Reconnecting to live updates…

ThreatFox IOCs for 2026-02-06

Severity: mediumType: malware

AI Analysis

Technical Summary

The ThreatFox IOCs published on 2026-02-06 represent a collection of indicators related to malware activity, specifically focusing on OSINT (Open Source Intelligence), network activity, and payload delivery. The data does not specify affected software versions or particular vulnerabilities, nor does it indicate any known exploits actively targeting systems. The threat level is classified as medium, reflecting a moderate potential risk primarily due to the nature of the indicators rather than active exploitation. The absence of patch availability and known exploits suggests this information is intended for threat intelligence and early detection rather than immediate remediation. The technical details provided are minimal, with a threat level of 2 on an unspecified scale and a distribution rating of 3, indicating moderate dissemination or relevance. The lack of concrete indicators or CWEs limits the ability to perform detailed technical analysis. Overall, this feed update serves as a resource for security teams to enhance their detection capabilities by incorporating fresh IOCs into their monitoring tools, enabling better identification of potential reconnaissance or payload delivery attempts in network traffic.

Potential Impact

For European organizations, the impact of these IOCs is primarily in the realm of threat detection and situational awareness rather than direct compromise or operational disruption. Since no active exploits or vulnerabilities are identified, the immediate risk to confidentiality, integrity, or availability is low. However, failure to integrate these IOCs into security monitoring could result in missed early warnings of malware-related activities, potentially allowing adversaries to progress undetected in their attack lifecycle. Organizations operating critical infrastructure or handling sensitive data may face increased risk if these indicators correlate with targeted reconnaissance or payload delivery attempts. The medium severity rating suggests that while the threat is not urgent, it should be taken seriously as part of a layered defense strategy. The lack of patches or fixes means that mitigation relies on detection and response capabilities rather than vulnerability remediation.

Mitigation Recommendations

European organizations should prioritize the integration of these ThreatFox IOCs into their existing Security Information and Event Management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), and endpoint detection and response (EDR) tools. Automated ingestion of updated IOCs will enhance the ability to detect suspicious network activity and payload delivery attempts associated with malware. Security teams should conduct regular threat hunting exercises using these indicators to identify potential early-stage compromises. Additionally, organizations should ensure robust network segmentation and strict access controls to limit the lateral movement of any malware detected. Employee awareness training on recognizing phishing and social engineering tactics remains critical, as these are common initial vectors for payload delivery. Finally, collaboration with national Computer Emergency Response Teams (CERTs) and sharing of threat intelligence within industry sectors can improve collective defense against emerging threats indicated by these IOCs.

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy

Indicators of Compromise

file: 185.221.213.13
hash: 23581
file: 91.92.241.145
hash: 4045
file: 91.92.241.145
hash: 9792
url: https://weibast.com/5m1d.js
domain: weibast.com
url: https://weibast.com/js.php
domain: belloww.cyou
domain: dinglev.cyou
domain: genusgp.cyou
domain: saudiab.cyou
domain: ulmacea.cyou
url: https://madridherb.com/refresh/route-deploy.php
domain: madridherb.com
url: https://madridherb.com/refresh/token-transpiler.js
url: http://77.83.199.202/tempfile
url: https://figaphotography.com/tempfile
url: https://77.83.199.202/archive
file: 107.172.238.23
hash: 8907
domain: tyuiyuiuyuiuy.duckdns.org
file: 45.148.18.41
hash: 50987
domain: celikrt.duckdns.org
domain: iausyh-50115.portmap.host
file: 103.20.241.112
hash: 2230
file: 46.101.112.70
hash: 2448
domain: 117a78bb33.nxcli.net
domain: acc.mecha-service.nl
domain: admin.jnishop.com
domain: accsories.xin
domain: admin.ilygold.com
domain: aeromodelosconcepcion.com
domain: autoconfig.oikiastays.perspectiveunity.com
domain: asgwellness.korrakang.com
domain: berna-und-max.lenz-berauscht.de
domain: bds3.umemarketingagency.com
domain: bhv.lt
domain: bravepolice.com
domain: bh2.umemarketingagency.com
domain: bh3.umemarketingagency.com
domain: bxsandbox2.pragma.by
domain: canacopachuca.com
domain: choeur-enfants-opera-nice.com
domain: consulting-kick.de
domain: cupom.prgss.dev
domain: celik.bewapps.com
domain: demo14.netbazaarbd.com
domain: ddledu.dev.sugaweb.com
domain: destinationecuador.com.tropiceco.com
domain: dev.ghcoop.vn
domain: dinamicnegocios.com.br
domain: dev.18m.sn
domain: educlic.ca
domain: eatwellhouse.ru
domain: epigrams.co.uk
domain: fomomforhealth.com
domain: fiscaldynamicswest.com
domain: gamboozarecover.crearhosting.com
domain: goldnews24h.com.yemint.com
domain: funpasta.webdevlink.com
domain: gereja.neoxdev.com
domain: hablaportafolio.com
domain: herbertbrewerbooks.com.laneacquisition.com
domain: heritagecraftshub.com
domain: iglesia.efata.org
domain: jcptacticalllc.com
domain: konferenceappka.bartvisions.cz
domain: kft.kusherp.com
domain: lns.owl.temporary.site
domain: mail.foxfinancas.com
domain: mail.casadostoldoslimeira.com.br
domain: mail.evascientific.com
domain: mail.binbinartgallery.com
domain: mail.createubebeni.com
domain: mail.jcptacticalllc.com
domain: mail.lacasadelsoleets.it
domain: mail.bangunrumahmewah.com
domain: mail.oligoflora.com.br
domain: mail.kusherp.com
domain: mail.lns.owl.temporary.site
domain: mail.loomwaveinternational.com
domain: mail.sunentjp.com
domain: mail.chukysohoadondientu.vn
domain: mail.test.lutherankifuru.org
domain: mail.pharmac.com.br
domain: mail.vayna.in
domain: mail.tomorrowsgarden.com.au
domain: mail.nutraforyou.com
domain: momentagrowth.dk
domain: minimalist-blog.net
domain: makito.s9.valueserver.jp
domain: metodoreplicando.com.br
domain: new.ricker.efata.org
domain: neacoop.it
domain: mayxaychalua.cokhiviendong.com
domain: ns1.ivamediagroup.com
domain: odeme.tunasuaritma.com
domain: papierschliff.de
domain: priyanka.kusherp.com
domain: perfume-casablanca.com
domain: mrdq.kawayanmedia.com
domain: reportesdeficitcero.bitbanglab.cl
domain: riverdevil.org
domain: pancadaonoticias.com.br
domain: shop.atlasfiltre.com
domain: smartbowls.co.za.rocketrobs.co.za
domain: studiomat.baclinc.work
domain: siniloan.kawayanmedia.com
domain: test.jsctransports.com
file: 181.134.206.134
hash: 30210
file: 147.185.221.223
hash: 44325
domain: press-shuttle.gl.at.ply.gg
file: 95.214.234.165
hash: 2404
file: 185.208.159.245
hash: 2404
file: 116.202.157.22
hash: 9000
file: 41.69.3.213
hash: 8080
file: 186.212.29.145
hash: 8081
file: 199.101.111.141
hash: 3790
file: 199.101.111.172
hash: 3790
file: 49.228.131.126
hash: 2240
domain: weifang.thddns.net
file: 160.30.159.104
hash: 56999
file: 104.223.84.8
hash: 14645
file: 102.117.172.104
hash: 7443
file: 185.241.211.3
hash: 8888
file: 31.57.219.103
hash: 8080
file: 46.173.214.173
hash: 7777
file: 102.134.48.37
hash: 8888
url: http://102.134.48.37:8888/5kzc
domain: b08b173ccecafd720503db8ce130ff62.437f665a05bd452bcc46ed29ad69e77b.traefik.default
file: 102.189.205.207
hash: 8080
file: 147.93.9.173
hash: 443
file: 185.196.220.9
hash: 10134
file: 199.101.111.160
hash: 3790
file: 199.101.111.207
hash: 3790
file: 18.142.243.21
hash: 19677
file: 199.101.111.221
hash: 3790
file: 34.30.77.194
hash: 81
file: 34.70.150.180
hash: 80
file: 104.168.32.88
hash: 12358
file: 69.169.105.23
hash: 6099
domain: xexezagandon-30432.portmap.host
domain: movo.co.com
domain: ljliun.za.com
domain: slotterbaik2024.jp.net
domain: lhgzu.sa.com
domain: indiadeal.in.net
url: https://currentsystems.com/api
domain: jeffcollet.ch
file: 130.94.113.130
hash: 443
file: 141.98.233.62
hash: 80
file: 38.55.99.179
hash: 5555
hash: 8ef869e7ed4310ddf6e2a91855c12463
hash: d762a79258667ee965a32b2983a4339e
file: 23.27.49.143
hash: 2404
file: 8.141.123.245
hash: 80
file: 38.60.157.155
hash: 80
file: 154.22.5.160
hash: 443
file: 8.130.128.39
hash: 60000
url: https://mail.binbinartgallery.com/
url: https://jcptacticalllc.com/
url: https://mail.casadostoldoslimeira.com.br/
url: https://mail.evascientific.com/
url: https://mail.createubebeni.com/
url: https://konferenceappka.bartvisions.cz/
url: https://kft.kusherp.com/
url: https://lns.owl.temporary.site/
url: https://hablaportafolio.com/
url: https://iglesia.efata.org/
url: https://herbertbrewerbooks.com.laneacquisition.com/
url: https://heritagecraftshub.com/
url: https://funpasta.webdevlink.com/
url: https://gereja.neoxdev.com/
url: https://gamboozarecover.crearhosting.com/
url: https://goldnews24h.com.yemint.com/
url: https://fiscaldynamicswest.com/
url: https://destinationecuador.com.tropiceco.com/
url: https://epigrams.co.uk/
url: https://dev.18m.sn/
url: https://celik.bewapps.com/
url: https://dev.ghcoop.vn/
url: https://ddledu.dev.sugaweb.com/
url: https://bxsandbox2.pragma.by/
url: https://demo14.netbazaarbd.com/
url: https://www.canacopachuca.com/
url: https://cupom.prgss.dev/
url: https://asgwellness.korrakang.com/
url: https://bh3.umemarketingagency.com/
url: https://bravepolice.com/
url: https://admin.ilygold.com/
url: https://berna-und-max.lenz-berauscht.de/
url: https://aeromodelosconcepcion.com/
url: https://autoconfig.oikiastays.perspectiveunity.com/
file: 172.111.213.104
hash: 2404
file: 45.153.127.142
hash: 443
url: https://admin.jnishop.com/
url: https://accsories.xin/
url: https://acc.mecha-service.nl/
url: https://117a78bb33.nxcli.net/
file: 158.94.210.213
hash: 8090
file: 143.92.140.43
hash: 443
file: 103.177.47.233
hash: 3790
file: 192.142.18.214
hash: 3790
file: 104.234.240.23
hash: 443
file: 104.234.240.23
hash: 80
file: 65.153.151.175
hash: 8855
file: 69.169.105.23
hash: 6100
file: 110.44.126.45
hash: 50443
domain: cloud.aaddigitalstrategies.com
url: http://110.44.126.45:50443/kxeu
url: https://bds3.umemarketingagency.com/
file: 38.55.99.145
hash: 80
file: 23.235.163.34
hash: 28403
url: http://47.105.41.59:10080/9zqy
domain: opoxujo.za.com
file: 104.21.76.58
hash: 1604
file: 104.21.76.58
hash: 4782
file: 104.21.76.58
hash: 8080
file: 104.21.76.58
hash: 8848
file: 172.67.190.80
hash: 1604
file: 172.67.190.80
hash: 4782
file: 172.67.190.80
hash: 8080
file: 172.67.190.80
hash: 8848
url: https://senseapiport.live
file: 185.208.159.97
hash: 5222
domain: brechjebritt.duckdns.org
domain: breur44.duckdns.org
file: 163.61.182.41
hash: 1016
file: 3.94.180.233
hash: 2403
domain: kaz.mpekz.org
file: 185.243.115.103
hash: 80
domain: wetransferbackups9669.com
file: 77.171.25.29
hash: 8808
file: 199.101.111.82
hash: 3790
file: 3.35.137.145
hash: 9601
file: 3.10.171.24
hash: 25395
file: 3.10.171.24
hash: 43895
file: 91.219.238.130
hash: 3232
domain: just.co.com
domain: jetwin.in.net
file: 185.132.53.205
hash: 8808
domain: rmsolutions.ch
domain: shiny-darkness-5096.hrmcxaeel.workers.dev
domain: data.shiny-darkness-5096.hrmcxaeel.workers.dev
domain: malware.shiny-darkness-5096.hrmcxaeel.workers.dev
domain: ddos.shiny-darkness-5096.hrmcxaeel.workers.dev
domain: v2.shiny-darkness-5096.hrmcxaeel.workers.dev
domain: v3.shiny-darkness-5096.hrmcxaeel.workers.dev
domain: atex.shiny-darkness-5096.hrmcxaeel.workers.dev
domain: phishing.shiny-darkness-5096.hrmcxaeel.workers.dev
domain: backup.shiny-darkness-5096.hrmcxaeel.workers.dev
domain: quantri.shiny-darkness-5096.hrmcxaeel.workers.dev
domain: quiet-disk-62f9.hrmcxaeel.workers.dev
domain: data.quiet-disk-62f9.hrmcxaeel.workers.dev
domain: malware.quiet-disk-62f9.hrmcxaeel.workers.dev
domain: ddos.quiet-disk-62f9.hrmcxaeel.workers.dev
domain: v2.quiet-disk-62f9.hrmcxaeel.workers.dev
domain: v3.quiet-disk-62f9.hrmcxaeel.workers.dev
domain: atex.quiet-disk-62f9.hrmcxaeel.workers.dev
domain: phishing.quiet-disk-62f9.hrmcxaeel.workers.dev
domain: backup.quiet-disk-62f9.hrmcxaeel.workers.dev
domain: quantri.quiet-disk-62f9.hrmcxaeel.workers.dev
file: 147.189.173.120
hash: 1912
file: 8.219.238.0
hash: 3344
file: 158.94.210.71
hash: 42687
file: 47.92.82.162
hash: 443
url: https://rpgpals.com/9n4d.js
domain: rpgpals.com
url: https://rpgpals.com/js.php
url: https://billinvestin.com/signin/callback-bundle.js
domain: billinvestin.com
url: https://billinvestin.com/signin/beta-ajax.php
url: https://billinvestin.com/signin/trace-payload.js
url: http://85.158.111.14/update
url: https://texasvirtualguide.com/update
url: https://85.158.111.14/create
file: 20.171.9.116
hash: 1912
url: http://196.251.107.109/panel/login.php
domain: newgnms.top
file: 128.254.194.95
hash: 56001
file: 216.239.104.59
hash: 1111
url: https://guapospain.com/signin/beta-ajax.php
domain: guapospain.com
url: https://guapospain.com/signin/trace-payload.js
file: 94.143.231.7
hash: 3333
file: 44.246.189.12
hash: 80
file: 45.196.97.119
hash: 443
file: 45.196.97.119
hash: 53
file: 45.196.97.119
hash: 80
file: 45.196.97.119
hash: 123
file: 5.59.248.53
hash: 1995
file: 172.105.83.27
hash: 14829
file: 154.12.81.103
hash: 2222
file: 162.243.20.131
hash: 12261
file: 107.174.202.123
hash: 7443
file: 172.232.216.95
hash: 14829
file: 191.8.232.11
hash: 6653
domain: macsharefolder.com
domain: macgolddocker.com
domain: macjadeplas.com
domain: macvaultatelier.com
domain: maclinkatelier.com
domain: macvividlocker.com
domain: macshadowfolder.com
domain: macplasmavault.com
file: 207.180.217.49
hash: 2405
file: 103.195.101.62
hash: 2404
file: 85.17.146.235
hash: 8081
file: 185.105.239.14
hash: 31337
file: 185.241.211.47
hash: 10001
file: 95.40.2.30
hash: 12327
file: 13.48.13.254
hash: 4433
file: 43.216.249.48
hash: 18245
url: http://cn394214.tw1.ru/74baa51a.php
url: http://189.666.666.666:443/jquery-3.3.2.slim.min.js
file: 109.107.181.245
hash: 80
file: 45.55.159.168
hash: 5050
file: 80.79.6.185
hash: 7705
file: 157.173.96.123
hash: 8443
file: 172.201.216.161
hash: 40056
file: 185.241.211.75
hash: 1000
file: 3.208.233.133
hash: 443
file: 35.71.138.123
hash: 443
file: 38.244.2.176
hash: 2914
file: 103.228.64.189
hash: 18926
domain: m.clientportaldocs.com
domain: abs.clientportaldocs.com
file: 223.109.91.135
hash: 10001
file: 124.198.131.178
hash: 4444
domain: lotterynow-api-sandbox.luckyd.app
file: 69.167.9.148
hash: 443
domain: czl.uk.com
domain: di4y.uk.com
domain: italy.br.com
domain: karma.us.com
domain: kino.br.com
domain: orthoweb.de.com
domain: bzj.uk.com
domain: happydays.eu.com
domain: hwxs.uk.com
domain: kmm.eu.com
domain: lve.uk.com
domain: whorl.uk.com
domain: fiz.us.com
domain: fokxtvz.uk.com
domain: vlsexgai.pro
file: 176.65.151.201
hash: 8080
file: 203.159.90.198
hash: 443
domain: luckylab-api.luckyd.app
file: 38.55.192.204
hash: 60000
file: 223.109.90.93
hash: 10001
file: 110.43.68.218
hash: 10001
url: http://www.emezonhe.me:443/jquery-3.3.1.min.js

ThreatFox IOCs for 2026-02-06

Severity: medium

Type: malware

ThreatFox IOCs for 2026-02-06

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy

Indicators of Compromise

file: 185.221.213.13
hash: 23581
file: 91.92.241.145
hash: 4045
file: 91.92.241.145
hash: 9792
url: https://weibast.com/5m1d.js
domain: weibast.com
url: https://weibast.com/js.php
domain: belloww.cyou
domain: dinglev.cyou
domain: genusgp.cyou
domain: saudiab.cyou
domain: ulmacea.cyou
url: https://madridherb.com/refresh/route-deploy.php
domain: madridherb.com
url: https://madridherb.com/refresh/token-transpiler.js
url: http://77.83.199.202/tempfile
url: https://figaphotography.com/tempfile
url: https://77.83.199.202/archive
file: 107.172.238.23
hash: 8907
domain: tyuiyuiuyuiuy.duckdns.org
file: 45.148.18.41
hash: 50987
domain: celikrt.duckdns.org
domain: iausyh-50115.portmap.host
file: 103.20.241.112
hash: 2230
file: 46.101.112.70
hash: 2448
domain: 117a78bb33.nxcli.net
domain: acc.mecha-service.nl
domain: admin.jnishop.com
domain: accsories.xin
domain: admin.ilygold.com
domain: aeromodelosconcepcion.com
domain: autoconfig.oikiastays.perspectiveunity.com
domain: asgwellness.korrakang.com
domain: berna-und-max.lenz-berauscht.de
domain: bds3.umemarketingagency.com
domain: bhv.lt
domain: bravepolice.com
domain: bh2.umemarketingagency.com
domain: bh3.umemarketingagency.com
domain: bxsandbox2.pragma.by
domain: canacopachuca.com
domain: choeur-enfants-opera-nice.com
domain: consulting-kick.de
domain: cupom.prgss.dev
domain: celik.bewapps.com
domain: demo14.netbazaarbd.com
domain: ddledu.dev.sugaweb.com
domain: destinationecuador.com.tropiceco.com
domain: dev.ghcoop.vn
domain: dinamicnegocios.com.br
domain: dev.18m.sn
domain: educlic.ca
domain: eatwellhouse.ru
domain: epigrams.co.uk
domain: fomomforhealth.com
domain: fiscaldynamicswest.com
domain: gamboozarecover.crearhosting.com
domain: goldnews24h.com.yemint.com
domain: funpasta.webdevlink.com
domain: gereja.neoxdev.com
domain: hablaportafolio.com
domain: herbertbrewerbooks.com.laneacquisition.com
domain: heritagecraftshub.com
domain: iglesia.efata.org
domain: jcptacticalllc.com
domain: konferenceappka.bartvisions.cz
domain: kft.kusherp.com
domain: lns.owl.temporary.site
domain: mail.foxfinancas.com
domain: mail.casadostoldoslimeira.com.br
domain: mail.evascientific.com
domain: mail.binbinartgallery.com
domain: mail.createubebeni.com
domain: mail.jcptacticalllc.com
domain: mail.lacasadelsoleets.it
domain: mail.bangunrumahmewah.com
domain: mail.oligoflora.com.br
domain: mail.kusherp.com
domain: mail.lns.owl.temporary.site
domain: mail.loomwaveinternational.com
domain: mail.sunentjp.com
domain: mail.chukysohoadondientu.vn
domain: mail.test.lutherankifuru.org
domain: mail.pharmac.com.br
domain: mail.vayna.in
domain: mail.tomorrowsgarden.com.au
domain: mail.nutraforyou.com
domain: momentagrowth.dk
domain: minimalist-blog.net
domain: makito.s9.valueserver.jp
domain: metodoreplicando.com.br
domain: new.ricker.efata.org
domain: neacoop.it
domain: mayxaychalua.cokhiviendong.com
domain: ns1.ivamediagroup.com
domain: odeme.tunasuaritma.com
domain: papierschliff.de
domain: priyanka.kusherp.com
domain: perfume-casablanca.com
domain: mrdq.kawayanmedia.com
domain: reportesdeficitcero.bitbanglab.cl
domain: riverdevil.org
domain: pancadaonoticias.com.br
domain: shop.atlasfiltre.com
domain: smartbowls.co.za.rocketrobs.co.za
domain: studiomat.baclinc.work
domain: siniloan.kawayanmedia.com
domain: test.jsctransports.com
file: 181.134.206.134
hash: 30210
file: 147.185.221.223
hash: 44325
domain: press-shuttle.gl.at.ply.gg
file: 95.214.234.165
hash: 2404
file: 185.208.159.245
hash: 2404
file: 116.202.157.22
hash: 9000
file: 41.69.3.213
hash: 8080
file: 186.212.29.145
hash: 8081
file: 199.101.111.141
hash: 3790
file: 199.101.111.172
hash: 3790
file: 49.228.131.126
hash: 2240
domain: weifang.thddns.net
file: 160.30.159.104
hash: 56999
file: 104.223.84.8
hash: 14645
file: 102.117.172.104
hash: 7443
file: 185.241.211.3
hash: 8888
file: 31.57.219.103
hash: 8080
file: 46.173.214.173
hash: 7777
file: 102.134.48.37
hash: 8888
url: http://102.134.48.37:8888/5kzc
domain: b08b173ccecafd720503db8ce130ff62.437f665a05bd452bcc46ed29ad69e77b.traefik.default
file: 102.189.205.207
hash: 8080
file: 147.93.9.173
hash: 443
file: 185.196.220.9
hash: 10134
file: 199.101.111.160
hash: 3790
file: 199.101.111.207
hash: 3790
file: 18.142.243.21
hash: 19677
file: 199.101.111.221
hash: 3790
file: 34.30.77.194
hash: 81
file: 34.70.150.180
hash: 80
file: 104.168.32.88
hash: 12358
file: 69.169.105.23
hash: 6099
domain: xexezagandon-30432.portmap.host
domain: movo.co.com
domain: ljliun.za.com
domain: slotterbaik2024.jp.net
domain: lhgzu.sa.com
domain: indiadeal.in.net
url: https://currentsystems.com/api
domain: jeffcollet.ch
file: 130.94.113.130
hash: 443
file: 141.98.233.62
hash: 80
file: 38.55.99.179
hash: 5555
hash: 8ef869e7ed4310ddf6e2a91855c12463
hash: d762a79258667ee965a32b2983a4339e
file: 23.27.49.143
hash: 2404
file: 8.141.123.245
hash: 80
file: 38.60.157.155
hash: 80
file: 154.22.5.160
hash: 443
file: 8.130.128.39
hash: 60000
url: https://mail.binbinartgallery.com/
url: https://jcptacticalllc.com/
url: https://mail.casadostoldoslimeira.com.br/
url: https://mail.evascientific.com/
url: https://mail.createubebeni.com/
url: https://konferenceappka.bartvisions.cz/
url: https://kft.kusherp.com/
url: https://lns.owl.temporary.site/
url: https://hablaportafolio.com/
url: https://iglesia.efata.org/
url: https://herbertbrewerbooks.com.laneacquisition.com/
url: https://heritagecraftshub.com/
url: https://funpasta.webdevlink.com/
url: https://gereja.neoxdev.com/
url: https://gamboozarecover.crearhosting.com/
url: https://goldnews24h.com.yemint.com/
url: https://fiscaldynamicswest.com/
url: https://destinationecuador.com.tropiceco.com/
url: https://epigrams.co.uk/
url: https://dev.18m.sn/
url: https://celik.bewapps.com/
url: https://dev.ghcoop.vn/
url: https://ddledu.dev.sugaweb.com/
url: https://bxsandbox2.pragma.by/
url: https://demo14.netbazaarbd.com/
url: https://www.canacopachuca.com/
url: https://cupom.prgss.dev/
url: https://asgwellness.korrakang.com/
url: https://bh3.umemarketingagency.com/
url: https://bravepolice.com/
url: https://admin.ilygold.com/
url: https://berna-und-max.lenz-berauscht.de/
url: https://aeromodelosconcepcion.com/
url: https://autoconfig.oikiastays.perspectiveunity.com/
file: 172.111.213.104
hash: 2404
file: 45.153.127.142
hash: 443
url: https://admin.jnishop.com/
url: https://accsories.xin/
url: https://acc.mecha-service.nl/
url: https://117a78bb33.nxcli.net/
file: 158.94.210.213
hash: 8090
file: 143.92.140.43
hash: 443
file: 103.177.47.233
hash: 3790
file: 192.142.18.214
hash: 3790
file: 104.234.240.23
hash: 443
file: 104.234.240.23
hash: 80
file: 65.153.151.175
hash: 8855
file: 69.169.105.23
hash: 6100
file: 110.44.126.45
hash: 50443
domain: cloud.aaddigitalstrategies.com
url: http://110.44.126.45:50443/kxeu
url: https://bds3.umemarketingagency.com/
file: 38.55.99.145
hash: 80
file: 23.235.163.34
hash: 28403
url: http://47.105.41.59:10080/9zqy
domain: opoxujo.za.com
file: 104.21.76.58
hash: 1604
file: 104.21.76.58
hash: 4782
file: 104.21.76.58
hash: 8080
file: 104.21.76.58
hash: 8848
file: 172.67.190.80
hash: 1604
file: 172.67.190.80
hash: 4782
file: 172.67.190.80
hash: 8080
file: 172.67.190.80
hash: 8848
url: https://senseapiport.live
file: 185.208.159.97
hash: 5222
domain: brechjebritt.duckdns.org
domain: breur44.duckdns.org
file: 163.61.182.41
hash: 1016
file: 3.94.180.233
hash: 2403
domain: kaz.mpekz.org
file: 185.243.115.103
hash: 80
domain: wetransferbackups9669.com
file: 77.171.25.29
hash: 8808
file: 199.101.111.82
hash: 3790
file: 3.35.137.145
hash: 9601
file: 3.10.171.24
hash: 25395
file: 3.10.171.24
hash: 43895
file: 91.219.238.130
hash: 3232
domain: just.co.com
domain: jetwin.in.net
file: 185.132.53.205
hash: 8808
domain: rmsolutions.ch
domain: shiny-darkness-5096.hrmcxaeel.workers.dev
domain: data.shiny-darkness-5096.hrmcxaeel.workers.dev
domain: malware.shiny-darkness-5096.hrmcxaeel.workers.dev
domain: ddos.shiny-darkness-5096.hrmcxaeel.workers.dev
domain: v2.shiny-darkness-5096.hrmcxaeel.workers.dev
domain: v3.shiny-darkness-5096.hrmcxaeel.workers.dev
domain: atex.shiny-darkness-5096.hrmcxaeel.workers.dev
domain: phishing.shiny-darkness-5096.hrmcxaeel.workers.dev
domain: backup.shiny-darkness-5096.hrmcxaeel.workers.dev
domain: quantri.shiny-darkness-5096.hrmcxaeel.workers.dev
domain: quiet-disk-62f9.hrmcxaeel.workers.dev
domain: data.quiet-disk-62f9.hrmcxaeel.workers.dev
domain: malware.quiet-disk-62f9.hrmcxaeel.workers.dev
domain: ddos.quiet-disk-62f9.hrmcxaeel.workers.dev
domain: v2.quiet-disk-62f9.hrmcxaeel.workers.dev
domain: v3.quiet-disk-62f9.hrmcxaeel.workers.dev
domain: atex.quiet-disk-62f9.hrmcxaeel.workers.dev
domain: phishing.quiet-disk-62f9.hrmcxaeel.workers.dev
domain: backup.quiet-disk-62f9.hrmcxaeel.workers.dev
domain: quantri.quiet-disk-62f9.hrmcxaeel.workers.dev
file: 147.189.173.120
hash: 1912
file: 8.219.238.0
hash: 3344
file: 158.94.210.71
hash: 42687
file: 47.92.82.162
hash: 443
url: https://rpgpals.com/9n4d.js
domain: rpgpals.com
url: https://rpgpals.com/js.php
url: https://billinvestin.com/signin/callback-bundle.js
domain: billinvestin.com
url: https://billinvestin.com/signin/beta-ajax.php
url: https://billinvestin.com/signin/trace-payload.js
url: http://85.158.111.14/update
url: https://texasvirtualguide.com/update
url: https://85.158.111.14/create
file: 20.171.9.116
hash: 1912
url: http://196.251.107.109/panel/login.php
domain: newgnms.top
file: 128.254.194.95
hash: 56001
file: 216.239.104.59
hash: 1111
url: https://guapospain.com/signin/beta-ajax.php
domain: guapospain.com
url: https://guapospain.com/signin/trace-payload.js
file: 94.143.231.7
hash: 3333
file: 44.246.189.12
hash: 80
file: 45.196.97.119
hash: 443
file: 45.196.97.119
hash: 53
file: 45.196.97.119
hash: 80
file: 45.196.97.119
hash: 123
file: 5.59.248.53
hash: 1995
file: 172.105.83.27
hash: 14829
file: 154.12.81.103
hash: 2222
file: 162.243.20.131
hash: 12261
file: 107.174.202.123
hash: 7443
file: 172.232.216.95
hash: 14829
file: 191.8.232.11
hash: 6653
domain: macsharefolder.com
domain: macgolddocker.com
domain: macjadeplas.com
domain: macvaultatelier.com
domain: maclinkatelier.com
domain: macvividlocker.com
domain: macshadowfolder.com
domain: macplasmavault.com
file: 207.180.217.49
hash: 2405
file: 103.195.101.62
hash: 2404
file: 85.17.146.235
hash: 8081
file: 185.105.239.14
hash: 31337
file: 185.241.211.47
hash: 10001
file: 95.40.2.30
hash: 12327
file: 13.48.13.254
hash: 4433
file: 43.216.249.48
hash: 18245
url: http://cn394214.tw1.ru/74baa51a.php
url: http://189.666.666.666:443/jquery-3.3.2.slim.min.js
file: 109.107.181.245
hash: 80
file: 45.55.159.168
hash: 5050
file: 80.79.6.185
hash: 7705
file: 157.173.96.123
hash: 8443
file: 172.201.216.161
hash: 40056
file: 185.241.211.75
hash: 1000
file: 3.208.233.133
hash: 443
file: 35.71.138.123
hash: 443
file: 38.244.2.176
hash: 2914
file: 103.228.64.189
hash: 18926
domain: m.clientportaldocs.com
domain: abs.clientportaldocs.com
file: 223.109.91.135
hash: 10001
file: 124.198.131.178
hash: 4444
domain: lotterynow-api-sandbox.luckyd.app
file: 69.167.9.148
hash: 443
domain: czl.uk.com
domain: di4y.uk.com
domain: italy.br.com
domain: karma.us.com
domain: kino.br.com
domain: orthoweb.de.com
domain: bzj.uk.com
domain: happydays.eu.com
domain: hwxs.uk.com
domain: kmm.eu.com
domain: lve.uk.com
domain: whorl.uk.com
domain: fiz.us.com
domain: fokxtvz.uk.com
domain: vlsexgai.pro
file: 176.65.151.201
hash: 8080
file: 203.159.90.198
hash: 443
domain: luckylab-api.luckyd.app
file: 38.55.192.204
hash: 60000
file: 223.109.90.93
hash: 10001
file: 110.43.68.218
hash: 10001
url: http://www.emezonhe.me:443/jquery-3.3.1.min.js

Source: ThreatFox MISP Feed

Published: Fri Feb 06 2026

ThreatFox IOCs for 2026-02-06

Medium

Malwaretype:osint tlp:white

Published: Fri Feb 06 2026 (02/06/2026, 00:00:00 UTC)

Source: ThreatFox MISP Feed

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2026-02-06

AI-Powered Analysis

AILast updated: 02/07/2026, 00:14:33 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Upgrade to Pro Console

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: 1e23bcb9-b654-470c-b146-6dcfe3848148
Original Timestamp: 1770422586

Indicators of Compromise

File

Value	Description	Copy
file185.221.213.13	Remcos botnet C2 server (confidence level: 100%)
file91.92.241.145	Quasar RAT botnet C2 server (confidence level: 100%)
file91.92.241.145	Quasar RAT botnet C2 server (confidence level: 100%)
file107.172.238.23	Remcos botnet C2 server (confidence level: 100%)
file45.148.18.41	Remcos botnet C2 server (confidence level: 100%)
file103.20.241.112	XWorm botnet C2 server (confidence level: 100%)
file46.101.112.70	Mirai botnet C2 server (confidence level: 100%)
file181.134.206.134	PureRAT botnet C2 server (confidence level: 100%)
file147.185.221.223	XWorm botnet C2 server (confidence level: 100%)
file95.214.234.165	Remcos botnet C2 server (confidence level: 100%)
file185.208.159.245	Remcos botnet C2 server (confidence level: 100%)
file116.202.157.22	SectopRAT botnet C2 server (confidence level: 100%)
file41.69.3.213	Quasar RAT botnet C2 server (confidence level: 100%)
file186.212.29.145	Havoc botnet C2 server (confidence level: 100%)
file199.101.111.141	Meterpreter botnet C2 server (confidence level: 100%)
file199.101.111.172	Meterpreter botnet C2 server (confidence level: 100%)
file49.228.131.126	XWorm botnet C2 server (confidence level: 100%)
file160.30.159.104	Mirai botnet C2 server (confidence level: 100%)
file104.223.84.8	Remcos botnet C2 server (confidence level: 100%)
file102.117.172.104	Unknown malware botnet C2 server (confidence level: 100%)
file185.241.211.3	Quasar RAT botnet C2 server (confidence level: 100%)
file31.57.219.103	Havoc botnet C2 server (confidence level: 100%)
file46.173.214.173	DCRat botnet C2 server (confidence level: 100%)
file102.134.48.37	Cobalt Strike botnet C2 server (confidence level: 100%)
file102.189.205.207	Quasar RAT botnet C2 server (confidence level: 100%)
file147.93.9.173	Havoc botnet C2 server (confidence level: 100%)
file185.196.220.9	Orcus RAT botnet C2 server (confidence level: 100%)
file199.101.111.160	Meterpreter botnet C2 server (confidence level: 100%)
file199.101.111.207	Meterpreter botnet C2 server (confidence level: 100%)
file18.142.243.21	Meterpreter botnet C2 server (confidence level: 100%)
file199.101.111.221	Meterpreter botnet C2 server (confidence level: 100%)
file34.30.77.194	Empire Downloader botnet C2 server (confidence level: 100%)
file34.70.150.180	Empire Downloader botnet C2 server (confidence level: 100%)
file104.168.32.88	XWorm botnet C2 server (confidence level: 100%)
file69.169.105.23	XWorm botnet C2 server (confidence level: 100%)
file130.94.113.130	Cobalt Strike botnet C2 server (confidence level: 100%)
file141.98.233.62	Cobalt Strike botnet C2 server (confidence level: 100%)
file38.55.99.179	Cobalt Strike botnet C2 server (confidence level: 100%)
file23.27.49.143	Remcos botnet C2 server (confidence level: 100%)
file8.141.123.245	Cobalt Strike botnet C2 server (confidence level: 100%)
file38.60.157.155	Cobalt Strike botnet C2 server (confidence level: 100%)
file154.22.5.160	Vidar botnet C2 server (confidence level: 100%)
file8.130.128.39	Unknown malware botnet C2 server (confidence level: 100%)
file172.111.213.104	Remcos botnet C2 server (confidence level: 100%)
file45.153.127.142	Unknown RAT botnet C2 server (confidence level: 100%)
file158.94.210.213	DCRat botnet C2 server (confidence level: 100%)
file143.92.140.43	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file103.177.47.233	Meterpreter botnet C2 server (confidence level: 100%)
file192.142.18.214	Meterpreter botnet C2 server (confidence level: 100%)
file104.234.240.23	Rhysida botnet C2 server (confidence level: 75%)
file104.234.240.23	Rhysida botnet C2 server (confidence level: 75%)
file65.153.151.175	DeimosC2 botnet C2 server (confidence level: 75%)
file69.169.105.23	XWorm botnet C2 server (confidence level: 100%)
file110.44.126.45	Meterpreter botnet C2 server (confidence level: 100%)
file38.55.99.145	Cobalt Strike botnet C2 server (confidence level: 100%)
file23.235.163.34	Cobalt Strike botnet C2 server (confidence level: 100%)
file104.21.76.58	AsyncRAT botnet C2 server (confidence level: 75%)
file104.21.76.58	AsyncRAT botnet C2 server (confidence level: 75%)
file104.21.76.58	AsyncRAT botnet C2 server (confidence level: 75%)
file104.21.76.58	AsyncRAT botnet C2 server (confidence level: 75%)
file172.67.190.80	AsyncRAT botnet C2 server (confidence level: 75%)
file172.67.190.80	AsyncRAT botnet C2 server (confidence level: 75%)
file172.67.190.80	AsyncRAT botnet C2 server (confidence level: 75%)
file172.67.190.80	AsyncRAT botnet C2 server (confidence level: 75%)
file185.208.159.97	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file163.61.182.41	XWorm botnet C2 server (confidence level: 100%)
file3.94.180.233	Remcos botnet C2 server (confidence level: 100%)
file185.243.115.103	Unknown RAT botnet C2 server (confidence level: 100%)
file77.171.25.29	AsyncRAT botnet C2 server (confidence level: 100%)
file199.101.111.82	Meterpreter botnet C2 server (confidence level: 100%)
file3.35.137.145	Meterpreter botnet C2 server (confidence level: 100%)
file3.10.171.24	Meterpreter botnet C2 server (confidence level: 100%)
file3.10.171.24	Meterpreter botnet C2 server (confidence level: 100%)
file91.219.238.130	AsyncRAT botnet C2 server (confidence level: 100%)
file185.132.53.205	AsyncRAT botnet C2 server (confidence level: 100%)
file147.189.173.120	RedLine Stealer botnet C2 server (confidence level: 100%)
file8.219.238.0	ValleyRAT botnet C2 server (confidence level: 100%)
file158.94.210.71	Bashlite botnet C2 server (confidence level: 100%)
file47.92.82.162	Cobalt Strike botnet C2 server (confidence level: 75%)
file20.171.9.116	neshta botnet C2 server (confidence level: 100%)
file128.254.194.95	PureRAT botnet C2 server (confidence level: 100%)
file216.239.104.59	Bashlite botnet C2 server (confidence level: 100%)
file94.143.231.7	XMRIG botnet C2 server (confidence level: 100%)
file44.246.189.12	XMRIG botnet C2 server (confidence level: 100%)
file45.196.97.119	XMRIG botnet C2 server (confidence level: 100%)
file45.196.97.119	XMRIG botnet C2 server (confidence level: 100%)
file45.196.97.119	XMRIG botnet C2 server (confidence level: 100%)
file45.196.97.119	XMRIG botnet C2 server (confidence level: 100%)
file5.59.248.53	Mirai botnet C2 server (confidence level: 100%)
file172.105.83.27	XWorm botnet C2 server (confidence level: 100%)
file154.12.81.103	Cobalt Strike botnet C2 server (confidence level: 100%)
file162.243.20.131	AsyncRAT botnet C2 server (confidence level: 100%)
file107.174.202.123	Unknown malware botnet C2 server (confidence level: 100%)
file172.232.216.95	XWorm botnet C2 server (confidence level: 100%)
file191.8.232.11	Quasar RAT botnet C2 server (confidence level: 100%)
file207.180.217.49	Remcos botnet C2 server (confidence level: 100%)
file103.195.101.62	Remcos botnet C2 server (confidence level: 100%)
file85.17.146.235	Remcos botnet C2 server (confidence level: 100%)
file185.105.239.14	Sliver botnet C2 server (confidence level: 100%)
file185.241.211.47	AsyncRAT botnet C2 server (confidence level: 100%)
file95.40.2.30	Meterpreter botnet C2 server (confidence level: 100%)
file13.48.13.254	Meterpreter botnet C2 server (confidence level: 100%)
file43.216.249.48	Meterpreter botnet C2 server (confidence level: 100%)
file109.107.181.245	Unknown Stealer payload delivery server (confidence level: 100%)
file45.55.159.168	NjRAT botnet C2 server (confidence level: 100%)
file80.79.6.185	PureLogs Stealer botnet C2 server (confidence level: 100%)
file157.173.96.123	Havoc botnet C2 server (confidence level: 75%)
file172.201.216.161	Havoc botnet C2 server (confidence level: 75%)
file185.241.211.75	Remcos botnet C2 server (confidence level: 75%)
file3.208.233.133	DeimosC2 botnet C2 server (confidence level: 75%)
file35.71.138.123	DeimosC2 botnet C2 server (confidence level: 75%)
file38.244.2.176	DeimosC2 botnet C2 server (confidence level: 75%)
file103.228.64.189	Ghost RAT botnet C2 server (confidence level: 75%)
file223.109.91.135	Xtreme RAT botnet C2 server (confidence level: 100%)
file124.198.131.178	Remcos botnet C2 server (confidence level: 100%)
file69.167.9.148	DCRat botnet C2 server (confidence level: 100%)
file176.65.151.201	Cobalt Strike botnet C2 server (confidence level: 100%)
file203.159.90.198	Sliver botnet C2 server (confidence level: 90%)
file38.55.192.204	Unknown malware botnet C2 server (confidence level: 100%)
file223.109.90.93	Xtreme RAT botnet C2 server (confidence level: 100%)
file110.43.68.218	Xtreme RAT botnet C2 server (confidence level: 100%)

Hash

Value	Description	Copy
hash23581	Remcos botnet C2 server (confidence level: 100%)
hash4045	Quasar RAT botnet C2 server (confidence level: 100%)
hash9792	Quasar RAT botnet C2 server (confidence level: 100%)
hash8907	Remcos botnet C2 server (confidence level: 100%)
hash50987	Remcos botnet C2 server (confidence level: 100%)
hash2230	XWorm botnet C2 server (confidence level: 100%)
hash2448	Mirai botnet C2 server (confidence level: 100%)
hash30210	PureRAT botnet C2 server (confidence level: 100%)
hash44325	XWorm botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash9000	SectopRAT botnet C2 server (confidence level: 100%)
hash8080	Quasar RAT botnet C2 server (confidence level: 100%)
hash8081	Havoc botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash2240	XWorm botnet C2 server (confidence level: 100%)
hash56999	Mirai botnet C2 server (confidence level: 100%)
hash14645	Remcos botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash8888	Quasar RAT botnet C2 server (confidence level: 100%)
hash8080	Havoc botnet C2 server (confidence level: 100%)
hash7777	DCRat botnet C2 server (confidence level: 100%)
hash8888	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080	Quasar RAT botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash10134	Orcus RAT botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash19677	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash81	Empire Downloader botnet C2 server (confidence level: 100%)
hash80	Empire Downloader botnet C2 server (confidence level: 100%)
hash12358	XWorm botnet C2 server (confidence level: 100%)
hash6099	XWorm botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash5555	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8ef869e7ed4310ddf6e2a91855c12463	Unknown malware payload (confidence level: 100%)
hashd762a79258667ee965a32b2983a4339e	Unknown malware payload (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash60000	Unknown malware botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash443	Unknown RAT botnet C2 server (confidence level: 100%)
hash8090	DCRat botnet C2 server (confidence level: 100%)
hash443	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash443	Rhysida botnet C2 server (confidence level: 75%)
hash80	Rhysida botnet C2 server (confidence level: 75%)
hash8855	DeimosC2 botnet C2 server (confidence level: 75%)
hash6100	XWorm botnet C2 server (confidence level: 100%)
hash50443	Meterpreter botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash28403	Cobalt Strike botnet C2 server (confidence level: 100%)
hash1604	AsyncRAT botnet C2 server (confidence level: 75%)
hash4782	AsyncRAT botnet C2 server (confidence level: 75%)
hash8080	AsyncRAT botnet C2 server (confidence level: 75%)
hash8848	AsyncRAT botnet C2 server (confidence level: 75%)
hash1604	AsyncRAT botnet C2 server (confidence level: 75%)
hash4782	AsyncRAT botnet C2 server (confidence level: 75%)
hash8080	AsyncRAT botnet C2 server (confidence level: 75%)
hash8848	AsyncRAT botnet C2 server (confidence level: 75%)
hash5222	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash1016	XWorm botnet C2 server (confidence level: 100%)
hash2403	Remcos botnet C2 server (confidence level: 100%)
hash80	Unknown RAT botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash9601	Meterpreter botnet C2 server (confidence level: 100%)
hash25395	Meterpreter botnet C2 server (confidence level: 100%)
hash43895	Meterpreter botnet C2 server (confidence level: 100%)
hash3232	AsyncRAT botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash1912	RedLine Stealer botnet C2 server (confidence level: 100%)
hash3344	ValleyRAT botnet C2 server (confidence level: 100%)
hash42687	Bashlite botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash1912	neshta botnet C2 server (confidence level: 100%)
hash56001	PureRAT botnet C2 server (confidence level: 100%)
hash1111	Bashlite botnet C2 server (confidence level: 100%)
hash3333	XMRIG botnet C2 server (confidence level: 100%)
hash80	XMRIG botnet C2 server (confidence level: 100%)
hash443	XMRIG botnet C2 server (confidence level: 100%)
hash53	XMRIG botnet C2 server (confidence level: 100%)
hash80	XMRIG botnet C2 server (confidence level: 100%)
hash123	XMRIG botnet C2 server (confidence level: 100%)
hash1995	Mirai botnet C2 server (confidence level: 100%)
hash14829	XWorm botnet C2 server (confidence level: 100%)
hash2222	Cobalt Strike botnet C2 server (confidence level: 100%)
hash12261	AsyncRAT botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash14829	XWorm botnet C2 server (confidence level: 100%)
hash6653	Quasar RAT botnet C2 server (confidence level: 100%)
hash2405	Remcos botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash8081	Remcos botnet C2 server (confidence level: 100%)
hash31337	Sliver botnet C2 server (confidence level: 100%)
hash10001	AsyncRAT botnet C2 server (confidence level: 100%)
hash12327	Meterpreter botnet C2 server (confidence level: 100%)
hash4433	Meterpreter botnet C2 server (confidence level: 100%)
hash18245	Meterpreter botnet C2 server (confidence level: 100%)
hash80	Unknown Stealer payload delivery server (confidence level: 100%)
hash5050	NjRAT botnet C2 server (confidence level: 100%)
hash7705	PureLogs Stealer botnet C2 server (confidence level: 100%)
hash8443	Havoc botnet C2 server (confidence level: 75%)
hash40056	Havoc botnet C2 server (confidence level: 75%)
hash1000	Remcos botnet C2 server (confidence level: 75%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash2914	DeimosC2 botnet C2 server (confidence level: 75%)
hash18926	Ghost RAT botnet C2 server (confidence level: 75%)
hash10001	Xtreme RAT botnet C2 server (confidence level: 100%)
hash4444	Remcos botnet C2 server (confidence level: 100%)
hash443	DCRat botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Sliver botnet C2 server (confidence level: 90%)
hash60000	Unknown malware botnet C2 server (confidence level: 100%)
hash10001	Xtreme RAT botnet C2 server (confidence level: 100%)
hash10001	Xtreme RAT botnet C2 server (confidence level: 100%)

Url

Value	Description	Copy
urlhttps://weibast.com/5m1d.js	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://weibast.com/js.php	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://madridherb.com/refresh/route-deploy.php	SmartApeSG payload delivery URL (confidence level: 100%)
urlhttps://madridherb.com/refresh/token-transpiler.js	SmartApeSG payload delivery URL (confidence level: 100%)
urlhttp://77.83.199.202/tempfile	SmartApeSG payload delivery URL (confidence level: 100%)
urlhttps://figaphotography.com/tempfile	SmartApeSG payload delivery URL (confidence level: 100%)
urlhttps://77.83.199.202/archive	SmartApeSG payload delivery URL (confidence level: 100%)
urlhttp://102.134.48.37:8888/5kzc	Cobalt Strike botnet C2 (confidence level: 75%)
urlhttps://currentsystems.com/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://mail.binbinartgallery.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://jcptacticalllc.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://mail.casadostoldoslimeira.com.br/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://mail.evascientific.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://mail.createubebeni.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://konferenceappka.bartvisions.cz/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://kft.kusherp.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://lns.owl.temporary.site/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://hablaportafolio.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://iglesia.efata.org/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://herbertbrewerbooks.com.laneacquisition.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://heritagecraftshub.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://funpasta.webdevlink.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://gereja.neoxdev.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://gamboozarecover.crearhosting.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://goldnews24h.com.yemint.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://fiscaldynamicswest.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://destinationecuador.com.tropiceco.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://epigrams.co.uk/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://dev.18m.sn/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://celik.bewapps.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://dev.ghcoop.vn/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://ddledu.dev.sugaweb.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://bxsandbox2.pragma.by/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://demo14.netbazaarbd.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://www.canacopachuca.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://cupom.prgss.dev/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://asgwellness.korrakang.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://bh3.umemarketingagency.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://bravepolice.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://admin.ilygold.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://berna-und-max.lenz-berauscht.de/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://aeromodelosconcepcion.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://autoconfig.oikiastays.perspectiveunity.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://admin.jnishop.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://accsories.xin/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://acc.mecha-service.nl/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://117a78bb33.nxcli.net/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttp://110.44.126.45:50443/kxeu	Cobalt Strike botnet C2 (confidence level: 75%)
urlhttps://bds3.umemarketingagency.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttp://47.105.41.59:10080/9zqy	Cobalt Strike botnet C2 (confidence level: 75%)
urlhttps://senseapiport.live	Stealc botnet C2 (confidence level: 75%)
urlhttps://rpgpals.com/9n4d.js	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://rpgpals.com/js.php	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://billinvestin.com/signin/callback-bundle.js	SmartApeSG payload delivery URL (confidence level: 100%)
urlhttps://billinvestin.com/signin/beta-ajax.php	SmartApeSG payload delivery URL (confidence level: 100%)
urlhttps://billinvestin.com/signin/trace-payload.js	SmartApeSG payload delivery URL (confidence level: 100%)
urlhttp://85.158.111.14/update	SmartApeSG payload delivery URL (confidence level: 100%)
urlhttps://texasvirtualguide.com/update	SmartApeSG payload delivery URL (confidence level: 100%)
urlhttps://85.158.111.14/create	SmartApeSG payload delivery URL (confidence level: 100%)
urlhttp://196.251.107.109/panel/login.php	Unknown malware botnet C2 (confidence level: 100%)
urlhttps://guapospain.com/signin/beta-ajax.php	SmartApeSG payload delivery URL (confidence level: 100%)
urlhttps://guapospain.com/signin/trace-payload.js	SmartApeSG payload delivery URL (confidence level: 100%)
urlhttp://cn394214.tw1.ru/74baa51a.php	DCRat botnet C2 (confidence level: 100%)
urlhttp://189.666.666.666:443/jquery-3.3.2.slim.min.js	Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://www.emezonhe.me:443/jquery-3.3.1.min.js	Cobalt Strike botnet C2 (confidence level: 75%)

Domain

Value	Description	Copy
domainweibast.com	KongTuke payload delivery domain (confidence level: 100%)
domainbelloww.cyou	Lumma Stealer botnet C2 domain (confidence level: 75%)
domaindinglev.cyou	Lumma Stealer botnet C2 domain (confidence level: 75%)
domaingenusgp.cyou	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainsaudiab.cyou	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainulmacea.cyou	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainmadridherb.com	SmartApeSG payload delivery domain (confidence level: 100%)
domaintyuiyuiuyuiuy.duckdns.org	Remcos botnet C2 domain (confidence level: 100%)
domaincelikrt.duckdns.org	Remcos botnet C2 domain (confidence level: 100%)
domainiausyh-50115.portmap.host	Unknown malware botnet C2 domain (confidence level: 100%)
domain117a78bb33.nxcli.net	Unknown Stealer payload delivery domain (confidence level: 100%)
domainacc.mecha-service.nl	Unknown Stealer payload delivery domain (confidence level: 100%)
domainadmin.jnishop.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainaccsories.xin	Unknown Stealer payload delivery domain (confidence level: 100%)
domainadmin.ilygold.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainaeromodelosconcepcion.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainautoconfig.oikiastays.perspectiveunity.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainasgwellness.korrakang.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainberna-und-max.lenz-berauscht.de	Unknown Stealer payload delivery domain (confidence level: 100%)
domainbds3.umemarketingagency.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainbhv.lt	Unknown Stealer payload delivery domain (confidence level: 100%)
domainbravepolice.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainbh2.umemarketingagency.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainbh3.umemarketingagency.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainbxsandbox2.pragma.by	Unknown Stealer payload delivery domain (confidence level: 100%)
domaincanacopachuca.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainchoeur-enfants-opera-nice.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainconsulting-kick.de	Unknown Stealer payload delivery domain (confidence level: 100%)
domaincupom.prgss.dev	Unknown Stealer payload delivery domain (confidence level: 100%)
domaincelik.bewapps.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domaindemo14.netbazaarbd.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainddledu.dev.sugaweb.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domaindestinationecuador.com.tropiceco.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domaindev.ghcoop.vn	Unknown Stealer payload delivery domain (confidence level: 100%)
domaindinamicnegocios.com.br	Unknown Stealer payload delivery domain (confidence level: 100%)
domaindev.18m.sn	Unknown Stealer payload delivery domain (confidence level: 100%)
domaineduclic.ca	Unknown Stealer payload delivery domain (confidence level: 100%)
domaineatwellhouse.ru	Unknown Stealer payload delivery domain (confidence level: 100%)
domainepigrams.co.uk	Unknown Stealer payload delivery domain (confidence level: 100%)
domainfomomforhealth.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainfiscaldynamicswest.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domaingamboozarecover.crearhosting.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domaingoldnews24h.com.yemint.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainfunpasta.webdevlink.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domaingereja.neoxdev.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainhablaportafolio.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainherbertbrewerbooks.com.laneacquisition.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainheritagecraftshub.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainiglesia.efata.org	Unknown Stealer payload delivery domain (confidence level: 100%)
domainjcptacticalllc.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainkonferenceappka.bartvisions.cz	Unknown Stealer payload delivery domain (confidence level: 100%)
domainkft.kusherp.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainlns.owl.temporary.site	Unknown Stealer payload delivery domain (confidence level: 100%)
domainmail.foxfinancas.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainmail.casadostoldoslimeira.com.br	Unknown Stealer payload delivery domain (confidence level: 100%)
domainmail.evascientific.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainmail.binbinartgallery.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainmail.createubebeni.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainmail.jcptacticalllc.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainmail.lacasadelsoleets.it	Unknown Stealer payload delivery domain (confidence level: 100%)
domainmail.bangunrumahmewah.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainmail.oligoflora.com.br	Unknown Stealer payload delivery domain (confidence level: 100%)
domainmail.kusherp.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainmail.lns.owl.temporary.site	Unknown Stealer payload delivery domain (confidence level: 100%)
domainmail.loomwaveinternational.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainmail.sunentjp.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainmail.chukysohoadondientu.vn	Unknown Stealer payload delivery domain (confidence level: 100%)
domainmail.test.lutherankifuru.org	Unknown Stealer payload delivery domain (confidence level: 100%)
domainmail.pharmac.com.br	Unknown Stealer payload delivery domain (confidence level: 100%)
domainmail.vayna.in	Unknown Stealer payload delivery domain (confidence level: 100%)
domainmail.tomorrowsgarden.com.au	Unknown Stealer payload delivery domain (confidence level: 100%)
domainmail.nutraforyou.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainmomentagrowth.dk	Unknown Stealer payload delivery domain (confidence level: 100%)
domainminimalist-blog.net	Unknown Stealer payload delivery domain (confidence level: 100%)
domainmakito.s9.valueserver.jp	Unknown Stealer payload delivery domain (confidence level: 100%)
domainmetodoreplicando.com.br	Unknown Stealer payload delivery domain (confidence level: 100%)
domainnew.ricker.efata.org	Unknown Stealer payload delivery domain (confidence level: 100%)
domainneacoop.it	Unknown Stealer payload delivery domain (confidence level: 100%)
domainmayxaychalua.cokhiviendong.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainns1.ivamediagroup.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainodeme.tunasuaritma.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainpapierschliff.de	Unknown Stealer payload delivery domain (confidence level: 100%)
domainpriyanka.kusherp.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainperfume-casablanca.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainmrdq.kawayanmedia.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainreportesdeficitcero.bitbanglab.cl	Unknown Stealer payload delivery domain (confidence level: 100%)
domainriverdevil.org	Unknown Stealer payload delivery domain (confidence level: 100%)
domainpancadaonoticias.com.br	Unknown Stealer payload delivery domain (confidence level: 100%)
domainshop.atlasfiltre.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainsmartbowls.co.za.rocketrobs.co.za	Unknown Stealer payload delivery domain (confidence level: 100%)
domainstudiomat.baclinc.work	Unknown Stealer payload delivery domain (confidence level: 100%)
domainsiniloan.kawayanmedia.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domaintest.jsctransports.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainpress-shuttle.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainweifang.thddns.net	XWorm botnet C2 domain (confidence level: 100%)
domainb08b173ccecafd720503db8ce130ff62.437f665a05bd452bcc46ed29ad69e77b.traefik.default	Cobalt Strike botnet C2 domain (confidence level: 50%)
domainxexezagandon-30432.portmap.host	XWorm botnet C2 domain (confidence level: 100%)
domainmovo.co.com	AsyncRAT botnet C2 domain (confidence level: 100%)
domainljliun.za.com	AsyncRAT botnet C2 domain (confidence level: 100%)
domainslotterbaik2024.jp.net	AsyncRAT botnet C2 domain (confidence level: 100%)
domainlhgzu.sa.com	AsyncRAT botnet C2 domain (confidence level: 100%)
domainindiadeal.in.net	AsyncRAT botnet C2 domain (confidence level: 100%)
domainjeffcollet.ch	AsyncRAT botnet C2 domain (confidence level: 75%)
domaincloud.aaddigitalstrategies.com	FAKEUPDATES botnet C2 domain (confidence level: 100%)
domainopoxujo.za.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainbrechjebritt.duckdns.org	XWorm botnet C2 domain (confidence level: 100%)
domainbreur44.duckdns.org	XWorm botnet C2 domain (confidence level: 100%)
domainkaz.mpekz.org	Unknown RAT botnet C2 domain (confidence level: 100%)
domainwetransferbackups9669.com	Remcos botnet C2 domain (confidence level: 100%)
domainjust.co.com	AsyncRAT botnet C2 domain (confidence level: 100%)
domainjetwin.in.net	AsyncRAT botnet C2 domain (confidence level: 100%)
domainrmsolutions.ch	AsyncRAT botnet C2 domain (confidence level: 100%)
domainshiny-darkness-5096.hrmcxaeel.workers.dev	AsyncRAT botnet C2 domain (confidence level: 100%)
domaindata.shiny-darkness-5096.hrmcxaeel.workers.dev	AsyncRAT botnet C2 domain (confidence level: 100%)
domainmalware.shiny-darkness-5096.hrmcxaeel.workers.dev	AsyncRAT botnet C2 domain (confidence level: 100%)
domainddos.shiny-darkness-5096.hrmcxaeel.workers.dev	AsyncRAT botnet C2 domain (confidence level: 100%)
domainv2.shiny-darkness-5096.hrmcxaeel.workers.dev	AsyncRAT botnet C2 domain (confidence level: 100%)
domainv3.shiny-darkness-5096.hrmcxaeel.workers.dev	AsyncRAT botnet C2 domain (confidence level: 100%)
domainatex.shiny-darkness-5096.hrmcxaeel.workers.dev	AsyncRAT botnet C2 domain (confidence level: 100%)
domainphishing.shiny-darkness-5096.hrmcxaeel.workers.dev	AsyncRAT botnet C2 domain (confidence level: 100%)
domainbackup.shiny-darkness-5096.hrmcxaeel.workers.dev	AsyncRAT botnet C2 domain (confidence level: 100%)
domainquantri.shiny-darkness-5096.hrmcxaeel.workers.dev	AsyncRAT botnet C2 domain (confidence level: 100%)
domainquiet-disk-62f9.hrmcxaeel.workers.dev	AsyncRAT botnet C2 domain (confidence level: 100%)
domaindata.quiet-disk-62f9.hrmcxaeel.workers.dev	AsyncRAT botnet C2 domain (confidence level: 100%)
domainmalware.quiet-disk-62f9.hrmcxaeel.workers.dev	AsyncRAT botnet C2 domain (confidence level: 100%)
domainddos.quiet-disk-62f9.hrmcxaeel.workers.dev	AsyncRAT botnet C2 domain (confidence level: 100%)
domainv2.quiet-disk-62f9.hrmcxaeel.workers.dev	AsyncRAT botnet C2 domain (confidence level: 100%)
domainv3.quiet-disk-62f9.hrmcxaeel.workers.dev	AsyncRAT botnet C2 domain (confidence level: 100%)
domainatex.quiet-disk-62f9.hrmcxaeel.workers.dev	AsyncRAT botnet C2 domain (confidence level: 100%)
domainphishing.quiet-disk-62f9.hrmcxaeel.workers.dev	AsyncRAT botnet C2 domain (confidence level: 100%)
domainbackup.quiet-disk-62f9.hrmcxaeel.workers.dev	AsyncRAT botnet C2 domain (confidence level: 100%)
domainquantri.quiet-disk-62f9.hrmcxaeel.workers.dev	AsyncRAT botnet C2 domain (confidence level: 100%)
domainrpgpals.com	KongTuke payload delivery domain (confidence level: 100%)
domainbillinvestin.com	SmartApeSG payload delivery domain (confidence level: 100%)
domainnewgnms.top	Unknown RAT botnet C2 domain (confidence level: 100%)
domainguapospain.com	SmartApeSG payload delivery domain (confidence level: 100%)
domainmacsharefolder.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainmacgolddocker.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainmacjadeplas.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainmacvaultatelier.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainmaclinkatelier.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainmacvividlocker.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainmacshadowfolder.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainmacplasmavault.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainm.clientportaldocs.com	Unknown malware botnet C2 domain (confidence level: 100%)
domainabs.clientportaldocs.com	Unknown malware botnet C2 domain (confidence level: 100%)
domainlotterynow-api-sandbox.luckyd.app	Havoc botnet C2 domain (confidence level: 100%)
domainczl.uk.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domaindi4y.uk.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainitaly.br.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainkarma.us.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainkino.br.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainorthoweb.de.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainbzj.uk.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainhappydays.eu.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainhwxs.uk.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainkmm.eu.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainlve.uk.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainwhorl.uk.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domainfiz.us.com	Quasar RAT botnet C2 domain (confidence level: 75%)
domainfokxtvz.uk.com	Quasar RAT botnet C2 domain (confidence level: 75%)
domainvlsexgai.pro	Quasar RAT botnet C2 domain (confidence level: 75%)
domainluckylab-api.luckyd.app	Havoc botnet C2 domain (confidence level: 100%)

Threat ID: 698683d6f9fa50a62f3de56a

Added to database: 2/7/2026, 12:14:14 AM

Last enriched: 2/7/2026, 12:14:33 AM

Last updated: 2/7/2026, 2:57:18 AM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Related Threats

Knife Cutting the Edge: Disclosing a China-nexus gateway-monitoring AitM framework

Medium

MalwareThu Feb 05 2026

SystemBC Infects 10,000 Devices After Defying Law Enforcement Takedown

Medium

MalwareThu Feb 05 2026

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need more coverage?

Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

ThreatFox IOCs for 2026-02-06

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

ThreatFox IOCs for 2026-02-06

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

File

Hash

Url

Domain

Community Reviews

Related Threats

ThreatFox IOCs for 2026-02-05

Technical Analysis of Marco Stealer

New Clickfix variant 'CrashFix' deploying Python Remote Access Trojan

Knife Cutting the Edge: Disclosing a China-nexus gateway-monitoring AitM framework

SystemBC Infects 10,000 Devices After Defying Law Enforcement Takedown

Actions

External Links

Need more coverage?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility