Reconnecting to live updates…

ThreatFox IOCs for 2026-02-03

Severity: mediumType: malware

AI Analysis

Technical Summary

This entry from the ThreatFox MISP feed dated 2026-02-03 provides a collection of Indicators of Compromise (IOCs) related to malware activities, specifically focusing on OSINT (Open Source Intelligence) techniques, network activity, and payload delivery mechanisms. The data lacks detailed technical specifics such as affected software versions, exploit methods, or payload characteristics. The threat is categorized under malware with a medium severity rating and tagged with TLP:WHITE, indicating it is intended for broad sharing without restrictions. No patches or known exploits in the wild are reported, suggesting this is an intelligence update rather than an active, widespread threat. The technical details include a threat level of 2 and distribution level of 3, implying moderate concern and some degree of dissemination. The absence of CWEs and specific indicators limits the ability to perform targeted defensive actions. This information is primarily useful for threat intelligence analysts to enrich their situational awareness and update detection signatures or behavioral analytics accordingly.

Potential Impact

Given the lack of specific affected products or exploit details, the direct impact on European organizations is currently limited. However, the presence of OSINT-related network activity and payload delivery indicators suggests potential reconnaissance or early-stage intrusion attempts that could precede more severe attacks. European entities involved in critical infrastructure, government, or sectors with high-value data could be indirectly impacted if these IOCs correlate with targeted campaigns. The medium severity rating reflects moderate risk, primarily due to the potential for these indicators to inform or enable future attacks rather than immediate compromise. Without known exploits or active campaigns, the immediate confidentiality, integrity, and availability risks remain low but warrant monitoring.

Mitigation Recommendations

Organizations should integrate these IOCs into their existing threat intelligence platforms and security monitoring tools to enhance detection capabilities. Network traffic should be analyzed for any matches to the provided indicators, focusing on unusual OSINT-related activities and payload delivery patterns. Endpoint detection and response (EDR) solutions should be updated to recognize behaviors associated with these IOCs. Regular threat intelligence sharing with industry peers and national cybersecurity centers can improve collective awareness. Since no patches are available, emphasis should be placed on proactive monitoring, anomaly detection, and incident response preparedness. Training security teams to recognize early signs of reconnaissance and payload delivery attempts can reduce the risk of escalation. Finally, organizations should validate their network segmentation and access controls to limit potential lateral movement if an intrusion attempt is detected.

