Reconnecting to live updates…
ThreatFox IOCs for 2026-02-24
Severity: mediumType: malware
ThreatFox IOCs for 2026-02-24
AI Analysis
Technical Summary
The entry titled 'ThreatFox IOCs for 2026-02-24' is a threat intelligence update sourced from the ThreatFox MISP feed, focusing on malware-related indicators of compromise (IOCs). It is classified under OSINT (Open Source Intelligence), network activity, and payload delivery categories, indicating that the data likely includes network-based indicators and potential malware delivery mechanisms. However, the report lacks specific affected software versions, detailed technical descriptions, or exploit mechanisms. No patches or mitigation links are provided, and there are no known exploits in the wild associated with these IOCs. The threat level is moderate (severity medium), with a threat level score of 2 and distribution score of 3, suggesting moderate confidence and distribution of the indicators. The absence of CWE identifiers and technical details implies that this is primarily an intelligence feed update rather than a detailed vulnerability or active exploit report. The data is tagged as TLP:white, indicating it is intended for wide distribution and sharing among the community. This type of intelligence is valuable for organizations to update their detection signatures and network monitoring rules to identify potential malicious activity related to the indicators shared. However, without concrete exploit details or affected product information, the direct impact and mitigation strategies remain generalized.
Potential Impact
The impact of this threat intelligence update is primarily on the detection and monitoring capabilities of organizations rather than direct exploitation or compromise. Since no specific vulnerabilities or exploits are detailed, the immediate risk of system compromise is low. However, failure to incorporate these IOCs into security monitoring tools could result in missed detection of malware activity or payload delivery attempts associated with the indicators. Organizations worldwide that rely on threat intelligence feeds for proactive defense will benefit from enhanced situational awareness. The lack of known exploits in the wild reduces the urgency but does not eliminate the potential for future exploitation if adversaries leverage these indicators. Overall, the impact is medium in terms of improving defensive posture but low in terms of immediate threat to confidentiality, integrity, or availability.
Mitigation Recommendations
Organizations should integrate the provided IOCs into their existing security information and event management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), and endpoint detection and response (EDR) tools to enhance detection capabilities. Regularly updating threat intelligence feeds and correlating these IOCs with internal logs can help identify potential malicious activity early. Network segmentation and strict egress filtering can limit the impact of payload delivery attempts. Security teams should also conduct threat hunting exercises using these indicators to proactively identify any signs of compromise. Since no patches or specific vulnerability mitigations are available, emphasis should be placed on detection, monitoring, and incident response preparedness. Sharing findings and feedback with the broader security community can improve collective defense. Finally, maintaining updated asset inventories and ensuring robust backup and recovery processes will help mitigate potential impacts of any future exploitation related to these indicators.
Affected Countries
United States, Germany, United Kingdom, France, Canada, Australia, Netherlands, Japan, South Korea, Israel
Indicators of Compromise
- file: 27.102.137.81
- hash: 4695
- domain: geo-rock-sync-base.swiftcanyon.ru
- domain: swift-flow-node.swiftcanyon.ru
- url: http://154.94.237.240:8888/supershell/login/
- domain: silvernode.digital
- domain: media-publisher.ru
- file: 43.226.125.76
- hash: 443
- file: 186.169.63.236
- hash: 2404
- file: 159.69.10.36
- hash: 80
- domain: clear-field-view.clearfield.in.net
- domain: devel.reputationreviews.org
- domain: open-zone-monitor.clearfield.in.net
- domain: mediacityinc.com
- domain: field-logic-base.clearfield.in.net
- domain: data-clear-sync.clearfield.in.net
- domain: bright-grove-park.brightgrove.ru
- domain: medical.takadanobaba-seitai.com
- domain: medicurineindiapharmaceutical.com
- domain: backupahahahah.followz.st
- domain: medigoods.de
- domain: medsteticrp.com.br
- domain: solar-grove-control.brightgrove.ru
- domain: mega.tada.vn
- file: 45.64.52.146
- hash: 443
- file: 43.226.125.90
- hash: 443
- file: 45.38.42.189
- hash: 7443
- file: 46.246.6.3
- hash: 2003
- file: 212.71.250.244
- hash: 10001
- file: 102.159.97.234
- hash: 443
- domain: megaexporter.com
- domain: megamixindustria.com.br
- domain: light-grove-hub.brightgrove.ru
- domain: megashop.whmdesign.com
- file: 113.45.185.225
- hash: 443
- file: 45.64.52.167
- hash: 443
- file: 45.64.52.148
- hash: 443
- file: 45.64.52.154
- hash: 443
- file: 57.128.255.124
- hash: 443
- file: 3.141.155.79
- hash: 80
- file: 158.94.209.58
- hash: 7777
- file: 40.177.2.200
- hash: 55615
- file: 103.177.47.84
- hash: 3790
- domain: meihachi.hachiojisakura.com
- domain: meimeiescort.com
- domain: area-grove-sync.brightgrove.ru
- domain: melbourne.holidaywebsites.com.au
- domain: fresh-cliff-high.freshcliff.ru
- domain: b113a978.alphasync.digital
- domain: melomeloprint.com
- domain: js0qnoh0.alphasync.digital
- domain: members.avlgi.org
- domain: membros.chicomorbene.com.br
- domain: wind-cliff-monitor.freshcliff.ru
- domain: memelab.com.br
- file: 68.183.45.80
- hash: 8001
- file: 46.101.85.248
- hash: 8001
- file: 45.55.77.196
- hash: 8001
- file: 137.184.111.42
- hash: 8001
- file: 161.35.171.177
- hash: 8001
- domain: mrphadibro.in.net
- domain: italiane.radio.fm
- domain: geo-fresh-node.freshcliff.ru
- file: 154.92.16.219
- hash: 6666
- file: 154.92.16.219
- hash: 8888
- file: 154.92.16.219
- hash: 80
- file: 43.98.243.193
- hash: 9999
- file: 142.93.141.170
- hash: 8001
- file: 159.89.46.211
- hash: 8001
- file: 146.190.227.147
- hash: 8001
- file: 167.172.205.188
- hash: 8001
- file: 167.99.42.180
- hash: 8001
- file: 167.71.73.197
- hash: 8001
- file: 64.227.37.151
- hash: 8001
- file: 198.211.115.123
- hash: 8001
- file: 137.184.215.213
- hash: 8001
- file: 138.197.125.215
- hash: 8001
- domain: summit-cliff-sync.freshcliff.ru
- file: 84.54.33.133
- hash: 443
- file: 2.58.56.134
- hash: 443
- file: 124.198.131.242
- hash: 443
- file: 124.198.132.197
- hash: 443
- file: 206.189.177.137
- hash: 8001
- file: 89.124.77.140
- hash: 443
- domain: clearbreeze.clearatwind.in.net
- domain: windglade.clearatwind.in.net
- domain: mentine-partytown.mentine.net
- domain: hardconnect.net
- file: 144.91.112.107
- hash: 443
- file: 43.139.52.152
- hash: 80
- file: 185.203.116.63
- hash: 7443
- file: 150.136.167.242
- hash: 10001
- file: 185.182.187.10
- hash: 443
- domain: skycurrent.clearatwind.in.net
- file: 3.208.225.35
- hash: 443
- file: 111.23.47.90
- hash: 9205
- file: 94.103.12.167
- hash: 443
- file: 14.140.180.148
- hash: 8443
- file: 103.228.38.76
- hash: 8443
- file: 69.72.7.30
- hash: 443
- file: 52.149.255.38
- hash: 443
- file: 152.228.129.164
- hash: 7000
- file: 198.55.109.156
- hash: 31337
- file: 64.176.41.241
- hash: 31337
- file: 193.109.193.149
- hash: 31337
- file: 101.36.114.248
- hash: 80
- file: 101.36.114.24
- hash: 80
- file: 59.15.175.174
- hash: 6000
- domain: ku3933net.guru
- url: https://dblanka.com/
- url: http://185.182.187.151/api/agent/register
- url: http://185.182.187.151/ws/agent
- file: 185.182.187.151
- hash: 80
- domain: axiscontrol.ltd
- file: 45.85.147.75
- hash: 443
- domain: foxspark.brightforfox.in.net
- domain: meraki2.abdesign.vn
- file: 194.156.79.197
- hash: 55615
- domain: brighttail.brightforfox.in.net
- domain: mercado3f.com.ar
- file: 102.98.100.6
- hash: 443
- file: 54.252.232.13
- hash: 18244
- file: 103.177.47.111
- hash: 3790
- domain: emberpelt.brightforfox.in.net
- url: https://74.0.32.70/
- url: https://138.226.237.176/
- url: https://74.0.48.29/
- url: https://46.225.101.68/
- url: https://74.0.32.8/
- url: https://95.216.251.49/
- url: https://gor.it-bd.com/
- url: https://gor.cardiffphysio.com/
- domain: gor.it-bd.com
- domain: gor.cardiffphysio.com
- file: 74.0.32.70
- hash: 443
- file: 138.226.237.176
- hash: 443
- file: 74.0.48.29
- hash: 443
- file: 46.225.101.68
- hash: 443
- file: 74.0.32.8
- hash: 443
- file: 95.216.251.49
- hash: 443
- domain: froststream.coldinriver.in.net
- domain: mergersandacquisitions.events
- domain: icetorrent.coldinriver.in.net
- domain: oficialrem.duckdns.org
- domain: chillwater.coldinriver.in.net
- domain: swiftbranch.fastleaf.in.net
- domain: mesmekanik.com.tr
- domain: rapidfern.fastleaf.in.net
- domain: mesorfa.info
- domain: quickpetal.fastleaf.in.net
- domain: pq2uim2y.velocore.digital
- domain: epi66tim.velocore.digital
- domain: oklefe.com
- url: https://oklefe.com/server.php
- url: https://oklefe.com/helpu.php
- url: https://oklefe.com/test.php
- url: https://oklefe.com/configpack.zip
- url: https://oklefe.com/data.php
- url: https://oklefe.com/data.zip
- url: https://dltruek.com/data.php
- domain: dltruek.com
- url: https://dltruek.com/data.zip
- url: https://dltruek.com/configpack.zip
- url: https://dltruek.com/test.php
- url: https://dltruek.com/helpu.php
- domain: stonewild.wildandstone.in.net
- url: https://ldture.com/server.php
- domain: ldture.com
- domain: metalma.ind.br
- file: 139.84.213.149
- hash: 443
- domain: rockgrove.wildandstone.in.net
- url: http://154.221.21.196:8443/jquery-3.3.1.min.js
- domain: cliffroot.wildandstone.in.net
- domain: masterstudy.mkdi.mx
- file: 188.23.172.228
- hash: 8000
- domain: 5mf4m58e.lumenbit.digital
- domain: pinegloom.darkbypine.in.net
- domain: vbb24wmu.lumenbit.digital
- domain: shadowcone.darkbypine.in.net
- file: 18.192.31.30
- hash: 13447
- file: 18.153.198.123
- hash: 13447
- file: 3.71.225.231
- hash: 13447
- file: 172.94.100.226
- hash: 29810
- url: http://65.21.200.30/1b8295a7e0284b08.php
- domain: metodocrie.com.br
- file: 46.225.68.122
- hash: 3379
- file: 46.225.85.130
- hash: 8888
- domain: nighttimber.darkbypine.in.net
- domain: silvertrail.silvermypath.in.net
- domain: jy8vxjxs.lumenbit.digital
- domain: r615p0ru.lumenbit.digital
- domain: 2z0nkkls.lumenbit.digital
- domain: fb88vn.uk.com
- domain: tecc.jpn.com
- domain: analyticallsolutions.in.net
- file: 102.117.167.31
- hash: 7443
- file: 40.66.48.150
- hash: 1024
- domain: whb0d8.sa.com
- file: 110.43.39.250
- hash: 10001
- domain: metronix.ph
- domain: metrospec.com
- domain: shsq4l7w.urbanforge.digital
- domain: ovfs585i.urbanforge.digital
- domain: au72nuxzv2.ufs.sh
- domain: analyticshore.icu
- url: https://analyticshore.icu/ext.42d17f53da07.js
- url: https://analyticshore.icu/ext-b.8212ebb6b622.js
- domain: metricvault.icu
- url: https://metricvault.icu/ext.42d17f53da07.js
- url: https://metricvault.icu/ext-b.8212ebb6b622.js
- domain: trackmetrica.icu
- url: https://trackmetrica.icu/ext.42d17f53da07.js
- url: https://trackmetrica.icu/ext-b.8212ebb6b622.js
- domain: visitorflow.icu
- url: https://visitorflow.icu/ext.42d17f53da07.js
- url: https://visitorflow.icu/ext-b.8212ebb6b622.js
- domain: clickstream.icu
- url: https://clickstream.icu/ext.42d17f53da07.js
- url: https://clickstream.icu/ext-b.8212ebb6b622.js
- domain: datapointly.icu
- url: https://datapointly.icu/ext.42d17f53da07.js
- url: https://datapointly.icu/ext-b.8212ebb6b622.js
- domain: pagestatix.icu
- url: https://pagestatix.icu/ext.42d17f53da07.js
- url: https://pagestatix.icu/ext-b.8212ebb6b622.js
- domain: siteinsights.icu
- url: https://siteinsights.icu/ext.42d17f53da07.js
- url: https://siteinsights.icu/ext-b.8212ebb6b622.js
- domain: webpulsedata.icu
- url: https://webpulsedata.icu/ext.42d17f53da07.js
- url: https://webpulsedata.icu/ext-b.8212ebb6b622.js
- domain: webtracelab.icu
- url: https://webtracelab.icu/ext.42d17f53da07.js
- url: https://webtracelab.icu/ext-b.8212ebb6b622.js
- domain: googlanalitlcs.icu
- url: https://googlanalitlcs.icu/ext.42d17f53da07.js
- url: https://googlanalitlcs.icu/ext-b.8212ebb6b622.js
- domain: googlanalitlcs.live
- url: https://googlanalitlcs.live/ext.42d17f53da07.js
- url: https://googlanalitlcs.live/ext-b.8212ebb6b622.js
- domain: googlanalitlcs.pro
- url: https://googlanalitlcs.pro/ext.42d17f53da07.js
- url: https://googlanalitlcs.pro/ext-b.8212ebb6b622.js
- domain: googlanalitlcs.xyz
- url: https://googlanalitlcs.xyz/ext.42d17f53da07.js
- url: https://googlanalitlcs.xyz/ext-b.8212ebb6b622.js
- domain: insightpixel.icu
- url: https://insightpixel.icu/ext.42d17f53da07.js
- url: https://insightpixel.icu/ext-b.8212ebb6b622.js
- domain: metricspixel.live
- url: https://metricspixel.live/ext.42d17f53da07.js
- url: https://metricspixel.live/ext-b.8212ebb6b622.js
- domain: pixelinsights.xyz
- url: https://pixelinsights.xyz/ext.42d17f53da07.js
- url: https://pixelinsights.xyz/ext-b.8212ebb6b622.js
- domain: pixelmetrics.live
- url: https://pixelmetrics.live/ext.42d17f53da07.js
- url: https://pixelmetrics.live/ext-b.8212ebb6b622.js
- domain: datapixel.icu
- url: https://datapixel.icu/ext.42d17f53da07.js
- url: https://datapixel.icu/ext-b.8212ebb6b622.js
- file: 169.40.135.36
- hash: 8888
- file: 58.244.40.171
- hash: 10001
- file: 43.209.118.213
- hash: 47745
- file: 196.75.218.10
- hash: 2222
- domain: daga.guru
- domain: 7ff.com.br
- file: 37.165.32.148
- hash: 4444
- domain: opsecdefcloud.com
- url: https://opsecdefcloud.com/api/css.js
- domain: checkpointviewzen.com
- domain: noobrate.com
- url: https://noobrate.com/api/css.js
- domain: asas42424.dynuddns.net
- url: https://5.61.40.97:45332
- file: 5.61.40.97
- hash: 45332
- domain: mgconsorcio.com
- file: 23.94.206.26
- hash: 5610
- domain: miagcore.com
- url: https://foodgefy.com/6o0jk.js
- domain: foodgefy.com
- url: https://foodgefy.com/js.php
- domain: miauau.com.br
- file: 47.99.159.88
- hash: 6001
- file: 34.104.144.130
- hash: 443
- domain: michaeldeleget.com
- file: 112.124.58.168
- hash: 60000
- file: 41.226.244.98
- hash: 443
- file: 73.249.12.196
- hash: 80
- domain: imagesping.com
- domain: pingimages.com
- domain: jquerymanager.com
- file: 94.156.35.16
- hash: 443
- domain: enixwegemtir.cc
- domain: michaelwander.com
- domain: regularexpressions.re
- domain: surgicalify.pics
- domain: misdecreaseize.pics
- domain: misyouthfuldom.pics
- domain: overmonthlyary.pics
- file: 185.203.119.225
- hash: 443
- domain: underdynamicment.pics
- domain: micoto.org
- file: 146.19.248.8
- hash: 443
- file: 74.118.172.190
- hash: 7736
- file: 207.180.217.49
- hash: 2404
- file: 3.15.204.70
- hash: 8443
- file: 51.75.62.52
- hash: 80
- file: 51.84.223.121
- hash: 48415
- file: 5.142.195.101
- hash: 80
- file: 45.95.201.223
- hash: 80
- file: 185.70.186.193
- hash: 80
- file: 37.49.225.189
- hash: 80
- domain: microbiology.bg.ac.rs
- domain: microscanning.dustwatch.co.za
- domain: midabau.de
- domain: midtownmodern.designfoody.com
- domain: midwestopenwheel.com
- url: https://tfx.it-bd.com/
- url: https://tfx.cardiffphysio.com/
- domain: tfx.it-bd.com
- domain: tfx.cardiffphysio.com
- domain: xword5.duckdns.org
- file: 185.98.168.28
- hash: 32865
- domain: honerable.ydns.eu
- domain: honerable-bk.ydns.eu
- domain: mikasperling.de
- file: 146.190.17.255
- hash: 8888
- file: 198.211.119.52
- hash: 443
- file: 221.204.14.38
- hash: 10250
- file: 42.193.175.121
- hash: 60000
- domain: mikeyandthemagicmedicine.com
- domain: milene.dicasdamilly.com.br
- domain: grouphomesflorida.com
- domain: winestoragecalifornia.com
- domain: virginiasecuritysystem.com
- domain: pageld.club
- domain: thinlpr.buzz
- domain: touchfh.shop
- domain: testdf.club
- domain: kaboim.club
- domain: genetiz.shop
- domain: screwd.club
- domain: darkbq.club
- domain: credil.club
- domain: wipez.top
- domain: integri.top
- domain: mensare.top
- domain: canvasn.top
- domain: convexm.top
- domain: iivouw.club
- domain: 3li6xvqk.rapidmatrix.digital
- domain: iwkzzjit.rapidmatrix.digital
- domain: miloserd.ru
- domain: miloukempers.com
- domain: mimundofinanciero.online
- domain: minalou-cosplay.de
- domain: mindbodyandflow.com
- domain: minegocio-digital.com
- domain: mineralmed.de
- domain: h0kuelyp.modernsignal.digital
- domain: s2s942l0.modernsignal.digital
- domain: minerfin-ukraine.com.ua
- domain: minerva-academy.org
- domain: minhafertilidade.com.br
- domain: miniarture.com.tr
- domain: minidramy.pl
- domain: minikyildizlar.com.tr
- domain: minimatrix.in
- domain: minimaxinvestor.com
- file: 85.239.151.38
- hash: 80
- file: 70.39.202.17
- hash: 443
- domain: vps3000.kozow.com
- domain: feb237777.duckdns.org
- domain: bj88games.cool
- domain: malware.bj88games.cool
- domain: rat.bj88games.cool
- file: 49.13.15.44
- hash: 8443
- file: 114.66.58.11
- hash: 8888
- domain: gekw-55463.portmap.host
- file: 192.159.99.83
- hash: 8080
- file: 82.165.51.16
- hash: 82
- file: 93.152.217.141
- hash: 50000
- file: 3.239.129.76
- hash: 7443
- file: 45.251.240.151
- hash: 7443
- file: 91.92.241.197
- hash: 2406
- domain: v4.210hosting.com
- domain: bkn-extrnets.com
- file: 3.108.67.17
- hash: 8443
- file: 124.198.132.10
- hash: 9999
- file: 23.88.110.42
- hash: 8443
- domain: crazymanthingz.duckdns.org
- domain: graceforrealzeternity.duckdns.org
- file: 102.157.54.207
- hash: 443
- domain: www.gieable.shop
- domain: mintdentalfamily.com
- domain: mip-portal.ru
ThreatFox IOCs for 2026-02-24
0
MediumPublished: Tue Feb 24 2026 (02/24/2026, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2026-02-24
AI-Powered Analysis
AILast updated: 02/25/2026, 00:11:16 UTC
Technical Analysis
The entry titled 'ThreatFox IOCs for 2026-02-24' is a threat intelligence update sourced from the ThreatFox MISP feed, focusing on malware-related indicators of compromise (IOCs). It is classified under OSINT (Open Source Intelligence), network activity, and payload delivery categories, indicating that the data likely includes network-based indicators and potential malware delivery mechanisms. However, the report lacks specific affected software versions, detailed technical descriptions, or exploit mechanisms. No patches or mitigation links are provided, and there are no known exploits in the wild associated with these IOCs. The threat level is moderate (severity medium), with a threat level score of 2 and distribution score of 3, suggesting moderate confidence and distribution of the indicators. The absence of CWE identifiers and technical details implies that this is primarily an intelligence feed update rather than a detailed vulnerability or active exploit report. The data is tagged as TLP:white, indicating it is intended for wide distribution and sharing among the community. This type of intelligence is valuable for organizations to update their detection signatures and network monitoring rules to identify potential malicious activity related to the indicators shared. However, without concrete exploit details or affected product information, the direct impact and mitigation strategies remain generalized.
Potential Impact
The impact of this threat intelligence update is primarily on the detection and monitoring capabilities of organizations rather than direct exploitation or compromise. Since no specific vulnerabilities or exploits are detailed, the immediate risk of system compromise is low. However, failure to incorporate these IOCs into security monitoring tools could result in missed detection of malware activity or payload delivery attempts associated with the indicators. Organizations worldwide that rely on threat intelligence feeds for proactive defense will benefit from enhanced situational awareness. The lack of known exploits in the wild reduces the urgency but does not eliminate the potential for future exploitation if adversaries leverage these indicators. Overall, the impact is medium in terms of improving defensive posture but low in terms of immediate threat to confidentiality, integrity, or availability.
Mitigation Recommendations
Organizations should integrate the provided IOCs into their existing security information and event management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), and endpoint detection and response (EDR) tools to enhance detection capabilities. Regularly updating threat intelligence feeds and correlating these IOCs with internal logs can help identify potential malicious activity early. Network segmentation and strict egress filtering can limit the impact of payload delivery attempts. Security teams should also conduct threat hunting exercises using these indicators to proactively identify any signs of compromise. Since no patches or specific vulnerability mitigations are available, emphasis should be placed on detection, monitoring, and incident response preparedness. Sharing findings and feedback with the broader security community can improve collective defense. Finally, maintaining updated asset inventories and ensuring robust backup and recovery processes will help mitigate potential impacts of any future exploitation related to these indicators.
Need more detailed analysis?Upgrade to Pro Console
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 9b0b294e-ab2b-4560-96c5-b66aa18635bf
- Original Timestamp
- 1771977787
Indicators of Compromise
File
| Value | Description | Copy |
|---|---|---|
file27.102.137.81 | Mirai botnet C2 server (confidence level: 100%) | |
file43.226.125.76 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file186.169.63.236 | Remcos botnet C2 server (confidence level: 100%) | |
file159.69.10.36 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.64.52.146 | Ghost RAT botnet C2 server (confidence level: 75%) | |
file43.226.125.90 | Ghost RAT botnet C2 server (confidence level: 75%) | |
file45.38.42.189 | Unknown malware botnet C2 server (confidence level: 100%) | |
file46.246.6.3 | DCRat botnet C2 server (confidence level: 100%) | |
file212.71.250.244 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
file102.159.97.234 | QakBot botnet C2 server (confidence level: 100%) | |
file113.45.185.225 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.64.52.167 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file45.64.52.148 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file45.64.52.154 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file57.128.255.124 | Sliver botnet C2 server (confidence level: 100%) | |
file3.141.155.79 | Unknown malware botnet C2 server (confidence level: 100%) | |
file158.94.209.58 | DCRat botnet C2 server (confidence level: 100%) | |
file40.177.2.200 | Meterpreter botnet C2 server (confidence level: 100%) | |
file103.177.47.84 | Meterpreter botnet C2 server (confidence level: 100%) | |
file68.183.45.80 | Aisuru botnet C2 server (confidence level: 100%) | |
file46.101.85.248 | Aisuru botnet C2 server (confidence level: 100%) | |
file45.55.77.196 | Aisuru botnet C2 server (confidence level: 100%) | |
file137.184.111.42 | Aisuru botnet C2 server (confidence level: 100%) | |
file161.35.171.177 | Aisuru botnet C2 server (confidence level: 100%) | |
file154.92.16.219 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file154.92.16.219 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file154.92.16.219 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file43.98.243.193 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file142.93.141.170 | Aisuru botnet C2 server (confidence level: 100%) | |
file159.89.46.211 | Aisuru botnet C2 server (confidence level: 100%) | |
file146.190.227.147 | Aisuru botnet C2 server (confidence level: 100%) | |
file167.172.205.188 | Aisuru botnet C2 server (confidence level: 100%) | |
file167.99.42.180 | Aisuru botnet C2 server (confidence level: 100%) | |
file167.71.73.197 | Aisuru botnet C2 server (confidence level: 100%) | |
file64.227.37.151 | Aisuru botnet C2 server (confidence level: 100%) | |
file198.211.115.123 | Aisuru botnet C2 server (confidence level: 100%) | |
file137.184.215.213 | Aisuru botnet C2 server (confidence level: 100%) | |
file138.197.125.215 | Aisuru botnet C2 server (confidence level: 100%) | |
file84.54.33.133 | Unknown RAT botnet C2 server (confidence level: 75%) | |
file2.58.56.134 | Unknown RAT botnet C2 server (confidence level: 75%) | |
file124.198.131.242 | Unknown RAT botnet C2 server (confidence level: 75%) | |
file124.198.132.197 | Unknown RAT botnet C2 server (confidence level: 75%) | |
file206.189.177.137 | Aisuru botnet C2 server (confidence level: 100%) | |
file89.124.77.140 | Amatera botnet C2 server (confidence level: 75%) | |
file144.91.112.107 | Unknown RAT botnet C2 server (confidence level: 75%) | |
file43.139.52.152 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.203.116.63 | Unknown malware botnet C2 server (confidence level: 100%) | |
file150.136.167.242 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
file185.182.187.10 | Unknown RAT botnet C2 server (confidence level: 75%) | |
file3.208.225.35 | Unknown malware botnet C2 server (confidence level: 50%) | |
file111.23.47.90 | Unknown malware botnet C2 server (confidence level: 50%) | |
file94.103.12.167 | Unknown malware botnet C2 server (confidence level: 50%) | |
file14.140.180.148 | Unknown malware botnet C2 server (confidence level: 50%) | |
file103.228.38.76 | Unknown malware botnet C2 server (confidence level: 50%) | |
file69.72.7.30 | Unknown malware botnet C2 server (confidence level: 50%) | |
file52.149.255.38 | Unknown malware botnet C2 server (confidence level: 50%) | |
file152.228.129.164 | Unknown malware botnet C2 server (confidence level: 50%) | |
file198.55.109.156 | Sliver botnet C2 server (confidence level: 50%) | |
file64.176.41.241 | Sliver botnet C2 server (confidence level: 50%) | |
file193.109.193.149 | Sliver botnet C2 server (confidence level: 50%) | |
file101.36.114.248 | Kimsuky botnet C2 server (confidence level: 50%) | |
file101.36.114.24 | Kimsuky botnet C2 server (confidence level: 50%) | |
file59.15.175.174 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file185.182.187.151 | Unknown RAT botnet C2 server (confidence level: 75%) | |
file45.85.147.75 | Unknown RAT botnet C2 server (confidence level: 75%) | |
file194.156.79.197 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file102.98.100.6 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file54.252.232.13 | Meterpreter botnet C2 server (confidence level: 100%) | |
file103.177.47.111 | Meterpreter botnet C2 server (confidence level: 100%) | |
file74.0.32.70 | Vidar botnet C2 server (confidence level: 100%) | |
file138.226.237.176 | Vidar botnet C2 server (confidence level: 100%) | |
file74.0.48.29 | Vidar botnet C2 server (confidence level: 100%) | |
file46.225.101.68 | Vidar botnet C2 server (confidence level: 100%) | |
file74.0.32.8 | Vidar botnet C2 server (confidence level: 100%) | |
file95.216.251.49 | Vidar botnet C2 server (confidence level: 100%) | |
file139.84.213.149 | Havoc botnet C2 server (confidence level: 75%) | |
file188.23.172.228 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
file18.192.31.30 | NjRAT botnet C2 server (confidence level: 100%) | |
file18.153.198.123 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.71.225.231 | NjRAT botnet C2 server (confidence level: 100%) | |
file172.94.100.226 | Remcos botnet C2 server (confidence level: 100%) | |
file46.225.68.122 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file46.225.85.130 | Sliver botnet C2 server (confidence level: 75%) | |
file102.117.167.31 | Unknown malware botnet C2 server (confidence level: 100%) | |
file40.66.48.150 | DCRat botnet C2 server (confidence level: 100%) | |
file110.43.39.250 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
file169.40.135.36 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file58.244.40.171 | Meterpreter botnet C2 server (confidence level: 100%) | |
file43.209.118.213 | Meterpreter botnet C2 server (confidence level: 100%) | |
file196.75.218.10 | Meterpreter botnet C2 server (confidence level: 100%) | |
file37.165.32.148 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file5.61.40.97 | XMRIG botnet C2 server (confidence level: 50%) | |
file23.94.206.26 | STRRAT botnet C2 server (confidence level: 100%) | |
file47.99.159.88 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file34.104.144.130 | Sliver botnet C2 server (confidence level: 90%) | |
file112.124.58.168 | Unknown malware botnet C2 server (confidence level: 100%) | |
file41.226.244.98 | QakBot botnet C2 server (confidence level: 100%) | |
file73.249.12.196 | Unknown RAT botnet C2 server (confidence level: 75%) | |
file94.156.35.16 | ClearFake payload delivery server (confidence level: 100%) | |
file185.203.119.225 | Unknown malware payload delivery server (confidence level: 100%) | |
file146.19.248.8 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file74.118.172.190 | Remcos botnet C2 server (confidence level: 100%) | |
file207.180.217.49 | Remcos botnet C2 server (confidence level: 100%) | |
file3.15.204.70 | Sliver botnet C2 server (confidence level: 100%) | |
file51.75.62.52 | MimiKatz botnet C2 server (confidence level: 100%) | |
file51.84.223.121 | Meterpreter botnet C2 server (confidence level: 100%) | |
file5.142.195.101 | Unknown malware botnet C2 server (confidence level: 75%) | |
file45.95.201.223 | Unknown malware botnet C2 server (confidence level: 75%) | |
file185.70.186.193 | Unknown malware botnet C2 server (confidence level: 75%) | |
file37.49.225.189 | Unknown malware botnet C2 server (confidence level: 75%) | |
file185.98.168.28 | XWorm botnet C2 server (confidence level: 100%) | |
file146.190.17.255 | Sliver botnet C2 server (confidence level: 75%) | |
file198.211.119.52 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file221.204.14.38 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file42.193.175.121 | Unknown malware botnet C2 server (confidence level: 100%) | |
file85.239.151.38 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file70.39.202.17 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file49.13.15.44 | Sliver botnet C2 server (confidence level: 90%) | |
file114.66.58.11 | Unknown malware botnet C2 server (confidence level: 100%) | |
file192.159.99.83 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file82.165.51.16 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file93.152.217.141 | Remcos botnet C2 server (confidence level: 100%) | |
file3.239.129.76 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.251.240.151 | Unknown malware botnet C2 server (confidence level: 100%) | |
file91.92.241.197 | Remcos botnet C2 server (confidence level: 100%) | |
file3.108.67.17 | Havoc botnet C2 server (confidence level: 100%) | |
file124.198.132.10 | DCRat botnet C2 server (confidence level: 100%) | |
file23.88.110.42 | PoshC2 botnet C2 server (confidence level: 100%) | |
file102.157.54.207 | QakBot botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash4695 | Mirai botnet C2 server (confidence level: 100%) | |
hash443 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Ghost RAT botnet C2 server (confidence level: 75%) | |
hash443 | Ghost RAT botnet C2 server (confidence level: 75%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2003 | DCRat botnet C2 server (confidence level: 100%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
hash443 | QakBot botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash443 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash443 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7777 | DCRat botnet C2 server (confidence level: 100%) | |
hash55615 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash6666 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8888 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash80 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash9999 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash443 | Unknown RAT botnet C2 server (confidence level: 75%) | |
hash443 | Unknown RAT botnet C2 server (confidence level: 75%) | |
hash443 | Unknown RAT botnet C2 server (confidence level: 75%) | |
hash443 | Unknown RAT botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash443 | Amatera botnet C2 server (confidence level: 75%) | |
hash443 | Unknown RAT botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown RAT botnet C2 server (confidence level: 75%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash9205 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash7000 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash80 | Kimsuky botnet C2 server (confidence level: 50%) | |
hash80 | Kimsuky botnet C2 server (confidence level: 50%) | |
hash6000 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash80 | Unknown RAT botnet C2 server (confidence level: 75%) | |
hash443 | Unknown RAT botnet C2 server (confidence level: 75%) | |
hash55615 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash18244 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 75%) | |
hash8000 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
hash13447 | NjRAT botnet C2 server (confidence level: 100%) | |
hash13447 | NjRAT botnet C2 server (confidence level: 100%) | |
hash13447 | NjRAT botnet C2 server (confidence level: 100%) | |
hash29810 | Remcos botnet C2 server (confidence level: 100%) | |
hash3379 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1024 | DCRat botnet C2 server (confidence level: 100%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
hash8888 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash10001 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash47745 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash2222 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash4444 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash45332 | XMRIG botnet C2 server (confidence level: 50%) | |
hash5610 | STRRAT botnet C2 server (confidence level: 100%) | |
hash6001 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 90%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | QakBot botnet C2 server (confidence level: 100%) | |
hash80 | Unknown RAT botnet C2 server (confidence level: 75%) | |
hash443 | ClearFake payload delivery server (confidence level: 100%) | |
hash443 | Unknown malware payload delivery server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7736 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash8443 | Sliver botnet C2 server (confidence level: 100%) | |
hash80 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash48415 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash32865 | XWorm botnet C2 server (confidence level: 100%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash10250 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Sliver botnet C2 server (confidence level: 90%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash82 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash50000 | Remcos botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2406 | Remcos botnet C2 server (confidence level: 100%) | |
hash8443 | Havoc botnet C2 server (confidence level: 100%) | |
hash9999 | DCRat botnet C2 server (confidence level: 100%) | |
hash8443 | PoshC2 botnet C2 server (confidence level: 100%) | |
hash443 | QakBot botnet C2 server (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domaingeo-rock-sync-base.swiftcanyon.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainswift-flow-node.swiftcanyon.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsilvernode.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domainmedia-publisher.ru | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainclear-field-view.clearfield.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaindevel.reputationreviews.org | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainopen-zone-monitor.clearfield.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainmediacityinc.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainfield-logic-base.clearfield.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaindata-clear-sync.clearfield.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainbright-grove-park.brightgrove.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmedical.takadanobaba-seitai.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmedicurineindiapharmaceutical.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainbackupahahahah.followz.st | Mirai botnet C2 domain (confidence level: 100%) | |
domainmedigoods.de | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmedsteticrp.com.br | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainsolar-grove-control.brightgrove.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmega.tada.vn | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmegaexporter.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmegamixindustria.com.br | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainlight-grove-hub.brightgrove.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmegashop.whmdesign.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmeihachi.hachiojisakura.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmeimeiescort.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainarea-grove-sync.brightgrove.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmelbourne.holidaywebsites.com.au | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainfresh-cliff-high.freshcliff.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainb113a978.alphasync.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domainmelomeloprint.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainjs0qnoh0.alphasync.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domainmembers.avlgi.org | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmembros.chicomorbene.com.br | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainwind-cliff-monitor.freshcliff.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmemelab.com.br | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmrphadibro.in.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainitaliane.radio.fm | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaingeo-fresh-node.freshcliff.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsummit-cliff-sync.freshcliff.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainclearbreeze.clearatwind.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainwindglade.clearatwind.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainmentine-partytown.mentine.net | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainhardconnect.net | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domainskycurrent.clearatwind.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainku3933net.guru | DCRat botnet C2 domain (confidence level: 50%) | |
domainaxiscontrol.ltd | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domainfoxspark.brightforfox.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainmeraki2.abdesign.vn | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainbrighttail.brightforfox.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainmercado3f.com.ar | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainemberpelt.brightforfox.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaingor.it-bd.com | Vidar botnet C2 domain (confidence level: 100%) | |
domaingor.cardiffphysio.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainfroststream.coldinriver.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainmergersandacquisitions.events | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainicetorrent.coldinriver.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainoficialrem.duckdns.org | Remcos botnet C2 domain (confidence level: 75%) | |
domainchillwater.coldinriver.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainswiftbranch.fastleaf.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainmesmekanik.com.tr | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainrapidfern.fastleaf.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainmesorfa.info | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainquickpetal.fastleaf.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainpq2uim2y.velocore.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domainepi66tim.velocore.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domainoklefe.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domaindltruek.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainstonewild.wildandstone.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainldture.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainmetalma.ind.br | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainrockgrove.wildandstone.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaincliffroot.wildandstone.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainmasterstudy.mkdi.mx | StrelaStealer payload delivery domain (confidence level: 100%) | |
domain5mf4m58e.lumenbit.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domainpinegloom.darkbypine.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainvbb24wmu.lumenbit.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domainshadowcone.darkbypine.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainmetodocrie.com.br | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainnighttimber.darkbypine.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsilvertrail.silvermypath.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainjy8vxjxs.lumenbit.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domainr615p0ru.lumenbit.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domain2z0nkkls.lumenbit.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domainfb88vn.uk.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaintecc.jpn.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainanalyticallsolutions.in.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainwhb0d8.sa.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainmetronix.ph | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmetrospec.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainshsq4l7w.urbanforge.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domainovfs585i.urbanforge.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domainau72nuxzv2.ufs.sh | Remcos payload delivery domain (confidence level: 50%) | |
domainanalyticshore.icu | Unknown malware payload delivery domain (confidence level: 100%) | |
domainmetricvault.icu | Unknown malware payload delivery domain (confidence level: 100%) | |
domaintrackmetrica.icu | Unknown malware payload delivery domain (confidence level: 100%) | |
domainvisitorflow.icu | Unknown malware payload delivery domain (confidence level: 100%) | |
domainclickstream.icu | Unknown malware payload delivery domain (confidence level: 100%) | |
domaindatapointly.icu | Unknown malware payload delivery domain (confidence level: 100%) | |
domainpagestatix.icu | Unknown malware payload delivery domain (confidence level: 100%) | |
domainsiteinsights.icu | Unknown malware payload delivery domain (confidence level: 100%) | |
domainwebpulsedata.icu | Unknown malware payload delivery domain (confidence level: 100%) | |
domainwebtracelab.icu | Unknown malware payload delivery domain (confidence level: 100%) | |
domaingooglanalitlcs.icu | Unknown malware payload delivery domain (confidence level: 100%) | |
domaingooglanalitlcs.live | Unknown malware payload delivery domain (confidence level: 100%) | |
domaingooglanalitlcs.pro | Unknown malware payload delivery domain (confidence level: 100%) | |
domaingooglanalitlcs.xyz | Unknown malware payload delivery domain (confidence level: 100%) | |
domaininsightpixel.icu | Unknown malware payload delivery domain (confidence level: 100%) | |
domainmetricspixel.live | Unknown malware payload delivery domain (confidence level: 100%) | |
domainpixelinsights.xyz | Unknown malware payload delivery domain (confidence level: 100%) | |
domainpixelmetrics.live | Unknown malware payload delivery domain (confidence level: 100%) | |
domaindatapixel.icu | Unknown malware payload delivery domain (confidence level: 100%) | |
domaindaga.guru | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domain7ff.com.br | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainopsecdefcloud.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domaincheckpointviewzen.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainnoobrate.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainasas42424.dynuddns.net | AsyncRAT botnet C2 domain (confidence level: 75%) | |
domainmgconsorcio.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmiagcore.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainfoodgefy.com | KongTuke payload delivery domain (confidence level: 100%) | |
domainmiauau.com.br | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmichaeldeleget.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainimagesping.com | ClearFake payload delivery domain (confidence level: 100%) | |
domainpingimages.com | ClearFake payload delivery domain (confidence level: 100%) | |
domainjquerymanager.com | ClearFake payload delivery domain (confidence level: 100%) | |
domainenixwegemtir.cc | ClearFake payload delivery domain (confidence level: 100%) | |
domainmichaelwander.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainregularexpressions.re | Unknown malware payload delivery domain (confidence level: 100%) | |
domainsurgicalify.pics | Unknown malware payload delivery domain (confidence level: 100%) | |
domainmisdecreaseize.pics | Unknown malware payload delivery domain (confidence level: 100%) | |
domainmisyouthfuldom.pics | Unknown malware payload delivery domain (confidence level: 100%) | |
domainovermonthlyary.pics | Unknown malware payload delivery domain (confidence level: 100%) | |
domainunderdynamicment.pics | Unknown malware payload delivery domain (confidence level: 100%) | |
domainmicoto.org | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmicrobiology.bg.ac.rs | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmicroscanning.dustwatch.co.za | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmidabau.de | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmidtownmodern.designfoody.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmidwestopenwheel.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domaintfx.it-bd.com | Vidar botnet C2 domain (confidence level: 100%) | |
domaintfx.cardiffphysio.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainxword5.duckdns.org | XWorm botnet C2 domain (confidence level: 100%) | |
domainhonerable.ydns.eu | Remcos botnet C2 domain (confidence level: 100%) | |
domainhonerable-bk.ydns.eu | Remcos botnet C2 domain (confidence level: 100%) | |
domainmikasperling.de | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmikeyandthemagicmedicine.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmilene.dicasdamilly.com.br | StrelaStealer payload delivery domain (confidence level: 100%) | |
domaingrouphomesflorida.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainwinestoragecalifornia.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainvirginiasecuritysystem.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainpageld.club | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainthinlpr.buzz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaintouchfh.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaintestdf.club | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainkaboim.club | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaingenetiz.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainscrewd.club | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaindarkbq.club | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincredil.club | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainwipez.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainintegri.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmensare.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincanvasn.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainconvexm.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainiivouw.club | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domain3li6xvqk.rapidmatrix.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domainiwkzzjit.rapidmatrix.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domainmiloserd.ru | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmiloukempers.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmimundofinanciero.online | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainminalou-cosplay.de | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmindbodyandflow.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainminegocio-digital.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmineralmed.de | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainh0kuelyp.modernsignal.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domains2s942l0.modernsignal.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domainminerfin-ukraine.com.ua | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainminerva-academy.org | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainminhafertilidade.com.br | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainminiarture.com.tr | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainminidramy.pl | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainminikyildizlar.com.tr | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainminimatrix.in | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainminimaxinvestor.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainvps3000.kozow.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainfeb237777.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainbj88games.cool | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainmalware.bj88games.cool | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainrat.bj88games.cool | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaingekw-55463.portmap.host | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainv4.210hosting.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainbkn-extrnets.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaincrazymanthingz.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domaingraceforrealzeternity.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainwww.gieable.shop | Unknown malware payload delivery domain (confidence level: 100%) | |
domainmintdentalfamily.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmip-portal.ru | StrelaStealer payload delivery domain (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://154.94.237.240:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://dblanka.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttp://185.182.187.151/api/agent/register | Unknown RAT botnet C2 (confidence level: 100%) | |
urlhttp://185.182.187.151/ws/agent | Unknown RAT botnet C2 (confidence level: 100%) | |
urlhttps://74.0.32.70/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://138.226.237.176/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://74.0.48.29/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://46.225.101.68/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://74.0.32.8/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://95.216.251.49/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://gor.it-bd.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://gor.cardiffphysio.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://oklefe.com/server.php | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://oklefe.com/helpu.php | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://oklefe.com/test.php | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://oklefe.com/configpack.zip | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://oklefe.com/data.php | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://oklefe.com/data.zip | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://dltruek.com/data.php | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://dltruek.com/data.zip | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://dltruek.com/configpack.zip | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://dltruek.com/test.php | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://dltruek.com/helpu.php | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://ldture.com/server.php | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttp://154.221.21.196:8443/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://65.21.200.30/1b8295a7e0284b08.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttps://analyticshore.icu/ext.42d17f53da07.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://analyticshore.icu/ext-b.8212ebb6b622.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://metricvault.icu/ext.42d17f53da07.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://metricvault.icu/ext-b.8212ebb6b622.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://trackmetrica.icu/ext.42d17f53da07.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://trackmetrica.icu/ext-b.8212ebb6b622.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://visitorflow.icu/ext.42d17f53da07.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://visitorflow.icu/ext-b.8212ebb6b622.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://clickstream.icu/ext.42d17f53da07.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://clickstream.icu/ext-b.8212ebb6b622.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://datapointly.icu/ext.42d17f53da07.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://datapointly.icu/ext-b.8212ebb6b622.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://pagestatix.icu/ext.42d17f53da07.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://pagestatix.icu/ext-b.8212ebb6b622.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://siteinsights.icu/ext.42d17f53da07.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://siteinsights.icu/ext-b.8212ebb6b622.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://webpulsedata.icu/ext.42d17f53da07.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://webpulsedata.icu/ext-b.8212ebb6b622.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://webtracelab.icu/ext.42d17f53da07.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://webtracelab.icu/ext-b.8212ebb6b622.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://googlanalitlcs.icu/ext.42d17f53da07.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://googlanalitlcs.icu/ext-b.8212ebb6b622.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://googlanalitlcs.live/ext.42d17f53da07.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://googlanalitlcs.live/ext-b.8212ebb6b622.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://googlanalitlcs.pro/ext.42d17f53da07.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://googlanalitlcs.pro/ext-b.8212ebb6b622.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://googlanalitlcs.xyz/ext.42d17f53da07.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://googlanalitlcs.xyz/ext-b.8212ebb6b622.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://insightpixel.icu/ext.42d17f53da07.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://insightpixel.icu/ext-b.8212ebb6b622.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://metricspixel.live/ext.42d17f53da07.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://metricspixel.live/ext-b.8212ebb6b622.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://pixelinsights.xyz/ext.42d17f53da07.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://pixelinsights.xyz/ext-b.8212ebb6b622.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://pixelmetrics.live/ext.42d17f53da07.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://pixelmetrics.live/ext-b.8212ebb6b622.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://datapixel.icu/ext.42d17f53da07.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://datapixel.icu/ext-b.8212ebb6b622.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://opsecdefcloud.com/api/css.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://noobrate.com/api/css.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://5.61.40.97:45332 | XMRIG botnet C2 (confidence level: 50%) | |
urlhttps://foodgefy.com/6o0jk.js | KongTuke payload delivery URL (confidence level: 100%) | |
urlhttps://foodgefy.com/js.php | KongTuke payload delivery URL (confidence level: 100%) | |
urlhttps://tfx.it-bd.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://tfx.cardiffphysio.com/ | Vidar botnet C2 (confidence level: 100%) |
Threat ID: 699e3dfab7ef31ef0b77ae66
Added to database: 2/25/2026, 12:10:34 AM
Last enriched: 2/25/2026, 12:11:16 AM
Last updated: 2/25/2026, 5:41:33 AM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Sort by
Loading community insights…
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
Maltrail IOC for 2026-02-24
MediumMalwareTue Feb 24 2026
‘Arkanix Stealer’ Malware Disappears Shortly After Debut
MediumMalwareTue Feb 24 2026
Malicious OpenClaw Skills Used to Distribute Atomic MacOS Stealer
MediumMalwareTue Feb 24 2026
Four Malicious NuGet Packages Target ASP.NET Developers With JIT Hooking and Credential Exfiltration
MediumMalwareTue Feb 24 2026
ThreatFox IOCs for 2026-02-23
MediumMalwareTue Feb 24 2026
Actions
PRO
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Please log in to the Console to use AI analysis features.
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.