
- url: https://138.226.237.210/
- domain: hrm.yago.fun
- domain: tenoro.mobilefoundationrepair.com
- domain: stm.agfoodpos.com
- file: 77.42.48.196
- hash: 443
- file: 195.201.47.94
- hash: 443
- file: 192.177.26.99
- hash: 443
- file: 138.226.237.208
- hash: 443
- file: 77.42.48.198
- hash: 443
- file: 138.226.237.209
- hash: 443
- file: 77.42.48.193
- hash: 443
- file: 77.42.49.41
- hash: 443
- file: 77.42.48.192
- hash: 443
- file: 77.42.48.194
- hash: 443
- file: 138.226.237.210
- hash: 443
- url: http://89.223.95.83:8888/supershell/login/
- file: 93.127.136.237
- hash: 18585
- file: 47.104.73.36
- hash: 8443
- url: http://101.200.86.142:8888/supershell/login/
- file: 129.211.190.226
- hash: 2086
- file: 47.97.31.229
- hash: 4433
- file: 217.216.32.194
- hash: 8080
- file: 67.210.97.27
- hash: 6606
- file: 34.134.226.76
- hash: 10443
- file: 63.180.100.205
- hash: 443
- file: 103.43.191.41
- hash: 3333
- file: 81.8.96.196
- hash: 443
- file: 3.75.139.6
- hash: 443
- file: 159.69.218.82
- hash: 3333
- file: 104.168.94.108
- hash: 20080
- domain: espada.ddns.net
- domain: losespada.ddns.net
- domain: aizenespada.ddns.net
- file: 154.244.253.161
- hash: 2404
- file: 147.124.219.46
- hash: 2404
- file: 185.68.21.77
- hash: 8888
- file: 3.84.179.12
- hash: 2455
- url: http://77.110.102.149
- file: 47.83.130.138
- hash: 6666
- file: 47.83.130.138
- hash: 8888
- domain: 000.start-men.site
- domain: 000.start-men.store
- domain: 000.start-men.space
- file: 161.248.179.38
- hash: 6666
- domain: 68gamebai.gb.net
- domain: member77daftar.it.com
- domain: ucjnz.sa.com
- domain: zrr.uk.com
- domain: 95mfmnebv9a1r.cfc-execute.gz.baidubce.com
- url: https://cdn.jsdelivr.net/gh/brush-tablet-win7/tg-sector-add/done
- domain: newincomes.minhaempresa.tv
- domain: globalbusinesstradings.duckdns.org
- domain: globalbusinessinc.duckdns.org
- file: 130.12.180.43
- hash: 80
- url: https://winnheiser.com/5f3s.js
- domain: winnheiser.com
- url: https://winnheiser.com/js.php
- domain: chibenu6223.duckdns.org
- domain: 0thjokxbgefw2ejh.wincryptapi.com
- url: https://imbalanceposib.com/logout/profile-bundle.php
- domain: imbalanceposib.com
- url: https://imbalanceposib.com/logout/public-fetch.js
- url: http://79.141.160.151/token
- url: https://lightspreme.com/token
- url: https://79.141.160.151/proxy
- file: 45.9.148.181
- hash: 7704
- file: 165.22.57.198
- hash: 8443
- url: https://prospectorplumbing.com/
- file: 47.94.151.178
- hash: 80
- file: 161.97.95.77
- hash: 2404
- file: 208.123.119.237
- hash: 17162
- file: 102.117.169.30
- hash: 7443
- file: 207.246.125.36
- hash: 7443
- file: 45.12.254.190
- hash: 7443
- file: 102.98.112.71
- hash: 443
- file: 15.160.67.9
- hash: 47001
- file: 54.198.28.136
- hash: 1961
- file: 54.198.28.136
- hash: 40911
- file: 13.40.7.202
- hash: 51686
- domain: drain.it.com
- domain: moon.sun.win
- domain: moon.sunwin.moi
- domain: moon.sunwin.sx
- domain: moon.sunwinn.earth
- domain: 7ynnkgq37bjrv.cfc-execute.bj.baidubce.com
- domain: 3iss-online.3iss-online.com.br
- domain: 99idesign.com
- domain: africaexports.click
- domain: aksafil.ru
- domain: antoineruiz.it
- domain: arise.spiderwebzdesign.net
- domain: augustoilian.cybercol.com
- domain: astrologiahindu.com.br
- domain: bos.webserver5.com
- domain: cashazing.dev.prodevr.com
- domain: cavallotech.de.businessecontact.com
- domain: bwpeople-hr40under40-talentworld.com
- domain: blog-ecommerce.es
- domain: cammy-freelance.com
- domain: calmost-hair.main.jp
- domain: comocerditos.com
- domain: cpcontacts.centrocirugiaplastica.com
- domain: cms.iqwing.live
- domain: cqgxhzs.net
- domain: dk-decor.com
- domain: dveryuga.ru
- domain: dyag.brobro.ai
- domain: edgenroots.net
- domain: emba.nu.edu.eg
- domain: elex.codeberry.in
- domain: erp.bditconsultancy.com
- domain: footballpicksandpredictions.moneymaking-opportunities.com
- domain: ftp.agrigentotourist.com
- domain: foxfinancas.com
- domain: gia5.ru
- domain: glassiker.com
- domain: gomygo.kusherp.com
- domain: hitokara-kishin.com
- domain: gdckupwara.edu.in
- domain: horodniany.pl
- domain: jadd.draftus.net
- domain: interstate.myinvestment.properties
- domain: kastechnologies.net
- domain: lafabri-k.com
- domain: krasnoyarsk.logomebel.ru
- domain: kurgan.logomebel.ru
- domain: mail.agence-immobiliere-lyon.com
- domain: mail.astrologiahindu.com.br
- domain: mail.e1staffingandrecruiting.com
- domain: mail.intstyle.com
- domain: mail.lacasadeltexu.com
- domain: mail.mamahdannirwana.com
- domain: mail.nmreitgroup.com
- domain: mail.msabinew.com
- domain: mail.wetooktheplunge.com
- domain: mh-test.meldingen.woweb.app
- domain: mefixscreen.com
- domain: maryamshop02.com
- domain: nettrade.com
- domain: newday-gt.com
- domain: noginsk.logomebel.ru
- domain: onestopmortgageconsultants.co.uk
- domain: nieuwenhuys.rooza.nl
- domain: noinauruou.cokhiviendong.com
- domain: provedores.supraterra.ddsis.com.mx
- domain: quko.software
- domain: prontoenterprise.com
- domain: residencial-granpremiere.com.br
- domain: ryazan.logomebel.ru
- domain: pmb-dev.uid.ac.id
- domain: sevastopol.logomebel.ru
- domain: royal-grey.com
- domain: scottstreetpharmacy.arshad.co.za
- domain: smtp.bldg-envelope.com
- domain: sochi.logomebel.ru
- domain: sosnovuybor.logomebel.ru
- domain: test.lutherankifuru.org
- domain: test1.myohworld.com
- domain: test3.kusherp.com
- domain: taclass.jp
- domain: systemkitchen-55ga11.com
- domain: tpi.nolansallai.ch
- domain: uapasia.lwsdevteam.com
- domain: tver.logomebel.ru
- domain: tyumen.logomebel.ru
- domain: unitiqs.com
- domain: ushealth.com
- domain: tsp-mmed.com
- domain: vladikavkaz.logomebel.ru
- domain: website-728196dc.nhlnw.com
- domain: website-c6cf450a.qni.vfh.mybluehost.me
- domain: website-8493861c.krp.ivk.mybluehost.me
- domain: wifi.3squared360.com
- domain: wa-ke-a-ri.org
- domain: website-4af578db.lajordanbulldogs.org
- domain: zlab.criptocontrol.com.br
- domain: wp.unocode.dev
- url: https://ddy.yago.fun/
- url: https://elevor.mobilefoundationrepair.com/
- domain: ddy.yago.fun
- domain: elevor.mobilefoundationrepair.com
- domain: we.isecure.top
- domain: the-banned.gl.at.ply.gg
- file: 193.34.69.245
- hash: 666
- file: 193.34.69.245
- hash: 443
- file: 185.196.8.252
- hash: 2430
- domain: moon.drain.it.com
- file: 184.174.20.230
- hash: 4449
- file: 185.246.220.123
- hash: 4782
- url: https://lacevcnt.cyou/api
- file: 109.111.167.229
- hash: 1912
- file: 156.247.40.163
- hash: 6666
- file: 156.247.40.163
- hash: 8888
- domain: t9vdmkdro.localto.net
- file: 185.253.45.68
- hash: 443
- file: 208.123.119.237
- hash: 443
- file: 213.232.235.77
- hash: 8443
- file: 217.216.32.194
- hash: 2096
- file: 52.223.20.135
- hash: 443
- file: 52.223.38.68
- hash: 443
- file: 74.62.163.29
- hash: 80
- file: 121.4.92.72
- hash: 5000
- file: 158.247.239.180
- hash: 80
- file: 158.94.210.195
- hash: 2405
- file: 104.250.169.110
- hash: 5671
- file: 38.29.212.164
- hash: 8080
- file: 54.145.56.188
- hash: 7443
- file: 82.115.6.29
- hash: 1080
- file: 45.61.157.210
- hash: 1717
- file: 13.223.172.177
- hash: 80
- file: 130.12.182.211
- hash: 808
- file: 43.201.31.91
- hash: 55615
- file: 3.137.177.198
- hash: 44292
- file: 16.62.60.254
- hash: 56116
- file: 3.147.36.86
- hash: 5655
- file: 13.58.205.152
- hash: 6699
- file: 15.160.67.9
- hash: 8001
- file: 51.44.82.163
- hash: 10443
- file: 13.61.143.40
- hash: 8089
- file: 16.176.202.160
- hash: 443
- file: 18.169.188.242
- hash: 2082
- domain: pototooqalal.com
- file: 45.83.31.58
- hash: 2520
- domain: captioto.com
- domain: agosto202508blessed.dynuddns.com
- file: 46.38.238.27
- hash: 443
- file: 3.65.34.6
- hash: 443
- file: 77.110.102.45
- hash: 443
- file: 8.130.14.229
- hash: 3333
- file: 13.203.219.44
- hash: 8443
- file: 35.166.65.146
- hash: 443
- file: 13.127.221.134
- hash: 4444
- file: 3.15.174.84
- hash: 8080
- file: 196.251.107.104
- hash: 1912
- url: https://cdn.jsdelivr.net/gh/fxd2-tickstep-sim-loop10/strm-asset-cache28/scene
ThreatFox IOCs for 2026-01-21
0
MediumPublished: Wed Jan 21 2026 (01/21/2026, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2026-01-21
AI-Powered Analysis
AILast updated: 01/22/2026, 00:20:18 UTC
Technical Analysis
The data provided corresponds to a ThreatFox feed entry containing Indicators of Compromise (IOCs) dated January 21, 2026. ThreatFox is a platform that aggregates and shares threat intelligence, particularly focusing on malware-related indicators, network activity, and payload delivery mechanisms. This entry is tagged as 'osint' and 'tlp:white', indicating it is open for public sharing and relates to open-source intelligence. No specific affected software versions or products are identified, and no patches or known exploits are associated with this entry. The technical details show a moderate threat level (2 on an unspecified scale), with distribution rated as 3, suggesting some degree of spread or prevalence. However, the absence of concrete indicators or detailed analysis limits the ability to pinpoint exact attack methods or malware families involved. This entry likely serves as a general alert or intelligence update rather than a report of an active, targeted attack or vulnerability. Organizations can use this information to update detection signatures and enhance monitoring for related network activity or payload delivery attempts. The lack of CVEs or CWEs and no known exploits in the wild further supports the interpretation that this is intelligence for situational awareness rather than an immediate threat requiring urgent patching or remediation.
Potential Impact
The impact of this intelligence feed on European organizations is primarily indirect, serving as a resource for enhancing detection capabilities and situational awareness rather than indicating an immediate operational threat. Since no specific vulnerabilities or exploits are identified, the direct risk to confidentiality, integrity, or availability is low at this stage. However, the presence of malware-related IOCs and network activity indicators suggests that organizations should remain vigilant against potential payload delivery attempts or network intrusions. European entities that rely heavily on OSINT tools and network monitoring can leverage this intelligence to improve their threat hunting and incident response processes. Failure to incorporate such threat intelligence could result in delayed detection of emerging malware campaigns, potentially increasing exposure to subsequent attacks. The medium severity rating reflects the potential for these IOCs to be part of broader attack campaigns, emphasizing the importance of proactive monitoring and analysis.
Mitigation Recommendations
1. Integrate the ThreatFox IOCs into existing Security Information and Event Management (SIEM) and threat intelligence platforms to enhance detection and correlation capabilities. 2. Regularly update intrusion detection and prevention system (IDS/IPS) signatures with the latest IOCs from ThreatFox and similar feeds. 3. Conduct proactive network traffic analysis focusing on payload delivery patterns and suspicious network activity aligned with the provided intelligence. 4. Enhance endpoint detection and response (EDR) tools to recognize behaviors associated with the malware types indicated by the feed. 5. Train security operations center (SOC) analysts to interpret and act upon OSINT-based threat intelligence effectively. 6. Establish automated workflows to ingest and operationalize threat intelligence feeds, reducing the time to detect and respond. 7. Collaborate with industry Information Sharing and Analysis Centers (ISACs) to contextualize the intelligence within sector-specific threat landscapes. 8. Perform regular threat hunting exercises using the IOCs to identify potential compromises early. 9. Maintain robust network segmentation and least privilege principles to limit the impact of potential payload delivery. 10. Ensure incident response plans include procedures for handling alerts generated from OSINT-based IOCs.
Affected Countries
Need more detailed analysis?Upgrade to Pro Console
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 91289567-8dcf-4531-b631-bda4ef53acb6
- Original Timestamp
- 1769040186
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domainpanel.kalygenesis.xyz | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domaingl1g7tts-5500.euw.devtunnels.ms | Agent Tesla payload delivery domain (confidence level: 100%) | |
domainchl.ru.com | AsyncRAT botnet C2 domain (confidence level: 75%) | |
domaindc2.sa.com | AsyncRAT botnet C2 domain (confidence level: 75%) | |
domainnuestraboda.it.com | AsyncRAT botnet C2 domain (confidence level: 75%) | |
domaintosifu.jp.net | AsyncRAT botnet C2 domain (confidence level: 75%) | |
domainlosespadadz.myftp.biz | XWorm botnet C2 domain (confidence level: 100%) | |
domainus-neuroquiet.co.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainatlretf7m.localto.net | SpyNote botnet C2 domain (confidence level: 100%) | |
domainxxblessing2026now.duckdns.org | XWorm botnet C2 domain (confidence level: 75%) | |
domaina9wi86h.uk.com | Quasar RAT botnet C2 domain (confidence level: 75%) | |
domainfastandfastairconditioner.in.net | Quasar RAT botnet C2 domain (confidence level: 75%) | |
domainkaf.uk.com | Quasar RAT botnet C2 domain (confidence level: 75%) | |
domainmfd.uk.com | Quasar RAT botnet C2 domain (confidence level: 75%) | |
domainvibrations.ru.com | Quasar RAT botnet C2 domain (confidence level: 75%) | |
domainzx88.ae.org | Quasar RAT botnet C2 domain (confidence level: 75%) | |
domainmedhrrst.com | KongTuke payload delivery domain (confidence level: 100%) | |
domainultradatahost3.baby | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainimper-strlk5.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainultradatahost2.baby | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainultradatahost4.baby | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainhrm.yago.fun | Vidar botnet C2 domain (confidence level: 100%) | |
domaintenoro.mobilefoundationrepair.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainstm.agfoodpos.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainespada.ddns.net | XWorm botnet C2 domain (confidence level: 100%) | |
domainlosespada.ddns.net | XWorm botnet C2 domain (confidence level: 100%) | |
domainaizenespada.ddns.net | XWorm botnet C2 domain (confidence level: 100%) | |
domain000.start-men.site | ValleyRAT botnet C2 domain (confidence level: 100%) | |
domain000.start-men.store | ValleyRAT botnet C2 domain (confidence level: 100%) | |
domain000.start-men.space | ValleyRAT botnet C2 domain (confidence level: 100%) | |
domain68gamebai.gb.net | Quasar RAT botnet C2 domain (confidence level: 75%) | |
domainmember77daftar.it.com | Quasar RAT botnet C2 domain (confidence level: 75%) | |
domainucjnz.sa.com | Quasar RAT botnet C2 domain (confidence level: 75%) | |
domainzrr.uk.com | Quasar RAT botnet C2 domain (confidence level: 75%) | |
domain95mfmnebv9a1r.cfc-execute.gz.baidubce.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainnewincomes.minhaempresa.tv | XWorm botnet C2 domain (confidence level: 100%) | |
domainglobalbusinesstradings.duckdns.org | XWorm botnet C2 domain (confidence level: 100%) | |
domainglobalbusinessinc.duckdns.org | XWorm botnet C2 domain (confidence level: 100%) | |
domainwinnheiser.com | KongTuke payload delivery domain (confidence level: 100%) | |
domainchibenu6223.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domain0thjokxbgefw2ejh.wincryptapi.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainimbalanceposib.com | NetSupportManager RAT payload delivery domain (confidence level: 100%) | |
domaindrain.it.com | Quasar RAT botnet C2 domain (confidence level: 75%) | |
domainmoon.sun.win | AsyncRAT botnet C2 domain (confidence level: 75%) | |
domainmoon.sunwin.moi | AsyncRAT botnet C2 domain (confidence level: 75%) | |
domainmoon.sunwin.sx | AsyncRAT botnet C2 domain (confidence level: 75%) | |
domainmoon.sunwinn.earth | AsyncRAT botnet C2 domain (confidence level: 75%) | |
domain7ynnkgq37bjrv.cfc-execute.bj.baidubce.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domain3iss-online.3iss-online.com.br | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domain99idesign.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainafricaexports.click | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainaksafil.ru | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainantoineruiz.it | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainarise.spiderwebzdesign.net | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainaugustoilian.cybercol.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainastrologiahindu.com.br | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainbos.webserver5.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domaincashazing.dev.prodevr.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domaincavallotech.de.businessecontact.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainbwpeople-hr40under40-talentworld.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainblog-ecommerce.es | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domaincammy-freelance.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domaincalmost-hair.main.jp | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domaincomocerditos.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domaincpcontacts.centrocirugiaplastica.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domaincms.iqwing.live | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domaincqgxhzs.net | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domaindk-decor.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domaindveryuga.ru | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domaindyag.brobro.ai | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainedgenroots.net | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainemba.nu.edu.eg | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainelex.codeberry.in | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainerp.bditconsultancy.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainfootballpicksandpredictions.moneymaking-opportunities.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainftp.agrigentotourist.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainfoxfinancas.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domaingia5.ru | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainglassiker.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domaingomygo.kusherp.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainhitokara-kishin.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domaingdckupwara.edu.in | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainhorodniany.pl | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainjadd.draftus.net | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domaininterstate.myinvestment.properties | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainkastechnologies.net | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainlafabri-k.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainkrasnoyarsk.logomebel.ru | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainkurgan.logomebel.ru | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainmail.agence-immobiliere-lyon.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainmail.astrologiahindu.com.br | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainmail.e1staffingandrecruiting.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainmail.intstyle.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainmail.lacasadeltexu.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainmail.mamahdannirwana.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainmail.nmreitgroup.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainmail.msabinew.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainmail.wetooktheplunge.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainmh-test.meldingen.woweb.app | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainmefixscreen.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainmaryamshop02.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainnettrade.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainnewday-gt.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainnoginsk.logomebel.ru | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainonestopmortgageconsultants.co.uk | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainnieuwenhuys.rooza.nl | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainnoinauruou.cokhiviendong.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainprovedores.supraterra.ddsis.com.mx | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainquko.software | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainprontoenterprise.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainresidencial-granpremiere.com.br | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainryazan.logomebel.ru | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainpmb-dev.uid.ac.id | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainsevastopol.logomebel.ru | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainroyal-grey.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainscottstreetpharmacy.arshad.co.za | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainsmtp.bldg-envelope.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainsochi.logomebel.ru | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainsosnovuybor.logomebel.ru | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domaintest.lutherankifuru.org | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domaintest1.myohworld.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domaintest3.kusherp.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domaintaclass.jp | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainsystemkitchen-55ga11.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domaintpi.nolansallai.ch | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainuapasia.lwsdevteam.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domaintver.logomebel.ru | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domaintyumen.logomebel.ru | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainunitiqs.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainushealth.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domaintsp-mmed.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainvladikavkaz.logomebel.ru | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainwebsite-728196dc.nhlnw.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainwebsite-c6cf450a.qni.vfh.mybluehost.me | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainwebsite-8493861c.krp.ivk.mybluehost.me | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainwifi.3squared360.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainwa-ke-a-ri.org | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainwebsite-4af578db.lajordanbulldogs.org | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainzlab.criptocontrol.com.br | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainwp.unocode.dev | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainddy.yago.fun | Vidar botnet C2 domain (confidence level: 100%) | |
domainelevor.mobilefoundationrepair.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainwe.isecure.top | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domainthe-banned.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainmoon.drain.it.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaint9vdmkdro.localto.net | SpyNote botnet C2 domain (confidence level: 100%) | |
domainpototooqalal.com | ClearFake payload delivery domain (confidence level: 100%) | |
domaincaptioto.com | ClearFake payload delivery domain (confidence level: 100%) | |
domainagosto202508blessed.dynuddns.com | Remcos botnet C2 domain (confidence level: 75%) |
File
| Value | Description | Copy |
|---|---|---|
file45.141.215.60 | Unknown Stealer botnet C2 server (confidence level: 100%) | |
file109.172.91.23 | Remcos botnet C2 server (confidence level: 100%) | |
file165.245.129.3 | Mirai botnet C2 server (confidence level: 80%) | |
file138.124.79.35 | Stealc botnet C2 server (confidence level: 100%) | |
file81.71.82.54 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file198.23.177.214 | Remcos botnet C2 server (confidence level: 100%) | |
file45.93.20.159 | Sliver botnet C2 server (confidence level: 100%) | |
file105.157.55.3 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file185.196.11.163 | Unknown malware botnet C2 server (confidence level: 100%) | |
file206.189.39.125 | Meterpreter botnet C2 server (confidence level: 100%) | |
file188.166.59.151 | Unknown malware botnet C2 server (confidence level: 100%) | |
file89.125.48.195 | Stealc botnet C2 server (confidence level: 100%) | |
file159.198.75.187 | Stealc botnet C2 server (confidence level: 100%) | |
file23.235.146.5 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file112.124.32.100 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file164.68.120.30 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file213.152.161.52 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file5.59.249.142 | MooBot botnet C2 server (confidence level: 100%) | |
file199.101.111.193 | Meterpreter botnet C2 server (confidence level: 100%) | |
file199.101.111.192 | Meterpreter botnet C2 server (confidence level: 100%) | |
file5.189.132.160 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file79.134.225.18 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file77.110.102.149 | Stealc botnet C2 server (confidence level: 100%) | |
file116.62.189.232 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file114.55.13.17 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file198.23.177.210 | Remcos botnet C2 server (confidence level: 100%) | |
file172.111.213.112 | Remcos botnet C2 server (confidence level: 100%) | |
file47.109.33.245 | Unknown malware botnet C2 server (confidence level: 100%) | |
file95.9.236.229 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file35.92.162.80 | Havoc botnet C2 server (confidence level: 100%) | |
file192.162.70.172 | BitRAT botnet C2 server (confidence level: 100%) | |
file103.177.47.26 | Meterpreter botnet C2 server (confidence level: 100%) | |
file139.155.247.44 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file116.31.165.25 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file139.84.226.162 | BianLian botnet C2 server (confidence level: 75%) | |
file144.31.224.224 | DanaBot botnet C2 server (confidence level: 75%) | |
file3.33.138.70 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file183.90.187.139 | N-W0rm botnet C2 server (confidence level: 100%) | |
file77.42.48.196 | Vidar botnet C2 server (confidence level: 100%) | |
file195.201.47.94 | Vidar botnet C2 server (confidence level: 100%) | |
file192.177.26.99 | Vidar botnet C2 server (confidence level: 100%) | |
file138.226.237.208 | Vidar botnet C2 server (confidence level: 100%) | |
file77.42.48.198 | Vidar botnet C2 server (confidence level: 100%) | |
file138.226.237.209 | Vidar botnet C2 server (confidence level: 100%) | |
file77.42.48.193 | Vidar botnet C2 server (confidence level: 100%) | |
file77.42.49.41 | Vidar botnet C2 server (confidence level: 100%) | |
file77.42.48.192 | Vidar botnet C2 server (confidence level: 100%) | |
file77.42.48.194 | Vidar botnet C2 server (confidence level: 100%) | |
file138.226.237.210 | Vidar botnet C2 server (confidence level: 100%) | |
file93.127.136.237 | Unknown malware botnet C2 server (confidence level: 75%) | |
file47.104.73.36 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file129.211.190.226 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.97.31.229 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file217.216.32.194 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file67.210.97.27 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file34.134.226.76 | Unknown malware botnet C2 server (confidence level: 100%) | |
file63.180.100.205 | Unknown malware botnet C2 server (confidence level: 100%) | |
file103.43.191.41 | Unknown malware botnet C2 server (confidence level: 100%) | |
file81.8.96.196 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.75.139.6 | Unknown malware botnet C2 server (confidence level: 100%) | |
file159.69.218.82 | Unknown malware botnet C2 server (confidence level: 100%) | |
file104.168.94.108 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.244.253.161 | Remcos botnet C2 server (confidence level: 100%) | |
file147.124.219.46 | Remcos botnet C2 server (confidence level: 100%) | |
file185.68.21.77 | DCRat botnet C2 server (confidence level: 100%) | |
file3.84.179.12 | Meterpreter botnet C2 server (confidence level: 100%) | |
file47.83.130.138 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file47.83.130.138 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file161.248.179.38 | NjRAT botnet C2 server (confidence level: 66%) | |
file130.12.180.43 | Amadey botnet C2 server (confidence level: 100%) | |
file45.9.148.181 | PureLogs Stealer botnet C2 server (confidence level: 100%) | |
file165.22.57.198 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.94.151.178 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file161.97.95.77 | Remcos botnet C2 server (confidence level: 100%) | |
file208.123.119.237 | Sliver botnet C2 server (confidence level: 100%) | |
file102.117.169.30 | Unknown malware botnet C2 server (confidence level: 100%) | |
file207.246.125.36 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.12.254.190 | Unknown malware botnet C2 server (confidence level: 100%) | |
file102.98.112.71 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file15.160.67.9 | Meterpreter botnet C2 server (confidence level: 100%) | |
file54.198.28.136 | Meterpreter botnet C2 server (confidence level: 100%) | |
file54.198.28.136 | Meterpreter botnet C2 server (confidence level: 100%) | |
file13.40.7.202 | Meterpreter botnet C2 server (confidence level: 100%) | |
file193.34.69.245 | XWorm botnet C2 server (confidence level: 100%) | |
file193.34.69.245 | XWorm botnet C2 server (confidence level: 100%) | |
file185.196.8.252 | Remcos botnet C2 server (confidence level: 100%) | |
file184.174.20.230 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file185.246.220.123 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file109.111.167.229 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file156.247.40.163 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file156.247.40.163 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file185.253.45.68 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file208.123.119.237 | Sliver botnet C2 server (confidence level: 75%) | |
file213.232.235.77 | Havoc botnet C2 server (confidence level: 75%) | |
file217.216.32.194 | DCRat botnet C2 server (confidence level: 75%) | |
file52.223.20.135 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file52.223.38.68 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file74.62.163.29 | BianLian botnet C2 server (confidence level: 75%) | |
file121.4.92.72 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file158.247.239.180 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file158.94.210.195 | Remcos botnet C2 server (confidence level: 100%) | |
file104.250.169.110 | Remcos botnet C2 server (confidence level: 100%) | |
file38.29.212.164 | Sliver botnet C2 server (confidence level: 100%) | |
file54.145.56.188 | Unknown malware botnet C2 server (confidence level: 100%) | |
file82.115.6.29 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file45.61.157.210 | Crimson RAT botnet C2 server (confidence level: 100%) | |
file13.223.172.177 | Nimplant botnet C2 server (confidence level: 100%) | |
file130.12.182.211 | Kaiji botnet C2 server (confidence level: 100%) | |
file43.201.31.91 | Meterpreter botnet C2 server (confidence level: 100%) | |
file3.137.177.198 | Meterpreter botnet C2 server (confidence level: 100%) | |
file16.62.60.254 | Meterpreter botnet C2 server (confidence level: 100%) | |
file3.147.36.86 | Meterpreter botnet C2 server (confidence level: 100%) | |
file13.58.205.152 | Meterpreter botnet C2 server (confidence level: 100%) | |
file15.160.67.9 | Meterpreter botnet C2 server (confidence level: 100%) | |
file51.44.82.163 | Meterpreter botnet C2 server (confidence level: 100%) | |
file13.61.143.40 | Meterpreter botnet C2 server (confidence level: 100%) | |
file16.176.202.160 | Meterpreter botnet C2 server (confidence level: 100%) | |
file18.169.188.242 | Meterpreter botnet C2 server (confidence level: 100%) | |
file45.83.31.58 | Remcos botnet C2 server (confidence level: 100%) | |
file46.38.238.27 | Sliver botnet C2 server (confidence level: 90%) | |
file3.65.34.6 | Unknown malware botnet C2 server (confidence level: 100%) | |
file77.110.102.45 | Hook botnet C2 server (confidence level: 100%) | |
file8.130.14.229 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.203.219.44 | Unknown malware botnet C2 server (confidence level: 100%) | |
file35.166.65.146 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.127.221.134 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.15.174.84 | Unknown malware botnet C2 server (confidence level: 100%) | |
file196.251.107.104 | RedLine Stealer botnet C2 server (confidence level: 75%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash443 | Unknown Stealer botnet C2 server (confidence level: 100%) | |
hash443 | Remcos botnet C2 server (confidence level: 100%) | |
hash81 | Mirai botnet C2 server (confidence level: 80%) | |
hash80 | Stealc botnet C2 server (confidence level: 100%) | |
hash10086 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash5555 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Stealc botnet C2 server (confidence level: 100%) | |
hash80 | Stealc botnet C2 server (confidence level: 100%) | |
hash13530 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash18444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1997 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash55990 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash3371 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash80 | Stealc botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2001 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | BitRAT botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash60055 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash36150 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash8443 | BianLian botnet C2 server (confidence level: 75%) | |
hash443 | DanaBot botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash5178 | N-W0rm botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash18585 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash2086 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4433 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash10443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash20080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash8888 | DCRat botnet C2 server (confidence level: 100%) | |
hash2455 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash6666 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8888 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash6666 | NjRAT botnet C2 server (confidence level: 66%) | |
hash80 | Amadey botnet C2 server (confidence level: 100%) | |
hash7704 | PureLogs Stealer botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash17162 | Sliver botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash47001 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash1961 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash40911 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash51686 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash666 | XWorm botnet C2 server (confidence level: 100%) | |
hash443 | XWorm botnet C2 server (confidence level: 100%) | |
hash2430 | Remcos botnet C2 server (confidence level: 100%) | |
hash4449 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash1912 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash6666 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8888 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | Sliver botnet C2 server (confidence level: 75%) | |
hash8443 | Havoc botnet C2 server (confidence level: 75%) | |
hash2096 | DCRat botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash80 | BianLian botnet C2 server (confidence level: 75%) | |
hash5000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2405 | Remcos botnet C2 server (confidence level: 100%) | |
hash5671 | Remcos botnet C2 server (confidence level: 100%) | |
hash8080 | Sliver botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1080 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash1717 | Crimson RAT botnet C2 server (confidence level: 100%) | |
hash80 | Nimplant botnet C2 server (confidence level: 100%) | |
hash808 | Kaiji botnet C2 server (confidence level: 100%) | |
hash55615 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash44292 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash56116 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash5655 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash6699 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash8001 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash10443 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash8089 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash443 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash2082 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash2520 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 90%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Hook botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4444 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1912 | RedLine Stealer botnet C2 server (confidence level: 75%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://cdn.jsdelivr.net/gh/ws40-delta-xchg-fab8/23phys-step2-det-sim/asset-mgr11 | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://mebelinki.ru/xamster.html | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://kinugort.ru/xhamster.html | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttp://astrologickeconoablos.cc:8080/updater?for=e0cd6a53d52a08539a9787e388ff1d3b | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://172.86.66.132 | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://159.198.75.187 | Stealc botnet C2 (confidence level: 100%) | |
urlhttps://cdn.jsdelivr.net/gh/brush-tablet-win7/tg-sector-add/dare | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://www.appleslicesllc.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttp://118.31.168.221:80/iqqr | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttps://medhrrst.com/1h6f.js | KongTuke payload delivery URL (confidence level: 100%) | |
urlhttps://medhrrst.com/js.php | KongTuke payload delivery URL (confidence level: 100%) | |
urlhttp://139.155.247.44:60055/ht7j | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttps://stm.agfoodpos.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://tenoro.mobilefoundationrepair.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://hrm.yago.fun/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://77.42.48.196/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://195.201.47.94/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://192.177.26.99/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://138.226.237.208/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://77.42.48.198/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://138.226.237.209/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://77.42.48.193/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://77.42.49.41/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://77.42.48.192/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://77.42.48.194/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://138.226.237.210/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://89.223.95.83:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://101.200.86.142:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://77.110.102.149 | Stealc botnet C2 (confidence level: 100%) | |
urlhttps://cdn.jsdelivr.net/gh/brush-tablet-win7/tg-sector-add/done | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://winnheiser.com/5f3s.js | KongTuke payload delivery URL (confidence level: 100%) | |
urlhttps://winnheiser.com/js.php | KongTuke payload delivery URL (confidence level: 100%) | |
urlhttps://imbalanceposib.com/logout/profile-bundle.php | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://imbalanceposib.com/logout/public-fetch.js | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttp://79.141.160.151/token | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://lightspreme.com/token | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://79.141.160.151/proxy | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://prospectorplumbing.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://ddy.yago.fun/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://elevor.mobilefoundationrepair.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://lacevcnt.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://cdn.jsdelivr.net/gh/fxd2-tickstep-sim-loop10/strm-asset-cache28/scene | ClearFake payload delivery URL (confidence level: 100%) |
Threat ID: 69716d324623b1157cf762b5
Added to database: 1/22/2026, 12:20:02 AM
Last enriched: 1/22/2026, 12:20:18 AM
Last updated: 2/7/2026, 2:33:34 PM
Views: 246
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Sort by
Loading community insights…
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery
MediumMalwareSat Feb 07 2026
ThreatFox IOCs for 2026-02-06
MediumMalwareSat Feb 07 2026
ThreatFox IOCs for 2026-02-05
MediumMalwareFri Feb 06 2026
Technical Analysis of Marco Stealer
MediumMalwareThu Feb 05 2026
New Clickfix variant 'CrashFix' deploying Python Remote Access Trojan
MediumMalwareThu Feb 05 2026
Actions
PRO
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Please log in to the Console to use AI analysis features.
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.