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy

Indicators of Compromise

file: 150.241.83.5
hash: 80
domain: hungry-pixel.com
url: https://lazaniaabstract.com/86e134dc3955440b.php
domain: lazaniaabstract.com
file: 104.248.130.195
hash: 7491
url: http://89.223.95.97:8888/supershell/login/
url: https://soulversr.com/1d2g.js
domain: soulversr.com
url: https://soulversr.com/js.php
url: https://tiapolif.com/tenant/redirect-effect.php
domain: tiapolif.com
url: https://tiapolif.com/tenant/dashboard-thread.js
url: http://193.111.208.17/metrics
url: https://verotibet.com/metrics
url: https://193.111.208.17/logger
file: 23.94.252.101
hash: 7004
domain: ingodgracebabyangelgivenblesswellwithmyl.duckdns.org
domain: itallgrealomeirac.duckdns.org
domain: greatmindzcroll.duckdns.org
domain: plattwistinit.duckdns.org
domain: x1egreatmindzcroll.duckdns.org
domain: x1eplattwistinit.duckdns.org
file: 185.208.156.187
hash: 8309
file: 192.109.139.158
hash: 37171
file: 161.248.178.224
hash: 2526
file: 216.126.225.121
hash: 80
domain: sbwur1.top
domain: gecdfcjcbcmmakk.top
file: 64.52.80.153
hash: 80
domain: nwk.skjeelancipla.com.lk
url: https://www.rigogabriele.it/
domain: registration-irc.gl.at.ply.gg
file: 147.185.221.212
hash: 40190
file: 192.109.200.60
hash: 3778
file: 107.163.56.249
hash: 18530
file: 107.163.56.250
hash: 18963
url: https://one-safe.io/
url: https://cz-douyin.com/
file: 81.70.102.138
hash: 9999
url: https://kolscan.fi/
file: 185.241.211.11
hash: 2404
file: 104.250.169.100
hash: 29811
file: 192.248.184.13
hash: 80
file: 148.113.55.238
hash: 8000
file: 47.115.175.62
hash: 4321
file: 199.101.111.189
hash: 3790
file: 40.176.41.226
hash: 49152
file: 199.101.111.142
hash: 3790
file: 199.101.111.113
hash: 3790
file: 79.137.72.182
hash: 1337
file: 178.16.53.17
hash: 80
hash: 2d3769a8db9e187765c690c6070c9a37343f31e0
hash: 6a25cf8ca25379e296985987ab0836301ee6e255868ef013276ba8e360cceb33
hash: 662b5ce37b3e1f271dc24973a0c4fc4f
hash: d8add360140a9ba5355bd6eff68035569b7e3c11
hash: 750d0ef6eaaac00190a10d38493cf765fcb9a9076ecf4d52ca356af4a650585f
hash: 99c0992338796dc80d99a0fba3797b38
hash: a2d94dcdb8797ef93dc1c6ebbaa3271b11f1b225
hash: 6245e67431904902ef9e3e15ab69ea9e77fdf5541b3916ebc7593295bf3bee21
hash: 07c59ea0d9dfe8f02c9396ed2c2c4e6a
hash: b5b891856155775874600ab9a66cdd54686bac68
hash: 42bee2b9b2885a5acfdbc34921ad07507bee945be5c2852924d39363f6aec018
hash: 3737dc4aab252d95656a4830cad1eac7
hash: f4a6f6e327ebaaf133d45c82b89adad0ee4b93f6
hash: 515bbef4ce21e056dc31c85364a95a4d0ae71f18772388b54121e5bcccfe604c
hash: 5e1d30dcd0e377259a0e68a0e8094c5f
hash: a835875290dda1bc54ccab44c5703bb44a186df5
hash: c8eb6d4091e97a8135c0a6d0cc5252a6767c81b0fc389b18479c605071f06a58
hash: fb0e4782b8c2527a782030b0ebba13f2
hash: 70a68edce3e3ce9b9634066be4dfe2ef9e9e60cb
hash: d1e71435f06bfd9fd597c8310db325e7adf17b5597f8badd7c4fdf52470b7bcb
hash: f75cf32818d7d5f1e937a8e1641be79e
hash: 93360905074f64342dafabda7047c7674188667e
hash: 3b27d463f3148ebc05e007b41b6169aa16bbc560bde0dbdbe64952bd65f8b447
hash: 6d2f5a35ddeb7d9cbf6e555273a8adc3
hash: 62f4b2bdbad4207ecc6202ce327c59b949fe15be
hash: 444dca0bcda9d7e51e4c7cc5b6f9a5659570e8fe7ee4a12b96c7df612aea8cf5
hash: 393c0c6cfd4efc84619776473d17388b
hash: 84d2316f366aedc44d664512f50d960b4b5089d4
hash: fc3c2a710caa8687d973ac7fbba52d41d4801b5e57cf3044d835416f5f6f937d
hash: 3ee93313340e329c78df37bbf338c0a2
hash: ac002b3d9928eaaa3bf0d408a25e93247f093ec6
hash: ec40047cc883d67c80601068335be848122b8040429b3503ee4cbae4a3215d02
hash: 95b66d8ed7f041ea71979d5c727cdca5
hash: ba783b756ff3f997efcdd044e37518def8466b50
hash: 9e2fc40e94812b79eec64dab1bbc821bed2e7bb6475e08a991e942d79be313cf
hash: 04e293515996a53ddd8896531be7fc68
hash: 86ed566c45c5209177ff4d174fa27f7f1b605552
hash: 04e4ab0b983a9011303db7fb009d3053280297453de5e3f4cd231ef08476b2c4
hash: cbd1abb56425b90d45e7a6badf20f31c
hash: 4dbcc3b04d186f4d897a2b82f6baa942d0b608c7
hash: b64d2d8af29d85f7d379f8face0483badd39a9428d87495295bd3160879bae58
hash: b9eb4e6a1359ec048322ed53fc4ea920
hash: 4893e31dc9c2e64365195e759df7b1965ac5ebfc
hash: 23923939b58632d55784976d9af392d0fe260f7e6f8b92f3e8d2757f79c69e9c
hash: 3096c748b77bf770177fa2a09192df92
hash: 5e2f0d877737becef9e710281fca4bf2f855c979
hash: 803b90be4767757819d2be13b6d6a36d1af1383495a31a5932cfd50bacb4c717
hash: 8c3c29cb36b47392edcd52c5aa540a62
hash: 6652cf491ed9992eb2f3af23e9641cd987096280
hash: 3b22605244dbace8f0c07c2c599f88c4b831bb07e9998b869a5da2759d27ceec
hash: 0ef9f39b2685b42c78fc6859498b29bf
hash: ffa1d68aadb56ce8e619f3311bd6832ef1861dde
hash: a52e8ef3634a8303ea3937ebddad4cc062851781c3cd15cd852224e9a3fdf801
hash: 0c77372f939c3ccba897629cfb3c4260
hash: 7e18b4062aed11a39897f72b9a1a4e62b9768adc
hash: eb912f9bb9d6a6aa2d145c982cc1e8c33245b735d993849c034fe6bf409b4f08
hash: fcc663cbd99402d200e8606fbe90fdb7
hash: 382148ae4418ddc3eda4468620f9a24c5a75cb6c
hash: 7533f1fe98a621cc45b7ebe6f19723581b990e4868025d40f3d28a888b24815e
hash: d84e79918017cf50461181103b6aeb3a
hash: e2696e16eaba446b89b9dd8657b0f9497d36553d
hash: c5b77d7de8423b4fbac74a07b36853359ca4f7f7c0d55c73ef5c76102c223abb
hash: d3a009dc9eace9ce1d90428afcb22980
hash: 5682a3b1dcf04945ceabc54e7c86743b41c4b179
hash: ddaae439820a0df5411341c2354443fdf010a3ba8640aa78706e7d0386cb1281
hash: 2bd3ed808e3c3821bafacc9ebc95c51d
hash: fd352aae3c3dc6d5cd0443fe83accd2210acf930
hash: e031af5926d10740e35aec1507d43d560689edbcf2d4bc91175a9fe391d63493
hash: 2e5579b2dd3166b16b0357e667456b20
hash: 6ac5cba012cdaad136c867c339daa6a47a3f44ec
hash: 71b2457ddc24360563eb07fe7fac84203c695dcf726d1a1f91028b86f2b9a232
hash: 56678c91675f27edfcb9a04c6870f1a9
hash: 966cd6652df454b473eb99e62b12abf6ffcc8c66
hash: 2859d03275e290dd9870a6e2f0db9d00c3219c766ae57d5b885b118b44d52ab6
hash: 79001a2413f05451231b20bafc160974
hash: 8338359ad0ee947006aaae5a7786ece35ddf919c
hash: 19edf8e473310efee3dcde577c3e76d8f215c1bba6815ffe3952b5001e978c4a
hash: 6cf21ad08327011f511ec435615abc80
hash: 31f578c8d2d51bc91b7dfe4d663cb0ad079d5869
hash: d2aa40cc53b40c6e76ac0677c4a54387b3f27ee94c85d9b2c3a3d66aeef92a66
hash: f0cfe3559bf988d4477a6ac2bcc6c025
hash: 8cb33bd33b3bc6938a7c5f0f0e42928db4fd4c55
hash: 8e428ed7bec47c35783cca6568a6a8f8d5229669d1cce764d30ecac9ff9c28d4
hash: ea06fcf8cc00700003b61556d3c23e47
hash: ba4da717a43001f1bc14b204608749dd84d81e3c
hash: 897221ef7bedd400fc45ef4ebdb769c7993836942e77be5c5c34687eaf345bfc
hash: 1b7be3e24bef996b5e313aedf478815a
hash: 607939122d81561cb9f30f2e2597c43fa8429ac6
hash: e53905be786890e707d3afe844cbb853b3b5db4f52768df923ac867a2659c3b1
hash: 61e28f4ff02967cb647563eae9d00240
hash: 2b43d75bc993fec1d95565e9969396b7b18e2bc2
hash: 65ca5368c87b5c53a24995aa3bb88240abf1766e2fd013ad10756e5006be286c
hash: d2803e05ab535bbbd07d270bb773da36
hash: 35d399c97200bd5e9164ae609b833c8d57973e20
hash: 8109a0528091c8be7fc71e941604672f1cfba50a020c9b4fce74be6e092764f4
hash: 3b1c10d10b05b1a5ecac045e9a33528d
hash: 82eb07bd7d2563ce6d81316b0c7a05bdea1b9fb7
hash: 53b4317fd9a0cf301121a76a516891ce941588e2b372a82324e36eea5ee3f91e
hash: 4b06a8ccd7ebba7d2cc1be5c51f73322
hash: 70ad4d4d8b030e6b01e79f5c8eaad8ed78224675
hash: 02eb6ea3994a71eb9d32762d30acfc9f2c38e2fd118043154f6223c10760eb37
hash: 21cdb58878f55efcaea679d6e63cd598
hash: 350bbd062928159fd66b9f2b12d5c92e6346e7ec
hash: f3730bbe90b59245b9b2b89e3832740a2b4af47069a0feca33ea24a2dedf0b30
hash: 0e8f8276095bbba8b9081cfc2ccb6245
hash: 487579dd590ce480b00e313af3a14f8038c10c6a
hash: a6af4e14a3086a8162a66438071338274f45a88d46a338641370b36f106bd5cf
hash: 6de2c93b0a790c97e8ebec543be57e5b
hash: 5ca76b184c18c4fbfb2b8120d15b944ff7c8f1c3
hash: 8bcaf5c18012ea57704cf548cc1173e10fd713712f4feba765cff7c3de7ca562
hash: 5c0b20599f478d93669d0f3dbe7b33b2
hash: 6f021aeb09169b124b33219412728a7f84a54b75
hash: 82b795d65531b63826ec1fc09e573bf979a504f59d53900080def0664c65c7ca
hash: b1279f60a50b5b1be0e980280955c9c5
hash: 0d24a68a767b9b9e15cecc8d78825edeb447f097
hash: 0cfa3d1a5a9e9d690c0148510644037d671d81b8f946f6eb84227be5da8e547f
hash: 46727cbc255133532210441f03729590
hash: e3eb5cec5b797ca57a0d3623be260d8892027edc
hash: 1df915c3b94f07f34bff1999b401d7c94f28f9819f0672f1c4a198ac3988fd85
hash: ddeca559be3c17f0836edc0003d39a3f
hash: f6c39866ea865c34f1e905e89363ab214751a0c3
hash: f329ade7acaccdeba215c1536adae0ba70139cffb3a54bc88aaf5c94c59b80f8
hash: b0d14b9122162317819068784713ce4d
hash: 5efd595a0ef7ea94805cdb4ac03d6f761c57b13b
hash: 8e38198bcce6cc847a01097346a2f6107e6024f8915a07449a41cd56d6ff5f97
hash: 481a09d4a6495fbf354a79e80e3fc740
hash: d7cb1ea3e85f287e282a62e024ab793be8ef95f4
hash: beb5be0886c5ac59c8d5393133817faad4b675fb6f70001d85e973d16240b2da
hash: f7fd140d7756246cb6aa6965fbfdf0f6
hash: aa8ed9012bc9da5d3e6c041fc7a0b37d6ac61c1d
hash: 86cb89401b80e923b1d19dffd71fa321dc37eb493663022ad8261912e8057950
hash: 0c5d42bd2bf429e908af82a9446d6bf5
hash: 63a4d5ca879ee9d9d7ed87ee7b38f49e3b166809
hash: afcdbc0601ee16277b87a5423f5e66a03c7791c14e2eb191e45153a89a332160
hash: fad283c76752fb88c79a07350949941e
hash: ea0140b3c340e7e9afca92790d400f8621d1287e
hash: 32dfd2da4ddf170fdd60124c4519bd3cfb610f4985a475bae08034b328ea44bc
hash: 4676a49a8ad43b10839bb6746d6dbfb5
hash: 33b81dad0c0b88d47c1c338c0ee745f4db609e1d
hash: 1a02d4a56ef56f7ba31fcc43d55f1a6e1e39104c71d13a54656ac1e680e1ade4
hash: 197fb96776a16eb20ac52a8ce04211c4
hash: 59933ad22c7a0dc52f82c8e498f7965334b892ae
hash: e13c5cb9836c68ff4c9ec90667c7df43c8ed528b52657d2cff58192a558fbfa5
hash: d9b21e70d0760151c8bcc53a63e97043
hash: 0e1feca3c06bb88bb3b568c1710aaae1def5921b
hash: b7534f156389d7a9fc56b628ca677bea08a0e6443c9b238f400120ec7c855699
hash: c6a255004e9032cc25c1ee9effcfb71d
hash: fb25f2a7f30702e1468672fba96364f8a3b2e078
hash: 006622b9cb14dd2dc52f7f52e800f6a4da24330f4102810b86c414f843846752
hash: ff30f057f0b05bd446ec9ca783efbe5f
hash: 6025a377babdd7118842dea7ae34c4c9d4533ff0
hash: 1917e8bd822e538b9a6b57eb528fd6d368c77121393768af6b55fb887fc68704
hash: 8ef48c5ace837c7eec40b6c59f1fd5f9
hash: c3d1a2be343fbb074d614b668754eb6f49934118
hash: f1dbb997cdececaf2f806b99f0d7ccc29c0fdf48fed7d0af954ec89132f35be1
hash: 53ba1879e257642116da1cdfa862873e
hash: fef815c368d917956e7ab7d2da760cbcb675857e
hash: 18e3e144123d157ae8903a925d46d1c65c0e1a91ba944775e698d8d5bbaa9a05
hash: d1e74039eca8decf9f71a8029e2b1620
url: http://178.16.53.17/6a62807f4d61401b.php
file: 192.140.176.79
hash: 12124
file: 194.59.31.214
hash: 443
file: 46.137.227.63
hash: 5678
file: 213.152.162.69
hash: 5580
domain: ale.skjeelancipla.com.lk
url: https://37.27.166.238/
url: http://124.222.137.114:9999/3yzr31vk
file: 1.229.183.193
hash: 9646
file: 47.242.248.75
hash: 8443
file: 47.83.171.215
hash: 8443
file: 164.92.188.212
hash: 443
file: 45.79.252.31
hash: 8080
file: 199.101.111.185
hash: 3790
file: 199.101.111.199
hash: 3790
file: 199.101.111.104
hash: 3790
url: https://cdn.jsdelivr.net/gh/www1day7/msdn/flash
file: 85.198.98.75
hash: 443
file: 194.105.5.194
hash: 4782
file: 23.133.4.3
hash: 6666
file: 23.133.4.3
hash: 7777
file: 197.223.131.83
hash: 37215
file: 197.216.230.83
hash: 37215
file: 156.97.95.40
hash: 37215
file: 197.148.239.82
hash: 37215
url: tftp://123.240.130.115/.i
file: 217.138.204.39
hash: 59713
file: 217.138.204.39
hash: 63477
file: 197.105.143.39
hash: 37215
file: 197.40.234.39
hash: 37215
file: 156.156.188.57
hash: 37215
domain: excellentxtrablessings.duckdns.org
file: 123.173.105.71
hash: 4567
file: 123.56.226.71
hash: 443
file: 51.79.251.70
hash: 443
file: 149.129.37.105
hash: 30002
file: 192.140.161.160
hash: 8088
file: 195.88.191.66
hash: 80
file: 77.90.185.30
hash: 8888
file: 185.202.239.150
hash: 7443
file: 103.177.47.157
hash: 3790
file: 103.177.47.173
hash: 3790
file: 58.244.40.231
hash: 10001
file: 103.177.47.190
hash: 3790
file: 103.177.46.55
hash: 3790
file: 40.192.110.129
hash: 2787
file: 103.177.47.188
hash: 3790
file: 103.177.47.184
hash: 3790
file: 91.215.85.116
hash: 433
file: 123.56.226.71
hash: 80
file: 38.14.194.14
hash: 8081
file: 64.40.154.72
hash: 56001
domain: invesrting.com
url: https://invesrting.com/ledger/270653f862f0ee21dce0a46e4801ec28db4ddc77b6fba9341b1b8db29909c514
file: 140.179.46.209
hash: 443
file: 54.223.153.157
hash: 443
file: 39.109.116.99
hash: 4431
file: 45.125.12.193
hash: 7777
file: 47.84.192.58
hash: 6666
file: 47.236.25.25
hash: 8002
file: 47.236.30.178
hash: 9999
file: 47.236.36.201
hash: 6666
file: 47.236.232.206
hash: 8006
file: 82.156.3.214
hash: 6666
file: 103.39.210.36
hash: 8087
file: 115.190.205.255
hash: 6666
file: 121.127.253.202
hash: 8086
domain: ebemvsextiho.com
url: http://198.251.89.171/7fca4b626244404d.php
file: 45.137.22.233
hash: 55615
domain: awa.eu.com
domain: dwo.uk.com
domain: hitclub.br.com
domain: hitclub.se.net
domain: hitclub9.us.com
domain: perugia.it.com
file: 102.117.172.91
hash: 7443
file: 98.93.238.205
hash: 443
file: 166.88.99.211
hash: 8848
domain: www.support.asseryassin.com
file: 193.161.193.99
hash: 39469
domain: babyfrage.de.com
domain: nqlw.cn.com
domain: sunwin1.cn.com
domain: sunwin2.us.com
domain: sunwins.jpn.com
file: 27.124.45.26
hash: 9090
domain: made-recruitment.gl.at.ply.gg
domain: makeway3.hopto.org
file: 202.95.6.158
hash: 443
file: 192.109.139.158
hash: 2404
file: 43.139.226.160
hash: 1234
file: 45.150.34.162
hash: 8888
file: 139.199.160.80
hash: 31310
file: 18.229.159.26
hash: 4840
file: 44.204.50.56
hash: 3517
file: 13.57.15.213
hash: 9999
file: 107.21.146.177
hash: 1913
file: 35.183.106.195
hash: 2083
domain: lotte.co.com
domain: www.hit-club.co.com
url: http://138.226.237.80
domain: zertsqaure-39469.portmap.host
domain: yh.lixiaohua.top
file: 176.65.144.253
hash: 7771
file: 20.246.105.74
hash: 7772
file: 172.203.250.171
hash: 8000
domain: new.sys-update.online
file: 192.236.154.155
hash: 443
file: 51.79.251.70
hash: 80
url: https://monseftq.com/5f7b.js
domain: monseftq.com
url: https://monseftq.com/js.php
url: https://www.support.asseryassin.com/
domain: tribadu.cyou
url: https://payinty.com/4s4m.js
domain: payinty.com
url: https://payinty.com/js.php
domain: my.mikalprice.com
url: https://tribadu.cyou/api
domain: dutchfj.cyou
domain: eldesty.cyou
domain: scarfkn.cyou
domain: sponges.cyou
url: http://192.248.184.13/pages/login.php
file: 103.101.85.39
hash: 80
file: 23.226.58.236
hash: 50912
file: 39.105.101.252
hash: 18443
domain: license.eurokassa.com
file: 3.8.204.222
hash: 443
file: 45.150.34.162
hash: 7777
file: 47.129.255.190
hash: 12322
file: 47.129.255.190
hash: 37122
file: 43.208.75.16
hash: 11101
file: 54.160.156.7
hash: 80
file: 156.254.21.227
hash: 6666
file: 43.161.219.60
hash: 10000
file: 79.137.196.232
hash: 6000
url: https://cdn.jsdelivr.net/gh/relight-73-unsigned/coolray/nmo
url: https://cdn.jsdelivr.net/gh/stp26det/eval80/physx
url: https://dameagm.cyou/api
file: 31.40.204.24
hash: 2026
file: 158.94.209.160
hash: 5600
domain: pirobelen.ydns.eu
domain: pirobelenbk.ydns.eu
file: 112.213.106.52
hash: 6666
file: 112.213.106.52
hash: 8888
file: 112.213.106.52
hash: 80
domain: recode v5.6
file: 117.85.64.29
hash: 10250
file: 178.16.53.173
hash: 443
file: 195.158.9.227
hash: 9100
file: 23.105.196.2
hash: 2053
file: 41.40.113.25
hash: 3737
file: 45.56.68.27
hash: 9201
file: 62.96.68.69
hash: 443
file: 47.92.147.45
hash: 443
file: 104.143.47.56
hash: 8322
domain: ltnhez.sa.com
domain: simplifycrm.it.com
domain: waike.cn.com
domain: api.wiresguard.com
domain: api.skycloudcenter.com
file: 59.110.7.32
hash: 8880
file: 23.235.182.111
hash: 50912
file: 156.234.94.197
hash: 50912
file: 103.106.189.90
hash: 80
file: 47.83.175.95
hash: 8443
file: 193.178.170.155
hash: 443
file: 102.204.223.155
hash: 8888
file: 167.172.173.18
hash: 4782
file: 51.20.107.164
hash: 443
file: 108.136.118.66
hash: 2375
file: 108.160.131.117
hash: 60000
domain: ultradatahost1.cfd
domain: maclinkgo.com
domain: macsharego.com
domain: safetransfer14.com
domain: maclinkon.com
domain: macshareup.com
domain: macspeedx.com
domain: macuplum.com
domain: macpathy.com
domain: macuplink.com
domain: quicksend10.com
domain: support.asseryassin.com
url: https://cdn.jsdelivr.net/gh/stp26det/eval80/net2
file: 46.28.71.176
hash: 443
file: 117.72.68.211
hash: 8000
file: 45.56.68.27
hash: 8443
file: 5.59.248.53
hash: 8080

ThreatFox IOCs for 2026-02-03

Severity: medium

Type: malware

ThreatFox IOCs for 2026-02-03

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy

Indicators of Compromise

file: 150.241.83.5
hash: 80
domain: hungry-pixel.com
url: https://lazaniaabstract.com/86e134dc3955440b.php
domain: lazaniaabstract.com
file: 104.248.130.195
hash: 7491
url: http://89.223.95.97:8888/supershell/login/
url: https://soulversr.com/1d2g.js
domain: soulversr.com
url: https://soulversr.com/js.php
url: https://tiapolif.com/tenant/redirect-effect.php
domain: tiapolif.com
url: https://tiapolif.com/tenant/dashboard-thread.js
url: http://193.111.208.17/metrics
url: https://verotibet.com/metrics
url: https://193.111.208.17/logger
file: 23.94.252.101
hash: 7004
domain: ingodgracebabyangelgivenblesswellwithmyl.duckdns.org
domain: itallgrealomeirac.duckdns.org
domain: greatmindzcroll.duckdns.org
domain: plattwistinit.duckdns.org
domain: x1egreatmindzcroll.duckdns.org
domain: x1eplattwistinit.duckdns.org
file: 185.208.156.187
hash: 8309
file: 192.109.139.158
hash: 37171
file: 161.248.178.224
hash: 2526
file: 216.126.225.121
hash: 80
domain: sbwur1.top
domain: gecdfcjcbcmmakk.top
file: 64.52.80.153
hash: 80
domain: nwk.skjeelancipla.com.lk
url: https://www.rigogabriele.it/
domain: registration-irc.gl.at.ply.gg
file: 147.185.221.212
hash: 40190
file: 192.109.200.60
hash: 3778
file: 107.163.56.249
hash: 18530
file: 107.163.56.250
hash: 18963
url: https://one-safe.io/
url: https://cz-douyin.com/
file: 81.70.102.138
hash: 9999
url: https://kolscan.fi/
file: 185.241.211.11
hash: 2404
file: 104.250.169.100
hash: 29811
file: 192.248.184.13
hash: 80
file: 148.113.55.238
hash: 8000
file: 47.115.175.62
hash: 4321
file: 199.101.111.189
hash: 3790
file: 40.176.41.226
hash: 49152
file: 199.101.111.142
hash: 3790
file: 199.101.111.113
hash: 3790
file: 79.137.72.182
hash: 1337
file: 178.16.53.17
hash: 80
hash: 2d3769a8db9e187765c690c6070c9a37343f31e0
hash: 6a25cf8ca25379e296985987ab0836301ee6e255868ef013276ba8e360cceb33
hash: 662b5ce37b3e1f271dc24973a0c4fc4f
hash: d8add360140a9ba5355bd6eff68035569b7e3c11
hash: 750d0ef6eaaac00190a10d38493cf765fcb9a9076ecf4d52ca356af4a650585f
hash: 99c0992338796dc80d99a0fba3797b38
hash: a2d94dcdb8797ef93dc1c6ebbaa3271b11f1b225
hash: 6245e67431904902ef9e3e15ab69ea9e77fdf5541b3916ebc7593295bf3bee21
hash: 07c59ea0d9dfe8f02c9396ed2c2c4e6a
hash: b5b891856155775874600ab9a66cdd54686bac68
hash: 42bee2b9b2885a5acfdbc34921ad07507bee945be5c2852924d39363f6aec018
hash: 3737dc4aab252d95656a4830cad1eac7
hash: f4a6f6e327ebaaf133d45c82b89adad0ee4b93f6
hash: 515bbef4ce21e056dc31c85364a95a4d0ae71f18772388b54121e5bcccfe604c
hash: 5e1d30dcd0e377259a0e68a0e8094c5f
hash: a835875290dda1bc54ccab44c5703bb44a186df5
hash: c8eb6d4091e97a8135c0a6d0cc5252a6767c81b0fc389b18479c605071f06a58
hash: fb0e4782b8c2527a782030b0ebba13f2
hash: 70a68edce3e3ce9b9634066be4dfe2ef9e9e60cb
hash: d1e71435f06bfd9fd597c8310db325e7adf17b5597f8badd7c4fdf52470b7bcb
hash: f75cf32818d7d5f1e937a8e1641be79e
hash: 93360905074f64342dafabda7047c7674188667e
hash: 3b27d463f3148ebc05e007b41b6169aa16bbc560bde0dbdbe64952bd65f8b447
hash: 6d2f5a35ddeb7d9cbf6e555273a8adc3
hash: 62f4b2bdbad4207ecc6202ce327c59b949fe15be
hash: 444dca0bcda9d7e51e4c7cc5b6f9a5659570e8fe7ee4a12b96c7df612aea8cf5
hash: 393c0c6cfd4efc84619776473d17388b
hash: 84d2316f366aedc44d664512f50d960b4b5089d4
hash: fc3c2a710caa8687d973ac7fbba52d41d4801b5e57cf3044d835416f5f6f937d
hash: 3ee93313340e329c78df37bbf338c0a2
hash: ac002b3d9928eaaa3bf0d408a25e93247f093ec6
hash: ec40047cc883d67c80601068335be848122b8040429b3503ee4cbae4a3215d02
hash: 95b66d8ed7f041ea71979d5c727cdca5
hash: ba783b756ff3f997efcdd044e37518def8466b50
hash: 9e2fc40e94812b79eec64dab1bbc821bed2e7bb6475e08a991e942d79be313cf
hash: 04e293515996a53ddd8896531be7fc68
hash: 86ed566c45c5209177ff4d174fa27f7f1b605552
hash: 04e4ab0b983a9011303db7fb009d3053280297453de5e3f4cd231ef08476b2c4
hash: cbd1abb56425b90d45e7a6badf20f31c
hash: 4dbcc3b04d186f4d897a2b82f6baa942d0b608c7
hash: b64d2d8af29d85f7d379f8face0483badd39a9428d87495295bd3160879bae58
hash: b9eb4e6a1359ec048322ed53fc4ea920
hash: 4893e31dc9c2e64365195e759df7b1965ac5ebfc
hash: 23923939b58632d55784976d9af392d0fe260f7e6f8b92f3e8d2757f79c69e9c
hash: 3096c748b77bf770177fa2a09192df92
hash: 5e2f0d877737becef9e710281fca4bf2f855c979
hash: 803b90be4767757819d2be13b6d6a36d1af1383495a31a5932cfd50bacb4c717
hash: 8c3c29cb36b47392edcd52c5aa540a62
hash: 6652cf491ed9992eb2f3af23e9641cd987096280
hash: 3b22605244dbace8f0c07c2c599f88c4b831bb07e9998b869a5da2759d27ceec
hash: 0ef9f39b2685b42c78fc6859498b29bf
hash: ffa1d68aadb56ce8e619f3311bd6832ef1861dde
hash: a52e8ef3634a8303ea3937ebddad4cc062851781c3cd15cd852224e9a3fdf801
hash: 0c77372f939c3ccba897629cfb3c4260
hash: 7e18b4062aed11a39897f72b9a1a4e62b9768adc
hash: eb912f9bb9d6a6aa2d145c982cc1e8c33245b735d993849c034fe6bf409b4f08
hash: fcc663cbd99402d200e8606fbe90fdb7
hash: 382148ae4418ddc3eda4468620f9a24c5a75cb6c
hash: 7533f1fe98a621cc45b7ebe6f19723581b990e4868025d40f3d28a888b24815e
hash: d84e79918017cf50461181103b6aeb3a
hash: e2696e16eaba446b89b9dd8657b0f9497d36553d
hash: c5b77d7de8423b4fbac74a07b36853359ca4f7f7c0d55c73ef5c76102c223abb
hash: d3a009dc9eace9ce1d90428afcb22980
hash: 5682a3b1dcf04945ceabc54e7c86743b41c4b179
hash: ddaae439820a0df5411341c2354443fdf010a3ba8640aa78706e7d0386cb1281
hash: 2bd3ed808e3c3821bafacc9ebc95c51d
hash: fd352aae3c3dc6d5cd0443fe83accd2210acf930
hash: e031af5926d10740e35aec1507d43d560689edbcf2d4bc91175a9fe391d63493
hash: 2e5579b2dd3166b16b0357e667456b20
hash: 6ac5cba012cdaad136c867c339daa6a47a3f44ec
hash: 71b2457ddc24360563eb07fe7fac84203c695dcf726d1a1f91028b86f2b9a232
hash: 56678c91675f27edfcb9a04c6870f1a9
hash: 966cd6652df454b473eb99e62b12abf6ffcc8c66
hash: 2859d03275e290dd9870a6e2f0db9d00c3219c766ae57d5b885b118b44d52ab6
hash: 79001a2413f05451231b20bafc160974
hash: 8338359ad0ee947006aaae5a7786ece35ddf919c
hash: 19edf8e473310efee3dcde577c3e76d8f215c1bba6815ffe3952b5001e978c4a
hash: 6cf21ad08327011f511ec435615abc80
hash: 31f578c8d2d51bc91b7dfe4d663cb0ad079d5869
hash: d2aa40cc53b40c6e76ac0677c4a54387b3f27ee94c85d9b2c3a3d66aeef92a66
hash: f0cfe3559bf988d4477a6ac2bcc6c025
hash: 8cb33bd33b3bc6938a7c5f0f0e42928db4fd4c55
hash: 8e428ed7bec47c35783cca6568a6a8f8d5229669d1cce764d30ecac9ff9c28d4
hash: ea06fcf8cc00700003b61556d3c23e47
hash: ba4da717a43001f1bc14b204608749dd84d81e3c
hash: 897221ef7bedd400fc45ef4ebdb769c7993836942e77be5c5c34687eaf345bfc
hash: 1b7be3e24bef996b5e313aedf478815a
hash: 607939122d81561cb9f30f2e2597c43fa8429ac6
hash: e53905be786890e707d3afe844cbb853b3b5db4f52768df923ac867a2659c3b1
hash: 61e28f4ff02967cb647563eae9d00240
hash: 2b43d75bc993fec1d95565e9969396b7b18e2bc2
hash: 65ca5368c87b5c53a24995aa3bb88240abf1766e2fd013ad10756e5006be286c
hash: d2803e05ab535bbbd07d270bb773da36
hash: 35d399c97200bd5e9164ae609b833c8d57973e20
hash: 8109a0528091c8be7fc71e941604672f1cfba50a020c9b4fce74be6e092764f4
hash: 3b1c10d10b05b1a5ecac045e9a33528d
hash: 82eb07bd7d2563ce6d81316b0c7a05bdea1b9fb7
hash: 53b4317fd9a0cf301121a76a516891ce941588e2b372a82324e36eea5ee3f91e
hash: 4b06a8ccd7ebba7d2cc1be5c51f73322
hash: 70ad4d4d8b030e6b01e79f5c8eaad8ed78224675
hash: 02eb6ea3994a71eb9d32762d30acfc9f2c38e2fd118043154f6223c10760eb37
hash: 21cdb58878f55efcaea679d6e63cd598
hash: 350bbd062928159fd66b9f2b12d5c92e6346e7ec
hash: f3730bbe90b59245b9b2b89e3832740a2b4af47069a0feca33ea24a2dedf0b30
hash: 0e8f8276095bbba8b9081cfc2ccb6245
hash: 487579dd590ce480b00e313af3a14f8038c10c6a
hash: a6af4e14a3086a8162a66438071338274f45a88d46a338641370b36f106bd5cf
hash: 6de2c93b0a790c97e8ebec543be57e5b
hash: 5ca76b184c18c4fbfb2b8120d15b944ff7c8f1c3
hash: 8bcaf5c18012ea57704cf548cc1173e10fd713712f4feba765cff7c3de7ca562
hash: 5c0b20599f478d93669d0f3dbe7b33b2
hash: 6f021aeb09169b124b33219412728a7f84a54b75
hash: 82b795d65531b63826ec1fc09e573bf979a504f59d53900080def0664c65c7ca
hash: b1279f60a50b5b1be0e980280955c9c5
hash: 0d24a68a767b9b9e15cecc8d78825edeb447f097
hash: 0cfa3d1a5a9e9d690c0148510644037d671d81b8f946f6eb84227be5da8e547f
hash: 46727cbc255133532210441f03729590
hash: e3eb5cec5b797ca57a0d3623be260d8892027edc
hash: 1df915c3b94f07f34bff1999b401d7c94f28f9819f0672f1c4a198ac3988fd85
hash: ddeca559be3c17f0836edc0003d39a3f
hash: f6c39866ea865c34f1e905e89363ab214751a0c3
hash: f329ade7acaccdeba215c1536adae0ba70139cffb3a54bc88aaf5c94c59b80f8
hash: b0d14b9122162317819068784713ce4d
hash: 5efd595a0ef7ea94805cdb4ac03d6f761c57b13b
hash: 8e38198bcce6cc847a01097346a2f6107e6024f8915a07449a41cd56d6ff5f97
hash: 481a09d4a6495fbf354a79e80e3fc740
hash: d7cb1ea3e85f287e282a62e024ab793be8ef95f4
hash: beb5be0886c5ac59c8d5393133817faad4b675fb6f70001d85e973d16240b2da
hash: f7fd140d7756246cb6aa6965fbfdf0f6
hash: aa8ed9012bc9da5d3e6c041fc7a0b37d6ac61c1d
hash: 86cb89401b80e923b1d19dffd71fa321dc37eb493663022ad8261912e8057950
hash: 0c5d42bd2bf429e908af82a9446d6bf5
hash: 63a4d5ca879ee9d9d7ed87ee7b38f49e3b166809
hash: afcdbc0601ee16277b87a5423f5e66a03c7791c14e2eb191e45153a89a332160
hash: fad283c76752fb88c79a07350949941e
hash: ea0140b3c340e7e9afca92790d400f8621d1287e
hash: 32dfd2da4ddf170fdd60124c4519bd3cfb610f4985a475bae08034b328ea44bc
hash: 4676a49a8ad43b10839bb6746d6dbfb5
hash: 33b81dad0c0b88d47c1c338c0ee745f4db609e1d
hash: 1a02d4a56ef56f7ba31fcc43d55f1a6e1e39104c71d13a54656ac1e680e1ade4
hash: 197fb96776a16eb20ac52a8ce04211c4
hash: 59933ad22c7a0dc52f82c8e498f7965334b892ae
hash: e13c5cb9836c68ff4c9ec90667c7df43c8ed528b52657d2cff58192a558fbfa5
hash: d9b21e70d0760151c8bcc53a63e97043
hash: 0e1feca3c06bb88bb3b568c1710aaae1def5921b
hash: b7534f156389d7a9fc56b628ca677bea08a0e6443c9b238f400120ec7c855699
hash: c6a255004e9032cc25c1ee9effcfb71d
hash: fb25f2a7f30702e1468672fba96364f8a3b2e078
hash: 006622b9cb14dd2dc52f7f52e800f6a4da24330f4102810b86c414f843846752
hash: ff30f057f0b05bd446ec9ca783efbe5f
hash: 6025a377babdd7118842dea7ae34c4c9d4533ff0
hash: 1917e8bd822e538b9a6b57eb528fd6d368c77121393768af6b55fb887fc68704
hash: 8ef48c5ace837c7eec40b6c59f1fd5f9
hash: c3d1a2be343fbb074d614b668754eb6f49934118
hash: f1dbb997cdececaf2f806b99f0d7ccc29c0fdf48fed7d0af954ec89132f35be1
hash: 53ba1879e257642116da1cdfa862873e
hash: fef815c368d917956e7ab7d2da760cbcb675857e
hash: 18e3e144123d157ae8903a925d46d1c65c0e1a91ba944775e698d8d5bbaa9a05
hash: d1e74039eca8decf9f71a8029e2b1620
url: http://178.16.53.17/6a62807f4d61401b.php
file: 192.140.176.79
hash: 12124
file: 194.59.31.214
hash: 443
file: 46.137.227.63
hash: 5678
file: 213.152.162.69
hash: 5580
domain: ale.skjeelancipla.com.lk
url: https://37.27.166.238/
url: http://124.222.137.114:9999/3yzr31vk
file: 1.229.183.193
hash: 9646
file: 47.242.248.75
hash: 8443
file: 47.83.171.215
hash: 8443
file: 164.92.188.212
hash: 443
file: 45.79.252.31
hash: 8080
file: 199.101.111.185
hash: 3790
file: 199.101.111.199
hash: 3790
file: 199.101.111.104
hash: 3790
url: https://cdn.jsdelivr.net/gh/www1day7/msdn/flash
file: 85.198.98.75
hash: 443
file: 194.105.5.194
hash: 4782
file: 23.133.4.3
hash: 6666
file: 23.133.4.3
hash: 7777
file: 197.223.131.83
hash: 37215
file: 197.216.230.83
hash: 37215
file: 156.97.95.40
hash: 37215
file: 197.148.239.82
hash: 37215
url: tftp://123.240.130.115/.i
file: 217.138.204.39
hash: 59713
file: 217.138.204.39
hash: 63477
file: 197.105.143.39
hash: 37215
file: 197.40.234.39
hash: 37215
file: 156.156.188.57
hash: 37215
domain: excellentxtrablessings.duckdns.org
file: 123.173.105.71
hash: 4567
file: 123.56.226.71
hash: 443
file: 51.79.251.70
hash: 443
file: 149.129.37.105
hash: 30002
file: 192.140.161.160
hash: 8088
file: 195.88.191.66
hash: 80
file: 77.90.185.30
hash: 8888
file: 185.202.239.150
hash: 7443
file: 103.177.47.157
hash: 3790
file: 103.177.47.173
hash: 3790
file: 58.244.40.231
hash: 10001
file: 103.177.47.190
hash: 3790
file: 103.177.46.55
hash: 3790
file: 40.192.110.129
hash: 2787
file: 103.177.47.188
hash: 3790
file: 103.177.47.184
hash: 3790
file: 91.215.85.116
hash: 433
file: 123.56.226.71
hash: 80
file: 38.14.194.14
hash: 8081
file: 64.40.154.72
hash: 56001
domain: invesrting.com
url: https://invesrting.com/ledger/270653f862f0ee21dce0a46e4801ec28db4ddc77b6fba9341b1b8db29909c514
file: 140.179.46.209
hash: 443
file: 54.223.153.157
hash: 443
file: 39.109.116.99
hash: 4431
file: 45.125.12.193
hash: 7777
file: 47.84.192.58
hash: 6666
file: 47.236.25.25
hash: 8002
file: 47.236.30.178
hash: 9999
file: 47.236.36.201
hash: 6666
file: 47.236.232.206
hash: 8006
file: 82.156.3.214
hash: 6666
file: 103.39.210.36
hash: 8087
file: 115.190.205.255
hash: 6666
file: 121.127.253.202
hash: 8086
domain: ebemvsextiho.com
url: http://198.251.89.171/7fca4b626244404d.php
file: 45.137.22.233
hash: 55615
domain: awa.eu.com
domain: dwo.uk.com
domain: hitclub.br.com
domain: hitclub.se.net
domain: hitclub9.us.com
domain: perugia.it.com
file: 102.117.172.91
hash: 7443
file: 98.93.238.205
hash: 443
file: 166.88.99.211
hash: 8848
domain: www.support.asseryassin.com
file: 193.161.193.99
hash: 39469
domain: babyfrage.de.com
domain: nqlw.cn.com
domain: sunwin1.cn.com
domain: sunwin2.us.com
domain: sunwins.jpn.com
file: 27.124.45.26
hash: 9090
domain: made-recruitment.gl.at.ply.gg
domain: makeway3.hopto.org
file: 202.95.6.158
hash: 443
file: 192.109.139.158
hash: 2404
file: 43.139.226.160
hash: 1234
file: 45.150.34.162
hash: 8888
file: 139.199.160.80
hash: 31310
file: 18.229.159.26
hash: 4840
file: 44.204.50.56
hash: 3517
file: 13.57.15.213
hash: 9999
file: 107.21.146.177
hash: 1913
file: 35.183.106.195
hash: 2083
domain: lotte.co.com
domain: www.hit-club.co.com
url: http://138.226.237.80
domain: zertsqaure-39469.portmap.host
domain: yh.lixiaohua.top
file: 176.65.144.253
hash: 7771
file: 20.246.105.74
hash: 7772
file: 172.203.250.171
hash: 8000
domain: new.sys-update.online
file: 192.236.154.155
hash: 443
file: 51.79.251.70
hash: 80
url: https://monseftq.com/5f7b.js
domain: monseftq.com
url: https://monseftq.com/js.php
url: https://www.support.asseryassin.com/
domain: tribadu.cyou
url: https://payinty.com/4s4m.js
domain: payinty.com
url: https://payinty.com/js.php
domain: my.mikalprice.com
url: https://tribadu.cyou/api
domain: dutchfj.cyou
domain: eldesty.cyou
domain: scarfkn.cyou
domain: sponges.cyou
url: http://192.248.184.13/pages/login.php
file: 103.101.85.39
hash: 80
file: 23.226.58.236
hash: 50912
file: 39.105.101.252
hash: 18443
domain: license.eurokassa.com
file: 3.8.204.222
hash: 443
file: 45.150.34.162
hash: 7777
file: 47.129.255.190
hash: 12322
file: 47.129.255.190
hash: 37122
file: 43.208.75.16
hash: 11101
file: 54.160.156.7
hash: 80
file: 156.254.21.227
hash: 6666
file: 43.161.219.60
hash: 10000
file: 79.137.196.232
hash: 6000
url: https://cdn.jsdelivr.net/gh/relight-73-unsigned/coolray/nmo
url: https://cdn.jsdelivr.net/gh/stp26det/eval80/physx
url: https://dameagm.cyou/api
file: 31.40.204.24
hash: 2026
file: 158.94.209.160
hash: 5600
domain: pirobelen.ydns.eu
domain: pirobelenbk.ydns.eu
file: 112.213.106.52
hash: 6666
file: 112.213.106.52
hash: 8888
file: 112.213.106.52
hash: 80
domain: recode v5.6
file: 117.85.64.29
hash: 10250
file: 178.16.53.173
hash: 443
file: 195.158.9.227
hash: 9100
file: 23.105.196.2
hash: 2053
file: 41.40.113.25
hash: 3737
file: 45.56.68.27
hash: 9201
file: 62.96.68.69
hash: 443
file: 47.92.147.45
hash: 443
file: 104.143.47.56
hash: 8322
domain: ltnhez.sa.com
domain: simplifycrm.it.com
domain: waike.cn.com
domain: api.wiresguard.com
domain: api.skycloudcenter.com
file: 59.110.7.32
hash: 8880
file: 23.235.182.111
hash: 50912
file: 156.234.94.197
hash: 50912
file: 103.106.189.90
hash: 80
file: 47.83.175.95
hash: 8443
file: 193.178.170.155
hash: 443
file: 102.204.223.155
hash: 8888
file: 167.172.173.18
hash: 4782
file: 51.20.107.164
hash: 443
file: 108.136.118.66
hash: 2375
file: 108.160.131.117
hash: 60000
domain: ultradatahost1.cfd
domain: maclinkgo.com
domain: macsharego.com
domain: safetransfer14.com
domain: maclinkon.com
domain: macshareup.com
domain: macspeedx.com
domain: macuplum.com
domain: macpathy.com
domain: macuplink.com
domain: quicksend10.com
domain: support.asseryassin.com
url: https://cdn.jsdelivr.net/gh/stp26det/eval80/net2
file: 46.28.71.176
hash: 443
file: 117.72.68.211
hash: 8000
file: 45.56.68.27
hash: 8443
file: 5.59.248.53
hash: 8080

Source: ThreatFox MISP Feed

Published: Tue Feb 03 2026

ThreatFox IOCs for 2026-02-03

Medium

Malwaretype:osint tlp:white

Published: Tue Feb 03 2026 (02/03/2026, 00:00:00 UTC)

Source: ThreatFox MISP Feed

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2026-02-03

AI-Powered Analysis

AILast updated: 02/04/2026, 00:14:39 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Upgrade to Pro Console

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: c2cef431-4fc3-462d-aa9e-6e9a244a5af6
Original Timestamp: 1770163387

Indicators of Compromise

File

Value	Description	Copy
file150.241.83.5	Stealc botnet C2 server (confidence level: 100%)
file104.248.130.195	NjRAT botnet C2 server (confidence level: 99%)
file23.94.252.101	XWorm botnet C2 server (confidence level: 100%)
file185.208.156.187	Remcos botnet C2 server (confidence level: 100%)
file192.109.139.158	Remcos botnet C2 server (confidence level: 100%)
file161.248.178.224	Remcos botnet C2 server (confidence level: 100%)
file216.126.225.121	Mirai botnet C2 server (confidence level: 100%)
file64.52.80.153	MintsLoader botnet C2 server (confidence level: 50%)
file147.185.221.212	XWorm botnet C2 server (confidence level: 100%)
file192.109.200.60	Mirai botnet C2 server (confidence level: 100%)
file107.163.56.249	Gh0stnet botnet C2 server (confidence level: 100%)
file107.163.56.250	Gh0stnet botnet C2 server (confidence level: 100%)
file81.70.102.138	Cobalt Strike botnet C2 server (confidence level: 100%)
file185.241.211.11	Remcos botnet C2 server (confidence level: 100%)
file104.250.169.100	Remcos botnet C2 server (confidence level: 100%)
file192.248.184.13	Unknown malware botnet C2 server (confidence level: 100%)
file148.113.55.238	MimiKatz botnet C2 server (confidence level: 100%)
file47.115.175.62	AdaptixC2 botnet C2 server (confidence level: 100%)
file199.101.111.189	Meterpreter botnet C2 server (confidence level: 100%)
file40.176.41.226	Meterpreter botnet C2 server (confidence level: 100%)
file199.101.111.142	Meterpreter botnet C2 server (confidence level: 100%)
file199.101.111.113	Meterpreter botnet C2 server (confidence level: 100%)
file79.137.72.182	Empire Downloader botnet C2 server (confidence level: 100%)
file178.16.53.17	Stealc botnet C2 server (confidence level: 100%)
file192.140.176.79	Cobalt Strike botnet C2 server (confidence level: 75%)
file194.59.31.214	Cobalt Strike botnet C2 server (confidence level: 75%)
file46.137.227.63	XWorm botnet C2 server (confidence level: 100%)
file213.152.162.69	Nanocore RAT botnet C2 server (confidence level: 75%)
file1.229.183.193	XenoRAT botnet C2 server (confidence level: 100%)
file47.242.248.75	GobRAT botnet C2 server (confidence level: 100%)
file47.83.171.215	GobRAT botnet C2 server (confidence level: 100%)
file164.92.188.212	Havoc botnet C2 server (confidence level: 100%)
file45.79.252.31	Havoc botnet C2 server (confidence level: 100%)
file199.101.111.185	Meterpreter botnet C2 server (confidence level: 100%)
file199.101.111.199	Meterpreter botnet C2 server (confidence level: 100%)
file199.101.111.104	Meterpreter botnet C2 server (confidence level: 100%)
file85.198.98.75	SalatStealer botnet C2 server (confidence level: 100%)
file194.105.5.194	Quasar RAT botnet C2 server (confidence level: 75%)
file23.133.4.3	ValleyRAT botnet C2 server (confidence level: 100%)
file23.133.4.3	ValleyRAT botnet C2 server (confidence level: 100%)
file197.223.131.83	Mirai botnet C2 server (confidence level: 100%)
file197.216.230.83	Mirai botnet C2 server (confidence level: 100%)
file156.97.95.40	Mirai botnet C2 server (confidence level: 100%)
file197.148.239.82	Mirai botnet C2 server (confidence level: 100%)
file217.138.204.39	Remcos botnet C2 server (confidence level: 100%)
file217.138.204.39	Remcos botnet C2 server (confidence level: 100%)
file197.105.143.39	Mirai botnet C2 server (confidence level: 100%)
file197.40.234.39	Mirai botnet C2 server (confidence level: 100%)
file156.156.188.57	Mirai botnet C2 server (confidence level: 100%)
file123.173.105.71	Ghost RAT botnet C2 server (confidence level: 100%)
file123.56.226.71	Cobalt Strike botnet C2 server (confidence level: 100%)
file51.79.251.70	Cobalt Strike botnet C2 server (confidence level: 100%)
file149.129.37.105	Cobalt Strike botnet C2 server (confidence level: 100%)
file192.140.161.160	Cobalt Strike botnet C2 server (confidence level: 100%)
file195.88.191.66	Unknown RAT botnet C2 server (confidence level: 100%)
file77.90.185.30	Unknown malware botnet C2 server (confidence level: 100%)
file185.202.239.150	Unknown malware botnet C2 server (confidence level: 100%)
file103.177.47.157	Meterpreter botnet C2 server (confidence level: 100%)
file103.177.47.173	Meterpreter botnet C2 server (confidence level: 100%)
file58.244.40.231	Meterpreter botnet C2 server (confidence level: 100%)
file103.177.47.190	Meterpreter botnet C2 server (confidence level: 100%)
file103.177.46.55	Meterpreter botnet C2 server (confidence level: 100%)
file40.192.110.129	Meterpreter botnet C2 server (confidence level: 100%)
file103.177.47.188	Meterpreter botnet C2 server (confidence level: 100%)
file103.177.47.184	Meterpreter botnet C2 server (confidence level: 100%)
file91.215.85.116	Remcos botnet C2 server (confidence level: 75%)
file123.56.226.71	Cobalt Strike botnet C2 server (confidence level: 100%)
file38.14.194.14	Cobalt Strike botnet C2 server (confidence level: 100%)
file64.40.154.72	PXA Stealer botnet C2 server (confidence level: 100%)
file140.179.46.209	DeimosC2 botnet C2 server (confidence level: 75%)
file54.223.153.157	DeimosC2 botnet C2 server (confidence level: 75%)
file39.109.116.99	Ghost RAT botnet C2 server (confidence level: 100%)
file45.125.12.193	Ghost RAT botnet C2 server (confidence level: 100%)
file47.84.192.58	Ghost RAT botnet C2 server (confidence level: 100%)
file47.236.25.25	Ghost RAT botnet C2 server (confidence level: 100%)
file47.236.30.178	Ghost RAT botnet C2 server (confidence level: 100%)
file47.236.36.201	Ghost RAT botnet C2 server (confidence level: 100%)
file47.236.232.206	Ghost RAT botnet C2 server (confidence level: 100%)
file82.156.3.214	Ghost RAT botnet C2 server (confidence level: 100%)
file103.39.210.36	Ghost RAT botnet C2 server (confidence level: 100%)
file115.190.205.255	Ghost RAT botnet C2 server (confidence level: 100%)
file121.127.253.202	Ghost RAT botnet C2 server (confidence level: 100%)
file45.137.22.233	RedLine Stealer botnet C2 server (confidence level: 100%)
file102.117.172.91	Unknown malware botnet C2 server (confidence level: 100%)
file98.93.238.205	Havoc botnet C2 server (confidence level: 100%)
file166.88.99.211	DCRat botnet C2 server (confidence level: 100%)
file193.161.193.99	NjRAT botnet C2 server (confidence level: 100%)
file27.124.45.26	ValleyRAT botnet C2 server (confidence level: 100%)
file202.95.6.158	Cobalt Strike botnet C2 server (confidence level: 100%)
file192.109.139.158	Remcos botnet C2 server (confidence level: 100%)
file43.139.226.160	Sliver botnet C2 server (confidence level: 100%)
file45.150.34.162	DCRat botnet C2 server (confidence level: 100%)
file139.199.160.80	AdaptixC2 botnet C2 server (confidence level: 100%)
file18.229.159.26	Meterpreter botnet C2 server (confidence level: 100%)
file44.204.50.56	Meterpreter botnet C2 server (confidence level: 100%)
file13.57.15.213	Meterpreter botnet C2 server (confidence level: 100%)
file107.21.146.177	Meterpreter botnet C2 server (confidence level: 100%)
file35.183.106.195	Meterpreter botnet C2 server (confidence level: 100%)
file176.65.144.253	SpyNote botnet C2 server (confidence level: 100%)
file20.246.105.74	SpyNote botnet C2 server (confidence level: 100%)
file172.203.250.171	SpyNote botnet C2 server (confidence level: 100%)
file192.236.154.155	Meterpreter botnet C2 server (confidence level: 75%)
file51.79.251.70	Cobalt Strike botnet C2 server (confidence level: 75%)
file103.101.85.39	Stealc botnet C2 server (confidence level: 100%)
file23.226.58.236	Cobalt Strike botnet C2 server (confidence level: 100%)
file39.105.101.252	Cobalt Strike botnet C2 server (confidence level: 100%)
file3.8.204.222	Havoc botnet C2 server (confidence level: 100%)
file45.150.34.162	DCRat botnet C2 server (confidence level: 100%)
file47.129.255.190	Meterpreter botnet C2 server (confidence level: 100%)
file47.129.255.190	Meterpreter botnet C2 server (confidence level: 100%)
file43.208.75.16	Meterpreter botnet C2 server (confidence level: 100%)
file54.160.156.7	Empire Downloader botnet C2 server (confidence level: 100%)
file156.254.21.227	ValleyRAT botnet C2 server (confidence level: 100%)
file43.161.219.60	GhostSocks botnet C2 server (confidence level: 100%)
file79.137.196.232	XWorm botnet C2 server (confidence level: 100%)
file31.40.204.24	XWorm botnet C2 server (confidence level: 100%)
file158.94.209.160	XWorm botnet C2 server (confidence level: 100%)
file112.213.106.52	ValleyRAT botnet C2 server (confidence level: 100%)
file112.213.106.52	ValleyRAT botnet C2 server (confidence level: 100%)
file112.213.106.52	ValleyRAT botnet C2 server (confidence level: 100%)
file117.85.64.29	DeimosC2 botnet C2 server (confidence level: 75%)
file178.16.53.173	Eye Pyramid botnet C2 server (confidence level: 75%)
file195.158.9.227	DeimosC2 botnet C2 server (confidence level: 75%)
file23.105.196.2	DeimosC2 botnet C2 server (confidence level: 75%)
file41.40.113.25	NjRAT botnet C2 server (confidence level: 100%)
file45.56.68.27	Havoc botnet C2 server (confidence level: 75%)
file62.96.68.69	DeimosC2 botnet C2 server (confidence level: 75%)
file47.92.147.45	VShell botnet C2 server (confidence level: 100%)
file104.143.47.56	VShell botnet C2 server (confidence level: 100%)
file59.110.7.32	Cobalt Strike botnet C2 server (confidence level: 100%)
file23.235.182.111	Cobalt Strike botnet C2 server (confidence level: 100%)
file156.234.94.197	Cobalt Strike botnet C2 server (confidence level: 100%)
file103.106.189.90	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.83.175.95	GobRAT botnet C2 server (confidence level: 100%)
file193.178.170.155	Remcos botnet C2 server (confidence level: 100%)
file102.204.223.155	Unknown malware botnet C2 server (confidence level: 100%)
file167.172.173.18	Quasar RAT botnet C2 server (confidence level: 100%)
file51.20.107.164	Quasar RAT botnet C2 server (confidence level: 100%)
file108.136.118.66	Meterpreter botnet C2 server (confidence level: 100%)
file108.160.131.117	Unknown malware botnet C2 server (confidence level: 100%)
file46.28.71.176	Cobalt Strike botnet C2 server (confidence level: 100%)
file117.72.68.211	Cobalt Strike botnet C2 server (confidence level: 100%)
file45.56.68.27	Havoc botnet C2 server (confidence level: 100%)
file5.59.248.53	MooBot botnet C2 server (confidence level: 100%)

Hash

Value	Description	Copy
hash80	Stealc botnet C2 server (confidence level: 100%)
hash7491	NjRAT botnet C2 server (confidence level: 99%)
hash7004	XWorm botnet C2 server (confidence level: 100%)
hash8309	Remcos botnet C2 server (confidence level: 100%)
hash37171	Remcos botnet C2 server (confidence level: 100%)
hash2526	Remcos botnet C2 server (confidence level: 100%)
hash80	Mirai botnet C2 server (confidence level: 100%)
hash80	MintsLoader botnet C2 server (confidence level: 50%)
hash40190	XWorm botnet C2 server (confidence level: 100%)
hash3778	Mirai botnet C2 server (confidence level: 100%)
hash18530	Gh0stnet botnet C2 server (confidence level: 100%)
hash18963	Gh0stnet botnet C2 server (confidence level: 100%)
hash9999	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash29811	Remcos botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash8000	MimiKatz botnet C2 server (confidence level: 100%)
hash4321	AdaptixC2 botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash49152	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash1337	Empire Downloader botnet C2 server (confidence level: 100%)
hash80	Stealc botnet C2 server (confidence level: 100%)
hash2d3769a8db9e187765c690c6070c9a37343f31e0	ValleyRAT payload (confidence level: 95%)
hash6a25cf8ca25379e296985987ab0836301ee6e255868ef013276ba8e360cceb33	ValleyRAT payload (confidence level: 95%)
hash662b5ce37b3e1f271dc24973a0c4fc4f	ValleyRAT payload (confidence level: 95%)
hashd8add360140a9ba5355bd6eff68035569b7e3c11	Formbook payload (confidence level: 95%)
hash750d0ef6eaaac00190a10d38493cf765fcb9a9076ecf4d52ca356af4a650585f	Formbook payload (confidence level: 95%)
hash99c0992338796dc80d99a0fba3797b38	Formbook payload (confidence level: 95%)
hasha2d94dcdb8797ef93dc1c6ebbaa3271b11f1b225	SalatStealer payload (confidence level: 95%)
hash6245e67431904902ef9e3e15ab69ea9e77fdf5541b3916ebc7593295bf3bee21	SalatStealer payload (confidence level: 95%)
hash07c59ea0d9dfe8f02c9396ed2c2c4e6a	SalatStealer payload (confidence level: 95%)
hashb5b891856155775874600ab9a66cdd54686bac68	Quasar RAT payload (confidence level: 95%)
hash42bee2b9b2885a5acfdbc34921ad07507bee945be5c2852924d39363f6aec018	Quasar RAT payload (confidence level: 95%)
hash3737dc4aab252d95656a4830cad1eac7	Quasar RAT payload (confidence level: 95%)
hashf4a6f6e327ebaaf133d45c82b89adad0ee4b93f6	GUIDLOADER payload (confidence level: 95%)
hash515bbef4ce21e056dc31c85364a95a4d0ae71f18772388b54121e5bcccfe604c	GUIDLOADER payload (confidence level: 95%)
hash5e1d30dcd0e377259a0e68a0e8094c5f	GUIDLOADER payload (confidence level: 95%)
hasha835875290dda1bc54ccab44c5703bb44a186df5	Stealc payload (confidence level: 95%)
hashc8eb6d4091e97a8135c0a6d0cc5252a6767c81b0fc389b18479c605071f06a58	Stealc payload (confidence level: 95%)
hashfb0e4782b8c2527a782030b0ebba13f2	Stealc payload (confidence level: 95%)
hash70a68edce3e3ce9b9634066be4dfe2ef9e9e60cb	Socks5 Systemz payload (confidence level: 95%)
hashd1e71435f06bfd9fd597c8310db325e7adf17b5597f8badd7c4fdf52470b7bcb	Socks5 Systemz payload (confidence level: 95%)
hashf75cf32818d7d5f1e937a8e1641be79e	Socks5 Systemz payload (confidence level: 95%)
hash93360905074f64342dafabda7047c7674188667e	Vidar payload (confidence level: 95%)
hash3b27d463f3148ebc05e007b41b6169aa16bbc560bde0dbdbe64952bd65f8b447	Vidar payload (confidence level: 95%)
hash6d2f5a35ddeb7d9cbf6e555273a8adc3	Vidar payload (confidence level: 95%)
hash62f4b2bdbad4207ecc6202ce327c59b949fe15be	AsyncRAT payload (confidence level: 95%)
hash444dca0bcda9d7e51e4c7cc5b6f9a5659570e8fe7ee4a12b96c7df612aea8cf5	AsyncRAT payload (confidence level: 95%)
hash393c0c6cfd4efc84619776473d17388b	AsyncRAT payload (confidence level: 95%)
hash84d2316f366aedc44d664512f50d960b4b5089d4	Remcos payload (confidence level: 95%)
hashfc3c2a710caa8687d973ac7fbba52d41d4801b5e57cf3044d835416f5f6f937d	Remcos payload (confidence level: 95%)
hash3ee93313340e329c78df37bbf338c0a2	Remcos payload (confidence level: 95%)
hashac002b3d9928eaaa3bf0d408a25e93247f093ec6	MASS Logger payload (confidence level: 95%)
hashec40047cc883d67c80601068335be848122b8040429b3503ee4cbae4a3215d02	MASS Logger payload (confidence level: 95%)
hash95b66d8ed7f041ea71979d5c727cdca5	MASS Logger payload (confidence level: 95%)
hashba783b756ff3f997efcdd044e37518def8466b50	DCRat payload (confidence level: 95%)
hash9e2fc40e94812b79eec64dab1bbc821bed2e7bb6475e08a991e942d79be313cf	DCRat payload (confidence level: 95%)
hash04e293515996a53ddd8896531be7fc68	DCRat payload (confidence level: 95%)
hash86ed566c45c5209177ff4d174fa27f7f1b605552	SalatStealer payload (confidence level: 95%)
hash04e4ab0b983a9011303db7fb009d3053280297453de5e3f4cd231ef08476b2c4	SalatStealer payload (confidence level: 95%)
hashcbd1abb56425b90d45e7a6badf20f31c	SalatStealer payload (confidence level: 95%)
hash4dbcc3b04d186f4d897a2b82f6baa942d0b608c7	SalatStealer payload (confidence level: 95%)
hashb64d2d8af29d85f7d379f8face0483badd39a9428d87495295bd3160879bae58	SalatStealer payload (confidence level: 95%)
hashb9eb4e6a1359ec048322ed53fc4ea920	SalatStealer payload (confidence level: 95%)
hash4893e31dc9c2e64365195e759df7b1965ac5ebfc	StrelaStealer payload (confidence level: 95%)
hash23923939b58632d55784976d9af392d0fe260f7e6f8b92f3e8d2757f79c69e9c	StrelaStealer payload (confidence level: 95%)
hash3096c748b77bf770177fa2a09192df92	StrelaStealer payload (confidence level: 95%)
hash5e2f0d877737becef9e710281fca4bf2f855c979	Coinminer payload (confidence level: 95%)
hash803b90be4767757819d2be13b6d6a36d1af1383495a31a5932cfd50bacb4c717	Coinminer payload (confidence level: 95%)
hash8c3c29cb36b47392edcd52c5aa540a62	Coinminer payload (confidence level: 95%)
hash6652cf491ed9992eb2f3af23e9641cd987096280	troystealer payload (confidence level: 95%)
hash3b22605244dbace8f0c07c2c599f88c4b831bb07e9998b869a5da2759d27ceec	troystealer payload (confidence level: 95%)
hash0ef9f39b2685b42c78fc6859498b29bf	troystealer payload (confidence level: 95%)
hashffa1d68aadb56ce8e619f3311bd6832ef1861dde	SalatStealer payload (confidence level: 95%)
hasha52e8ef3634a8303ea3937ebddad4cc062851781c3cd15cd852224e9a3fdf801	SalatStealer payload (confidence level: 95%)
hash0c77372f939c3ccba897629cfb3c4260	SalatStealer payload (confidence level: 95%)
hash7e18b4062aed11a39897f72b9a1a4e62b9768adc	SalatStealer payload (confidence level: 95%)
hasheb912f9bb9d6a6aa2d145c982cc1e8c33245b735d993849c034fe6bf409b4f08	SalatStealer payload (confidence level: 95%)
hashfcc663cbd99402d200e8606fbe90fdb7	SalatStealer payload (confidence level: 95%)
hash382148ae4418ddc3eda4468620f9a24c5a75cb6c	SalatStealer payload (confidence level: 95%)
hash7533f1fe98a621cc45b7ebe6f19723581b990e4868025d40f3d28a888b24815e	SalatStealer payload (confidence level: 95%)
hashd84e79918017cf50461181103b6aeb3a	SalatStealer payload (confidence level: 95%)
hashe2696e16eaba446b89b9dd8657b0f9497d36553d	SalatStealer payload (confidence level: 95%)
hashc5b77d7de8423b4fbac74a07b36853359ca4f7f7c0d55c73ef5c76102c223abb	SalatStealer payload (confidence level: 95%)
hashd3a009dc9eace9ce1d90428afcb22980	SalatStealer payload (confidence level: 95%)
hash5682a3b1dcf04945ceabc54e7c86743b41c4b179	Coinminer payload (confidence level: 95%)
hashddaae439820a0df5411341c2354443fdf010a3ba8640aa78706e7d0386cb1281	Coinminer payload (confidence level: 95%)
hash2bd3ed808e3c3821bafacc9ebc95c51d	Coinminer payload (confidence level: 95%)
hashfd352aae3c3dc6d5cd0443fe83accd2210acf930	Socks5 Systemz payload (confidence level: 95%)
hashe031af5926d10740e35aec1507d43d560689edbcf2d4bc91175a9fe391d63493	Socks5 Systemz payload (confidence level: 95%)
hash2e5579b2dd3166b16b0357e667456b20	Socks5 Systemz payload (confidence level: 95%)
hash6ac5cba012cdaad136c867c339daa6a47a3f44ec	KrakenKeylogger payload (confidence level: 95%)
hash71b2457ddc24360563eb07fe7fac84203c695dcf726d1a1f91028b86f2b9a232	KrakenKeylogger payload (confidence level: 95%)
hash56678c91675f27edfcb9a04c6870f1a9	KrakenKeylogger payload (confidence level: 95%)
hash966cd6652df454b473eb99e62b12abf6ffcc8c66	troystealer payload (confidence level: 95%)
hash2859d03275e290dd9870a6e2f0db9d00c3219c766ae57d5b885b118b44d52ab6	troystealer payload (confidence level: 95%)
hash79001a2413f05451231b20bafc160974	troystealer payload (confidence level: 95%)
hash8338359ad0ee947006aaae5a7786ece35ddf919c	troystealer payload (confidence level: 95%)
hash19edf8e473310efee3dcde577c3e76d8f215c1bba6815ffe3952b5001e978c4a	troystealer payload (confidence level: 95%)
hash6cf21ad08327011f511ec435615abc80	troystealer payload (confidence level: 95%)
hash31f578c8d2d51bc91b7dfe4d663cb0ad079d5869	NjRAT payload (confidence level: 95%)
hashd2aa40cc53b40c6e76ac0677c4a54387b3f27ee94c85d9b2c3a3d66aeef92a66	NjRAT payload (confidence level: 95%)
hashf0cfe3559bf988d4477a6ac2bcc6c025	NjRAT payload (confidence level: 95%)
hash8cb33bd33b3bc6938a7c5f0f0e42928db4fd4c55	DarkTortilla payload (confidence level: 95%)
hash8e428ed7bec47c35783cca6568a6a8f8d5229669d1cce764d30ecac9ff9c28d4	DarkTortilla payload (confidence level: 95%)
hashea06fcf8cc00700003b61556d3c23e47	DarkTortilla payload (confidence level: 95%)
hashba4da717a43001f1bc14b204608749dd84d81e3c	AsyncRAT payload (confidence level: 95%)
hash897221ef7bedd400fc45ef4ebdb769c7993836942e77be5c5c34687eaf345bfc	AsyncRAT payload (confidence level: 95%)
hash1b7be3e24bef996b5e313aedf478815a	AsyncRAT payload (confidence level: 95%)
hash607939122d81561cb9f30f2e2597c43fa8429ac6	Quasar RAT payload (confidence level: 95%)
hashe53905be786890e707d3afe844cbb853b3b5db4f52768df923ac867a2659c3b1	Quasar RAT payload (confidence level: 95%)
hash61e28f4ff02967cb647563eae9d00240	Quasar RAT payload (confidence level: 95%)
hash2b43d75bc993fec1d95565e9969396b7b18e2bc2	troystealer payload (confidence level: 95%)
hash65ca5368c87b5c53a24995aa3bb88240abf1766e2fd013ad10756e5006be286c	troystealer payload (confidence level: 95%)
hashd2803e05ab535bbbd07d270bb773da36	troystealer payload (confidence level: 95%)
hash35d399c97200bd5e9164ae609b833c8d57973e20	Remcos payload (confidence level: 95%)
hash8109a0528091c8be7fc71e941604672f1cfba50a020c9b4fce74be6e092764f4	Remcos payload (confidence level: 95%)
hash3b1c10d10b05b1a5ecac045e9a33528d	Remcos payload (confidence level: 95%)
hash82eb07bd7d2563ce6d81316b0c7a05bdea1b9fb7	troystealer payload (confidence level: 95%)
hash53b4317fd9a0cf301121a76a516891ce941588e2b372a82324e36eea5ee3f91e	troystealer payload (confidence level: 95%)
hash4b06a8ccd7ebba7d2cc1be5c51f73322	troystealer payload (confidence level: 95%)
hash70ad4d4d8b030e6b01e79f5c8eaad8ed78224675	troystealer payload (confidence level: 95%)
hash02eb6ea3994a71eb9d32762d30acfc9f2c38e2fd118043154f6223c10760eb37	troystealer payload (confidence level: 95%)
hash21cdb58878f55efcaea679d6e63cd598	troystealer payload (confidence level: 95%)
hash350bbd062928159fd66b9f2b12d5c92e6346e7ec	troystealer payload (confidence level: 95%)
hashf3730bbe90b59245b9b2b89e3832740a2b4af47069a0feca33ea24a2dedf0b30	troystealer payload (confidence level: 95%)
hash0e8f8276095bbba8b9081cfc2ccb6245	troystealer payload (confidence level: 95%)
hash487579dd590ce480b00e313af3a14f8038c10c6a	troystealer payload (confidence level: 95%)
hasha6af4e14a3086a8162a66438071338274f45a88d46a338641370b36f106bd5cf	troystealer payload (confidence level: 95%)
hash6de2c93b0a790c97e8ebec543be57e5b	troystealer payload (confidence level: 95%)
hash5ca76b184c18c4fbfb2b8120d15b944ff7c8f1c3	troystealer payload (confidence level: 95%)
hash8bcaf5c18012ea57704cf548cc1173e10fd713712f4feba765cff7c3de7ca562	troystealer payload (confidence level: 95%)
hash5c0b20599f478d93669d0f3dbe7b33b2	troystealer payload (confidence level: 95%)
hash6f021aeb09169b124b33219412728a7f84a54b75	troystealer payload (confidence level: 95%)
hash82b795d65531b63826ec1fc09e573bf979a504f59d53900080def0664c65c7ca	troystealer payload (confidence level: 95%)
hashb1279f60a50b5b1be0e980280955c9c5	troystealer payload (confidence level: 95%)
hash0d24a68a767b9b9e15cecc8d78825edeb447f097	AsyncRAT payload (confidence level: 95%)
hash0cfa3d1a5a9e9d690c0148510644037d671d81b8f946f6eb84227be5da8e547f	AsyncRAT payload (confidence level: 95%)
hash46727cbc255133532210441f03729590	AsyncRAT payload (confidence level: 95%)
hashe3eb5cec5b797ca57a0d3623be260d8892027edc	AsyncRAT payload (confidence level: 95%)
hash1df915c3b94f07f34bff1999b401d7c94f28f9819f0672f1c4a198ac3988fd85	AsyncRAT payload (confidence level: 95%)
hashddeca559be3c17f0836edc0003d39a3f	AsyncRAT payload (confidence level: 95%)
hashf6c39866ea865c34f1e905e89363ab214751a0c3	AsyncRAT payload (confidence level: 95%)
hashf329ade7acaccdeba215c1536adae0ba70139cffb3a54bc88aaf5c94c59b80f8	AsyncRAT payload (confidence level: 95%)
hashb0d14b9122162317819068784713ce4d	AsyncRAT payload (confidence level: 95%)
hash5efd595a0ef7ea94805cdb4ac03d6f761c57b13b	AsyncRAT payload (confidence level: 95%)
hash8e38198bcce6cc847a01097346a2f6107e6024f8915a07449a41cd56d6ff5f97	AsyncRAT payload (confidence level: 95%)
hash481a09d4a6495fbf354a79e80e3fc740	AsyncRAT payload (confidence level: 95%)
hashd7cb1ea3e85f287e282a62e024ab793be8ef95f4	AsyncRAT payload (confidence level: 95%)
hashbeb5be0886c5ac59c8d5393133817faad4b675fb6f70001d85e973d16240b2da	AsyncRAT payload (confidence level: 95%)
hashf7fd140d7756246cb6aa6965fbfdf0f6	AsyncRAT payload (confidence level: 95%)
hashaa8ed9012bc9da5d3e6c041fc7a0b37d6ac61c1d	AsyncRAT payload (confidence level: 95%)
hash86cb89401b80e923b1d19dffd71fa321dc37eb493663022ad8261912e8057950	AsyncRAT payload (confidence level: 95%)
hash0c5d42bd2bf429e908af82a9446d6bf5	AsyncRAT payload (confidence level: 95%)
hash63a4d5ca879ee9d9d7ed87ee7b38f49e3b166809	NjRAT payload (confidence level: 95%)
hashafcdbc0601ee16277b87a5423f5e66a03c7791c14e2eb191e45153a89a332160	NjRAT payload (confidence level: 95%)
hashfad283c76752fb88c79a07350949941e	NjRAT payload (confidence level: 95%)
hashea0140b3c340e7e9afca92790d400f8621d1287e	NjRAT payload (confidence level: 95%)
hash32dfd2da4ddf170fdd60124c4519bd3cfb610f4985a475bae08034b328ea44bc	NjRAT payload (confidence level: 95%)
hash4676a49a8ad43b10839bb6746d6dbfb5	NjRAT payload (confidence level: 95%)
hash33b81dad0c0b88d47c1c338c0ee745f4db609e1d	SwaetRAT payload (confidence level: 95%)
hash1a02d4a56ef56f7ba31fcc43d55f1a6e1e39104c71d13a54656ac1e680e1ade4	SwaetRAT payload (confidence level: 95%)
hash197fb96776a16eb20ac52a8ce04211c4	SwaetRAT payload (confidence level: 95%)
hash59933ad22c7a0dc52f82c8e498f7965334b892ae	SalatStealer payload (confidence level: 95%)
hashe13c5cb9836c68ff4c9ec90667c7df43c8ed528b52657d2cff58192a558fbfa5	SalatStealer payload (confidence level: 95%)
hashd9b21e70d0760151c8bcc53a63e97043	SalatStealer payload (confidence level: 95%)
hash0e1feca3c06bb88bb3b568c1710aaae1def5921b	troystealer payload (confidence level: 95%)
hashb7534f156389d7a9fc56b628ca677bea08a0e6443c9b238f400120ec7c855699	troystealer payload (confidence level: 95%)
hashc6a255004e9032cc25c1ee9effcfb71d	troystealer payload (confidence level: 95%)
hashfb25f2a7f30702e1468672fba96364f8a3b2e078	SalatStealer payload (confidence level: 95%)
hash006622b9cb14dd2dc52f7f52e800f6a4da24330f4102810b86c414f843846752	SalatStealer payload (confidence level: 95%)
hashff30f057f0b05bd446ec9ca783efbe5f	SalatStealer payload (confidence level: 95%)
hash6025a377babdd7118842dea7ae34c4c9d4533ff0	SalatStealer payload (confidence level: 95%)
hash1917e8bd822e538b9a6b57eb528fd6d368c77121393768af6b55fb887fc68704	SalatStealer payload (confidence level: 95%)
hash8ef48c5ace837c7eec40b6c59f1fd5f9	SalatStealer payload (confidence level: 95%)
hashc3d1a2be343fbb074d614b668754eb6f49934118	SalatStealer payload (confidence level: 95%)
hashf1dbb997cdececaf2f806b99f0d7ccc29c0fdf48fed7d0af954ec89132f35be1	SalatStealer payload (confidence level: 95%)
hash53ba1879e257642116da1cdfa862873e	SalatStealer payload (confidence level: 95%)
hashfef815c368d917956e7ab7d2da760cbcb675857e	SmokeLoader payload (confidence level: 95%)
hash18e3e144123d157ae8903a925d46d1c65c0e1a91ba944775e698d8d5bbaa9a05	SmokeLoader payload (confidence level: 95%)
hashd1e74039eca8decf9f71a8029e2b1620	SmokeLoader payload (confidence level: 95%)
hash12124	Cobalt Strike botnet C2 server (confidence level: 75%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash5678	XWorm botnet C2 server (confidence level: 100%)
hash5580	Nanocore RAT botnet C2 server (confidence level: 75%)
hash9646	XenoRAT botnet C2 server (confidence level: 100%)
hash8443	GobRAT botnet C2 server (confidence level: 100%)
hash8443	GobRAT botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash8080	Havoc botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash443	SalatStealer botnet C2 server (confidence level: 100%)
hash4782	Quasar RAT botnet C2 server (confidence level: 75%)
hash6666	ValleyRAT botnet C2 server (confidence level: 100%)
hash7777	ValleyRAT botnet C2 server (confidence level: 100%)
hash37215	Mirai botnet C2 server (confidence level: 100%)
hash37215	Mirai botnet C2 server (confidence level: 100%)
hash37215	Mirai botnet C2 server (confidence level: 100%)
hash37215	Mirai botnet C2 server (confidence level: 100%)
hash59713	Remcos botnet C2 server (confidence level: 100%)
hash63477	Remcos botnet C2 server (confidence level: 100%)
hash37215	Mirai botnet C2 server (confidence level: 100%)
hash37215	Mirai botnet C2 server (confidence level: 100%)
hash37215	Mirai botnet C2 server (confidence level: 100%)
hash4567	Ghost RAT botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash30002	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8088	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Unknown RAT botnet C2 server (confidence level: 100%)
hash8888	Unknown malware botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash10001	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash2787	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash433	Remcos botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8081	Cobalt Strike botnet C2 server (confidence level: 100%)
hash56001	PXA Stealer botnet C2 server (confidence level: 100%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash4431	Ghost RAT botnet C2 server (confidence level: 100%)
hash7777	Ghost RAT botnet C2 server (confidence level: 100%)
hash6666	Ghost RAT botnet C2 server (confidence level: 100%)
hash8002	Ghost RAT botnet C2 server (confidence level: 100%)
hash9999	Ghost RAT botnet C2 server (confidence level: 100%)
hash6666	Ghost RAT botnet C2 server (confidence level: 100%)
hash8006	Ghost RAT botnet C2 server (confidence level: 100%)
hash6666	Ghost RAT botnet C2 server (confidence level: 100%)
hash8087	Ghost RAT botnet C2 server (confidence level: 100%)
hash6666	Ghost RAT botnet C2 server (confidence level: 100%)
hash8086	Ghost RAT botnet C2 server (confidence level: 100%)
hash55615	RedLine Stealer botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash8848	DCRat botnet C2 server (confidence level: 100%)
hash39469	NjRAT botnet C2 server (confidence level: 100%)
hash9090	ValleyRAT botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash1234	Sliver botnet C2 server (confidence level: 100%)
hash8888	DCRat botnet C2 server (confidence level: 100%)
hash31310	AdaptixC2 botnet C2 server (confidence level: 100%)
hash4840	Meterpreter botnet C2 server (confidence level: 100%)
hash3517	Meterpreter botnet C2 server (confidence level: 100%)
hash9999	Meterpreter botnet C2 server (confidence level: 100%)
hash1913	Meterpreter botnet C2 server (confidence level: 100%)
hash2083	Meterpreter botnet C2 server (confidence level: 100%)
hash7771	SpyNote botnet C2 server (confidence level: 100%)
hash7772	SpyNote botnet C2 server (confidence level: 100%)
hash8000	SpyNote botnet C2 server (confidence level: 100%)
hash443	Meterpreter botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Stealc botnet C2 server (confidence level: 100%)
hash50912	Cobalt Strike botnet C2 server (confidence level: 100%)
hash18443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash7777	DCRat botnet C2 server (confidence level: 100%)
hash12322	Meterpreter botnet C2 server (confidence level: 100%)
hash37122	Meterpreter botnet C2 server (confidence level: 100%)
hash11101	Meterpreter botnet C2 server (confidence level: 100%)
hash80	Empire Downloader botnet C2 server (confidence level: 100%)
hash6666	ValleyRAT botnet C2 server (confidence level: 100%)
hash10000	GhostSocks botnet C2 server (confidence level: 100%)
hash6000	XWorm botnet C2 server (confidence level: 100%)
hash2026	XWorm botnet C2 server (confidence level: 100%)
hash5600	XWorm botnet C2 server (confidence level: 100%)
hash6666	ValleyRAT botnet C2 server (confidence level: 100%)
hash8888	ValleyRAT botnet C2 server (confidence level: 100%)
hash80	ValleyRAT botnet C2 server (confidence level: 100%)
hash10250	DeimosC2 botnet C2 server (confidence level: 75%)
hash443	Eye Pyramid botnet C2 server (confidence level: 75%)
hash9100	DeimosC2 botnet C2 server (confidence level: 75%)
hash2053	DeimosC2 botnet C2 server (confidence level: 75%)
hash3737	NjRAT botnet C2 server (confidence level: 100%)
hash9201	Havoc botnet C2 server (confidence level: 75%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash443	VShell botnet C2 server (confidence level: 100%)
hash8322	VShell botnet C2 server (confidence level: 100%)
hash8880	Cobalt Strike botnet C2 server (confidence level: 100%)
hash50912	Cobalt Strike botnet C2 server (confidence level: 100%)
hash50912	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443	GobRAT botnet C2 server (confidence level: 100%)
hash443	Remcos botnet C2 server (confidence level: 100%)
hash8888	Unknown malware botnet C2 server (confidence level: 100%)
hash4782	Quasar RAT botnet C2 server (confidence level: 100%)
hash443	Quasar RAT botnet C2 server (confidence level: 100%)
hash2375	Meterpreter botnet C2 server (confidence level: 100%)
hash60000	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8000	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443	Havoc botnet C2 server (confidence level: 100%)
hash8080	MooBot botnet C2 server (confidence level: 100%)

Domain

Value	Description	Copy
domainhungry-pixel.com	SantaStealer botnet C2 domain (confidence level: 100%)
domainlazaniaabstract.com	Stealc botnet C2 domain (confidence level: 100%)
domainsoulversr.com	KongTuke payload delivery domain (confidence level: 100%)
domaintiapolif.com	SmartApeSG payload delivery domain (confidence level: 100%)
domainingodgracebabyangelgivenblesswellwithmyl.duckdns.org	Remcos botnet C2 domain (confidence level: 100%)
domainitallgrealomeirac.duckdns.org	Remcos botnet C2 domain (confidence level: 100%)
domaingreatmindzcroll.duckdns.org	Remcos botnet C2 domain (confidence level: 100%)
domainplattwistinit.duckdns.org	Remcos botnet C2 domain (confidence level: 100%)
domainx1egreatmindzcroll.duckdns.org	Remcos botnet C2 domain (confidence level: 100%)
domainx1eplattwistinit.duckdns.org	Remcos botnet C2 domain (confidence level: 100%)
domainsbwur1.top	MintsLoader botnet C2 domain (confidence level: 75%)
domaingecdfcjcbcmmakk.top	MintsLoader botnet C2 domain (confidence level: 75%)
domainnwk.skjeelancipla.com.lk	Vidar botnet C2 domain (confidence level: 100%)
domainregistration-irc.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainale.skjeelancipla.com.lk	Vidar botnet C2 domain (confidence level: 100%)
domainexcellentxtrablessings.duckdns.org	XWorm botnet C2 domain (confidence level: 75%)
domaininvesrting.com	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainebemvsextiho.com	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainawa.eu.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domaindwo.uk.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainhitclub.br.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainhitclub.se.net	AsyncRAT botnet C2 domain (confidence level: 75%)
domainhitclub9.us.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainperugia.it.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainwww.support.asseryassin.com	Unknown malware botnet C2 domain (confidence level: 100%)
domainbabyfrage.de.com	Quasar RAT botnet C2 domain (confidence level: 75%)
domainnqlw.cn.com	Quasar RAT botnet C2 domain (confidence level: 75%)
domainsunwin1.cn.com	Quasar RAT botnet C2 domain (confidence level: 75%)
domainsunwin2.us.com	Quasar RAT botnet C2 domain (confidence level: 75%)
domainsunwins.jpn.com	Quasar RAT botnet C2 domain (confidence level: 75%)
domainmade-recruitment.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainmakeway3.hopto.org	XWorm botnet C2 domain (confidence level: 100%)
domainlotte.co.com	AsyncRAT botnet C2 domain (confidence level: 100%)
domainwww.hit-club.co.com	AsyncRAT botnet C2 domain (confidence level: 100%)
domainzertsqaure-39469.portmap.host	NjRAT botnet C2 domain (confidence level: 100%)
domainyh.lixiaohua.top	ValleyRAT botnet C2 domain (confidence level: 100%)
domainnew.sys-update.online	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainmonseftq.com	KongTuke payload delivery domain (confidence level: 100%)
domaintribadu.cyou	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainpayinty.com	KongTuke payload delivery domain (confidence level: 100%)
domainmy.mikalprice.com	FAKEUPDATES botnet C2 domain (confidence level: 100%)
domaindutchfj.cyou	Lumma Stealer botnet C2 domain (confidence level: 100%)
domaineldesty.cyou	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainscarfkn.cyou	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainsponges.cyou	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainlicense.eurokassa.com	Havoc botnet C2 domain (confidence level: 100%)
domainpirobelen.ydns.eu	Remcos botnet C2 domain (confidence level: 100%)
domainpirobelenbk.ydns.eu	Remcos botnet C2 domain (confidence level: 100%)
domainrecode v5.6	XWorm botnet C2 domain (confidence level: 75%)
domainltnhez.sa.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainsimplifycrm.it.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainwaike.cn.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainapi.wiresguard.com	Cobalt Strike botnet C2 domain (confidence level: 100%)
domainapi.skycloudcenter.com	Unknown malware botnet C2 domain (confidence level: 100%)
domainultradatahost1.cfd	Unknown Stealer payload delivery domain (confidence level: 100%)
domainmaclinkgo.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainmacsharego.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainsafetransfer14.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainmaclinkon.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainmacshareup.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainmacspeedx.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainmacuplum.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainmacpathy.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainmacuplink.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainquicksend10.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainsupport.asseryassin.com	Unknown malware payload delivery domain (confidence level: 100%)

Url

Value	Description	Copy
urlhttps://lazaniaabstract.com/86e134dc3955440b.php	Stealc botnet C2 (confidence level: 100%)
urlhttp://89.223.95.97:8888/supershell/login/	Unknown malware botnet C2 (confidence level: 100%)
urlhttps://soulversr.com/1d2g.js	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://soulversr.com/js.php	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://tiapolif.com/tenant/redirect-effect.php	SmartApeSG payload delivery URL (confidence level: 100%)
urlhttps://tiapolif.com/tenant/dashboard-thread.js	SmartApeSG payload delivery URL (confidence level: 100%)
urlhttp://193.111.208.17/metrics	SmartApeSG payload delivery URL (confidence level: 100%)
urlhttps://verotibet.com/metrics	SmartApeSG payload delivery URL (confidence level: 100%)
urlhttps://193.111.208.17/logger	SmartApeSG payload delivery URL (confidence level: 100%)
urlhttps://www.rigogabriele.it/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://one-safe.io/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://cz-douyin.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://kolscan.fi/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttp://178.16.53.17/6a62807f4d61401b.php	Stealc botnet C2 (confidence level: 100%)
urlhttps://37.27.166.238/	Vidar botnet C2 (confidence level: 100%)
urlhttp://124.222.137.114:9999/3yzr31vk	Cobalt Strike botnet C2 (confidence level: 75%)
urlhttps://cdn.jsdelivr.net/gh/www1day7/msdn/flash	ClearFake payload delivery URL (confidence level: 100%)
urltftp://123.240.130.115/.i	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://invesrting.com/ledger/270653f862f0ee21dce0a46e4801ec28db4ddc77b6fba9341b1b8db29909c514	Unknown Stealer botnet C2 (confidence level: 100%)
urlhttp://198.251.89.171/7fca4b626244404d.php	Stealc botnet C2 (confidence level: 100%)
urlhttp://138.226.237.80	Stealc botnet C2 (confidence level: 100%)
urlhttps://monseftq.com/5f7b.js	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://monseftq.com/js.php	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://www.support.asseryassin.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://payinty.com/4s4m.js	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://payinty.com/js.php	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://tribadu.cyou/api	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttp://192.248.184.13/pages/login.php	Unknown malware botnet C2 (confidence level: 100%)
urlhttps://cdn.jsdelivr.net/gh/relight-73-unsigned/coolray/nmo	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://cdn.jsdelivr.net/gh/stp26det/eval80/physx	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://dameagm.cyou/api	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://cdn.jsdelivr.net/gh/stp26det/eval80/net2	ClearFake payload delivery URL (confidence level: 100%)

Threat ID: 69828f56f9fa50a62fec0b9f

Added to database: 2/4/2026, 12:14:14 AM

Last enriched: 2/4/2026, 12:14:39 AM

Last updated: 2/7/2026, 1:17:07 AM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Related Threats

Knife Cutting the Edge: Disclosing a China-nexus gateway-monitoring AitM framework

Medium

MalwareThu Feb 05 2026

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need more coverage?

Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

ThreatFox IOCs for 2026-02-03

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

ThreatFox IOCs for 2026-02-03

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

File

Hash

Domain

Url

Community Reviews

Related Threats

ThreatFox IOCs for 2026-02-06

ThreatFox IOCs for 2026-02-05

Technical Analysis of Marco Stealer

New Clickfix variant 'CrashFix' deploying Python Remote Access Trojan

Knife Cutting the Edge: Disclosing a China-nexus gateway-monitoring AitM framework

Actions

External Links

Need more coverage?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility