Skip to main content
Threat Radar animated logo
DashboardThreatsMapFeedsAPILifetime Access
reconnecting
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

ThreatFox IOCs for 2026-02-28

0
Medium
Malwaretype:osinttlp:white
Published: Sat Feb 28 2026 (02/28/2026, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2026-02-28

AI-Powered Analysis

AILast updated: 03/01/2026, 00:10:25 UTC

Technical Analysis

The provided information pertains to a malware-related threat intelligence report published on February 28, 2026, sourced from the ThreatFox MISP feed, which is a platform for sharing threat indicators and intelligence. The report is classified under OSINT (Open Source Intelligence), network activity, and payload delivery categories, suggesting the threat involves malware distribution or communication patterns detectable via network monitoring. However, the report lacks specific technical details such as malware family names, attack vectors, affected software versions, or concrete Indicators of Compromise (IOCs). No patches or fixes are available, and there are no known exploits actively used in the wild, indicating this may be a preliminary or low-activity threat report. The threat level is marked as medium, reflecting moderate concern but limited actionable information. The absence of CWE identifiers and detailed analysis limits the ability to understand the exact nature of the malware or its delivery mechanisms. The UUID and timestamps indicate internal tracking but do not provide further insight. Overall, this appears to be an OSINT-based alert intended to inform security teams of potential malware-related network activity without immediate evidence of exploitation or impact.

Potential Impact

Given the lack of detailed technical information and absence of known exploits in the wild, the immediate impact of this threat on organizations is likely limited. However, the categorization under payload delivery and network activity suggests potential risks of malware infection through network vectors if the threat evolves or is exploited in the future. Organizations worldwide could face risks such as unauthorized access, data exfiltration, or service disruption if this malware becomes active and widespread. The medium severity rating implies moderate potential for confidentiality, integrity, or availability impact, but the current lack of exploitation reduces urgency. Without specific IOCs or affected products, targeted defense is challenging, increasing the risk of undetected infections if organizations do not maintain robust network monitoring and threat intelligence capabilities. The impact is therefore more preventive and preparatory rather than reactive at this stage.

Mitigation Recommendations

1. Integrate ThreatFox MISP feed and other OSINT sources into existing Security Information and Event Management (SIEM) and Intrusion Detection Systems (IDS) to enhance detection of emerging malware-related network activity. 2. Conduct regular network traffic analysis focusing on unusual payload delivery patterns or anomalies that could indicate malware communication or infection attempts. 3. Maintain up-to-date endpoint protection and network segmentation to limit potential malware spread even in the absence of specific patches. 4. Implement strict access controls and monitor for unusual authentication or lateral movement behaviors that could signal compromise. 5. Train security teams to recognize and respond to generic malware indicators and to escalate suspicious findings for deeper forensic analysis. 6. Establish incident response playbooks that include procedures for handling unknown or emerging malware threats with limited initial information. 7. Collaborate with threat intelligence communities to share findings and receive updates on any evolution of this threat. These steps go beyond generic advice by emphasizing proactive intelligence integration, network behavior analysis, and preparedness for low-information threat scenarios.

Affected Countries

United StatesUnited States
United KingdomUnited Kingdom
GermanyGermany
FranceFrance
CanadaCanada
AustraliaAustralia
JapanJapan
South KoreaSouth Korea
NetherlandsNetherlands
SwedenSweden
Need more detailed analysis?Upgrade to Pro Console

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
d7c053f8-d1ae-4119-89fe-41e1afa48390
Original Timestamp
1772323387

Indicators of Compromise

File

ValueDescriptionCopy
file94.156.152.67
Mirai botnet C2 server (confidence level: 100%)
file23.248.213.115
Cobalt Strike botnet C2 server (confidence level: 100%)
file130.94.33.141
GobRAT botnet C2 server (confidence level: 100%)
file65.108.225.254
Sliver botnet C2 server (confidence level: 100%)
file199.101.111.143
Meterpreter botnet C2 server (confidence level: 100%)
file78.29.43.89
NjRAT botnet C2 server (confidence level: 100%)
file45.135.194.23
Mirai botnet C2 server (confidence level: 80%)
file59.110.40.60
Cobalt Strike botnet C2 server (confidence level: 75%)
file156.224.28.186
Cobalt Strike botnet C2 server (confidence level: 100%)
file178.255.244.5
Unknown malware botnet C2 server (confidence level: 100%)
file20.246.108.209
Unknown malware botnet C2 server (confidence level: 100%)
file20.246.108.209
Unknown malware botnet C2 server (confidence level: 100%)
file89.223.95.22
Havoc botnet C2 server (confidence level: 100%)
file115.231.70.49
Xtreme RAT botnet C2 server (confidence level: 100%)
file8.219.102.252
Xtreme RAT botnet C2 server (confidence level: 100%)
file115.191.53.193
Cobalt Strike botnet C2 server (confidence level: 100%)
file113.44.189.231
Cobalt Strike botnet C2 server (confidence level: 100%)
file137.220.224.90
Ghost RAT botnet C2 server (confidence level: 100%)
file107.148.49.212
pupy botnet C2 server (confidence level: 100%)
file116.102.239.155
Venom RAT botnet C2 server (confidence level: 100%)
file16.171.60.27
Meterpreter botnet C2 server (confidence level: 100%)
file146.190.227.147
Aisuru botnet C2 server (confidence level: 100%)
file152.53.82.239
CASTLELOADER botnet C2 server (confidence level: 75%)
file209.25.140.25
XWorm botnet C2 server (confidence level: 100%)
file114.132.222.244
Cobalt Strike botnet C2 server (confidence level: 100%)
file137.220.224.87
Ghost RAT botnet C2 server (confidence level: 75%)
file114.66.10.128
Ghost RAT botnet C2 server (confidence level: 75%)
file210.56.48.3
Unknown malware botnet C2 server (confidence level: 100%)
file143.92.51.45
Cobalt Strike botnet C2 server (confidence level: 100%)
file49.234.13.50
Cobalt Strike botnet C2 server (confidence level: 100%)
file91.92.243.101
SectopRAT botnet C2 server (confidence level: 100%)
file188.166.233.12
Unknown malware botnet C2 server (confidence level: 100%)
file94.154.35.160
DCRat botnet C2 server (confidence level: 100%)
file116.26.11.203
DeimosC2 botnet C2 server (confidence level: 75%)
file18.175.12.44
DeimosC2 botnet C2 server (confidence level: 75%)
file206.189.12.191
BianLian botnet C2 server (confidence level: 75%)
file209.131.67.60
DeimosC2 botnet C2 server (confidence level: 75%)
file213.183.41.212
DeimosC2 botnet C2 server (confidence level: 75%)
file99.83.243.110
DeimosC2 botnet C2 server (confidence level: 75%)
file104.21.11.106
AsyncRAT botnet C2 server (confidence level: 50%)
file104.21.11.106
AsyncRAT botnet C2 server (confidence level: 50%)
file104.21.11.106
AsyncRAT botnet C2 server (confidence level: 50%)
file104.21.11.106
AsyncRAT botnet C2 server (confidence level: 50%)
file104.21.11.106
AsyncRAT botnet C2 server (confidence level: 50%)
file104.21.11.106
AsyncRAT botnet C2 server (confidence level: 50%)
file104.21.65.59
AsyncRAT botnet C2 server (confidence level: 50%)
file104.21.65.59
AsyncRAT botnet C2 server (confidence level: 50%)
file104.21.65.59
AsyncRAT botnet C2 server (confidence level: 50%)
file104.21.65.59
AsyncRAT botnet C2 server (confidence level: 50%)
file104.21.65.59
AsyncRAT botnet C2 server (confidence level: 50%)
file104.21.65.59
AsyncRAT botnet C2 server (confidence level: 50%)
file172.67.148.197
AsyncRAT botnet C2 server (confidence level: 50%)
file172.67.148.197
AsyncRAT botnet C2 server (confidence level: 50%)
file172.67.148.197
AsyncRAT botnet C2 server (confidence level: 50%)
file172.67.148.197
AsyncRAT botnet C2 server (confidence level: 50%)
file172.67.148.197
AsyncRAT botnet C2 server (confidence level: 50%)
file172.67.148.197
AsyncRAT botnet C2 server (confidence level: 50%)
file172.67.188.245
AsyncRAT botnet C2 server (confidence level: 50%)
file172.67.188.245
AsyncRAT botnet C2 server (confidence level: 50%)
file172.67.188.245
AsyncRAT botnet C2 server (confidence level: 50%)
file172.67.188.245
AsyncRAT botnet C2 server (confidence level: 50%)
file172.67.188.245
AsyncRAT botnet C2 server (confidence level: 50%)
file172.67.188.245
AsyncRAT botnet C2 server (confidence level: 50%)
file158.94.211.76
Unknown malware botnet C2 server (confidence level: 75%)
file192.158.232.90
Unknown RAT botnet C2 server (confidence level: 75%)
file192.3.27.141
Remcos botnet C2 server (confidence level: 75%)
file192.109.200.63
Amatera botnet C2 server (confidence level: 75%)
file195.2.93.115
Amatera botnet C2 server (confidence level: 75%)
file194.164.34.182
Amatera botnet C2 server (confidence level: 75%)
file114.132.222.244
Cobalt Strike botnet C2 server (confidence level: 75%)
file193.112.116.34
Cobalt Strike botnet C2 server (confidence level: 75%)
file188.227.14.105
Cobalt Strike botnet C2 server (confidence level: 100%)
file23.226.58.107
Cobalt Strike botnet C2 server (confidence level: 100%)
file171.80.9.201
Ghost RAT botnet C2 server (confidence level: 75%)
file45.113.1.204
Unknown malware botnet C2 server (confidence level: 100%)
file121.43.165.164
Xtreme RAT botnet C2 server (confidence level: 100%)
file46.246.143.163
QakBot botnet C2 server (confidence level: 100%)
file108.187.43.3
Ghost RAT botnet C2 server (confidence level: 100%)
file108.187.43.3
Ghost RAT botnet C2 server (confidence level: 100%)
file108.187.43.3
Ghost RAT botnet C2 server (confidence level: 100%)
file46.101.85.248
Aisuru botnet C2 server (confidence level: 100%)
file162.245.218.32
Remcos botnet C2 server (confidence level: 100%)
file94.26.106.194
SectopRAT botnet C2 server (confidence level: 100%)
file199.247.18.13
AdaptixC2 botnet C2 server (confidence level: 100%)
file40.177.84.74
Meterpreter botnet C2 server (confidence level: 100%)
file45.131.214.85
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file203.91.74.229
Cobalt Strike botnet C2 server (confidence level: 100%)
file16.171.144.81
Sliver botnet C2 server (confidence level: 90%)
file103.39.79.102
Unknown malware botnet C2 server (confidence level: 100%)
file5.101.86.39
Remcos botnet C2 server (confidence level: 100%)
file45.11.88.42
Remcos botnet C2 server (confidence level: 100%)
file107.172.31.107
Remcos botnet C2 server (confidence level: 100%)
file43.134.182.33
Sliver botnet C2 server (confidence level: 100%)
file3.28.185.66
Meterpreter botnet C2 server (confidence level: 100%)
file16.26.101.66
Meterpreter botnet C2 server (confidence level: 100%)
file27.124.38.151
ValleyRAT botnet C2 server (confidence level: 100%)
file130.12.180.171
Mirai botnet C2 server (confidence level: 80%)
file192.252.187.56
ValleyRAT botnet C2 server (confidence level: 100%)
file192.252.187.56
ValleyRAT botnet C2 server (confidence level: 75%)
file151.242.152.192
ValleyRAT botnet C2 server (confidence level: 100%)
file178.215.236.158
SpyNote botnet C2 server (confidence level: 100%)
file160.176.93.56
DCRat botnet C2 server (confidence level: 75%)
file162.245.218.27
Remcos botnet C2 server (confidence level: 75%)
file218.255.179.148
DeimosC2 botnet C2 server (confidence level: 75%)
file94.154.35.160
DCRat botnet C2 server (confidence level: 75%)
file139.180.135.37
Cobalt Strike botnet C2 server (confidence level: 100%)
file192.252.187.26
Sliver botnet C2 server (confidence level: 90%)
file104.168.70.190
AsyncRAT botnet C2 server (confidence level: 100%)
file43.153.117.231
Hook botnet C2 server (confidence level: 100%)
file154.201.70.140
Quasar RAT botnet C2 server (confidence level: 100%)
file62.60.226.97
Unknown Stealer botnet C2 server (confidence level: 75%)
file158.94.211.185
DCRat botnet C2 server (confidence level: 100%)
file162.212.153.138
Sliver botnet C2 server (confidence level: 100%)
file46.19.66.166
AdaptixC2 botnet C2 server (confidence level: 100%)
file199.101.111.91
Meterpreter botnet C2 server (confidence level: 100%)
file51.84.57.108
Meterpreter botnet C2 server (confidence level: 100%)
file43.209.252.203
Meterpreter botnet C2 server (confidence level: 100%)
file188.137.228.57
Empire Downloader botnet C2 server (confidence level: 100%)
file43.240.239.252
Cobalt Strike botnet C2 server (confidence level: 100%)
file95.181.162.121
Unknown malware botnet C2 server (confidence level: 100%)
file188.166.233.12
Unknown malware botnet C2 server (confidence level: 100%)
file118.107.47.84
Quasar RAT botnet C2 server (confidence level: 100%)
file154.201.70.163
Quasar RAT botnet C2 server (confidence level: 100%)
file154.201.70.149
Quasar RAT botnet C2 server (confidence level: 100%)
file43.205.82.171
Havoc botnet C2 server (confidence level: 100%)
file3.109.134.4
Havoc botnet C2 server (confidence level: 100%)
file223.109.206.176
Xtreme RAT botnet C2 server (confidence level: 100%)
file61.216.92.127
Xtreme RAT botnet C2 server (confidence level: 100%)

Hash

ValueDescriptionCopy
hash8657
Mirai botnet C2 server (confidence level: 100%)
hash22560
Cobalt Strike botnet C2 server (confidence level: 100%)
hash42208
GobRAT botnet C2 server (confidence level: 100%)
hash8443
Sliver botnet C2 server (confidence level: 100%)
hash3790
Meterpreter botnet C2 server (confidence level: 100%)
hash40978
NjRAT botnet C2 server (confidence level: 100%)
hash1302
Mirai botnet C2 server (confidence level: 80%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash56260
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash10001
Xtreme RAT botnet C2 server (confidence level: 100%)
hash10001
Xtreme RAT botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Ghost RAT botnet C2 server (confidence level: 100%)
hash8443
pupy botnet C2 server (confidence level: 100%)
hash6000
Venom RAT botnet C2 server (confidence level: 100%)
hash42833
Meterpreter botnet C2 server (confidence level: 100%)
hash8443
Aisuru botnet C2 server (confidence level: 100%)
hash3003
CASTLELOADER botnet C2 server (confidence level: 75%)
hash27034
XWorm botnet C2 server (confidence level: 100%)
hash30222
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Ghost RAT botnet C2 server (confidence level: 75%)
hash8080
Ghost RAT botnet C2 server (confidence level: 75%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9000
SectopRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash83
DCRat botnet C2 server (confidence level: 100%)
hash36020
DeimosC2 botnet C2 server (confidence level: 75%)
hash8443
DeimosC2 botnet C2 server (confidence level: 75%)
hash8443
BianLian botnet C2 server (confidence level: 75%)
hash32135
DeimosC2 botnet C2 server (confidence level: 75%)
hash74
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash4782
AsyncRAT botnet C2 server (confidence level: 50%)
hash6606
AsyncRAT botnet C2 server (confidence level: 50%)
hash7707
AsyncRAT botnet C2 server (confidence level: 50%)
hash8808
AsyncRAT botnet C2 server (confidence level: 50%)
hash8848
AsyncRAT botnet C2 server (confidence level: 50%)
hash8888
AsyncRAT botnet C2 server (confidence level: 50%)
hash4782
AsyncRAT botnet C2 server (confidence level: 50%)
hash6606
AsyncRAT botnet C2 server (confidence level: 50%)
hash7707
AsyncRAT botnet C2 server (confidence level: 50%)
hash8808
AsyncRAT botnet C2 server (confidence level: 50%)
hash8848
AsyncRAT botnet C2 server (confidence level: 50%)
hash8888
AsyncRAT botnet C2 server (confidence level: 50%)
hash4782
AsyncRAT botnet C2 server (confidence level: 50%)
hash6606
AsyncRAT botnet C2 server (confidence level: 50%)
hash7707
AsyncRAT botnet C2 server (confidence level: 50%)
hash8808
AsyncRAT botnet C2 server (confidence level: 50%)
hash8848
AsyncRAT botnet C2 server (confidence level: 50%)
hash8888
AsyncRAT botnet C2 server (confidence level: 50%)
hash4782
AsyncRAT botnet C2 server (confidence level: 50%)
hash6606
AsyncRAT botnet C2 server (confidence level: 50%)
hash7707
AsyncRAT botnet C2 server (confidence level: 50%)
hash8808
AsyncRAT botnet C2 server (confidence level: 50%)
hash8848
AsyncRAT botnet C2 server (confidence level: 50%)
hash8888
AsyncRAT botnet C2 server (confidence level: 50%)
hash7273
Unknown malware botnet C2 server (confidence level: 75%)
hash8041
Unknown RAT botnet C2 server (confidence level: 75%)
hash8087
Remcos botnet C2 server (confidence level: 75%)
hash80
Amatera botnet C2 server (confidence level: 75%)
hash80
Amatera botnet C2 server (confidence level: 75%)
hash443
Amatera botnet C2 server (confidence level: 75%)
hash8089
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8089
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash13824
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8002
Ghost RAT botnet C2 server (confidence level: 75%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash10001
Xtreme RAT botnet C2 server (confidence level: 100%)
hash995
QakBot botnet C2 server (confidence level: 100%)
hash1799
Ghost RAT botnet C2 server (confidence level: 100%)
hash443
Ghost RAT botnet C2 server (confidence level: 100%)
hash80
Ghost RAT botnet C2 server (confidence level: 100%)
hash12345
Aisuru botnet C2 server (confidence level: 100%)
hash1000
Remcos botnet C2 server (confidence level: 100%)
hash9000
SectopRAT botnet C2 server (confidence level: 100%)
hash4444
AdaptixC2 botnet C2 server (confidence level: 100%)
hash6005
Meterpreter botnet C2 server (confidence level: 100%)
hash443
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash18444
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 90%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash2428
Remcos botnet C2 server (confidence level: 100%)
hash3241
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash80
Sliver botnet C2 server (confidence level: 100%)
hash17777
Meterpreter botnet C2 server (confidence level: 100%)
hash7170
Meterpreter botnet C2 server (confidence level: 100%)
hash443
ValleyRAT botnet C2 server (confidence level: 100%)
hash45
Mirai botnet C2 server (confidence level: 80%)
hash8443
ValleyRAT botnet C2 server (confidence level: 100%)
hash443
ValleyRAT botnet C2 server (confidence level: 75%)
hash9633
ValleyRAT botnet C2 server (confidence level: 100%)
hash7771
SpyNote botnet C2 server (confidence level: 100%)
hash81
DCRat botnet C2 server (confidence level: 75%)
hash4444
Remcos botnet C2 server (confidence level: 75%)
hash36089
DeimosC2 botnet C2 server (confidence level: 75%)
hash82
DCRat botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 90%)
hash7777
AsyncRAT botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash443
Quasar RAT botnet C2 server (confidence level: 100%)
hash5553
Unknown Stealer botnet C2 server (confidence level: 75%)
hash207
DCRat botnet C2 server (confidence level: 100%)
hash8080
Sliver botnet C2 server (confidence level: 100%)
hash80
AdaptixC2 botnet C2 server (confidence level: 100%)
hash3790
Meterpreter botnet C2 server (confidence level: 100%)
hash38002
Meterpreter botnet C2 server (confidence level: 100%)
hash6009
Meterpreter botnet C2 server (confidence level: 100%)
hash80
Empire Downloader botnet C2 server (confidence level: 100%)
hash13824
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Quasar RAT botnet C2 server (confidence level: 100%)
hash443
Quasar RAT botnet C2 server (confidence level: 100%)
hash443
Quasar RAT botnet C2 server (confidence level: 100%)
hash80
Havoc botnet C2 server (confidence level: 100%)
hash80
Havoc botnet C2 server (confidence level: 100%)
hash10001
Xtreme RAT botnet C2 server (confidence level: 100%)
hash10001
Xtreme RAT botnet C2 server (confidence level: 100%)

Url

ValueDescriptionCopy
urlhttp://89.169.12.245/api/nte3yjdjnwu1njyznju2yta1n2y=
SmartLoader botnet C2 (confidence level: 75%)
urlhttp://213.176.73.160/api/nte3yjdjnwu1njyznju2yta1n2y=
SmartLoader botnet C2 (confidence level: 75%)
urlhttps://store-image.sbs/api/css.js
Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://yutoridesignpty.com/test.php
Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://yutoridesignpty.com/configpack.zip
Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://yutoridesignpty.com/helpu.php
Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://yutoridesignpty.com/server.php
Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://yutoridesignpty.com/data.php
Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://yutoridesignpty.com/data.zip
Unknown malware payload delivery URL (confidence level: 100%)
urlhttp://192.109.200.63/reload
Amatera botnet C2 (confidence level: 100%)
urlhttp://192.109.200.63/regevent
Amatera botnet C2 (confidence level: 100%)
urlhttps://steamcommunity.com/profiles/76561198035868993
Stealc botnet C2 (confidence level: 100%)
urlhttps://91.99.163.84/
Vidar botnet C2 (confidence level: 100%)
urlhttp://cheapeboobler.cc:8080/updater?for=2af7e3df852b30fa534bed6e881ced0a
Unknown malware botnet C2 (confidence level: 100%)
urlhttps://www.walwood.be/
Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://walwood.be/
Unknown malware payload delivery URL (confidence level: 90%)

Domain

ValueDescriptionCopy
domainmatovicaccounting.com.au
StrelaStealer payload delivery domain (confidence level: 100%)
domainmatteotostoni.de
StrelaStealer payload delivery domain (confidence level: 100%)
domain45.135.194.23.ptr.pfcloud.network
Mirai botnet C2 domain (confidence level: 80%)
domainmatthewspj.ca
StrelaStealer payload delivery domain (confidence level: 100%)
domainmatthiaserath.de
StrelaStealer payload delivery domain (confidence level: 100%)
domainmattsmachineshop.co.uk
StrelaStealer payload delivery domain (confidence level: 100%)
domainmawani.net
StrelaStealer payload delivery domain (confidence level: 100%)
domainakiyonoguchi.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainartiminds.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainatex.akiyonoguchi.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainatex.artiminds.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainatex.braniffpages.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainbackup.akiyonoguchi.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainbackup.artiminds.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainbackup.braniffpages.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domaindata.akiyonoguchi.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domaindata.artiminds.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domaindata.braniffpages.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainddos.akiyonoguchi.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainddos.artiminds.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainddos.braniffpages.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainmalware.akiyonoguchi.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainmalware.artiminds.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainmalware.braniffpages.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainphishing.akiyonoguchi.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainphishing.artiminds.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainphishing.braniffpages.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainquantri.akiyonoguchi.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainquantri.artiminds.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainquantri.braniffpages.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainv2.akiyonoguchi.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainv2.artiminds.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainv2.braniffpages.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainv3.akiyonoguchi.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainv3.artiminds.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainv3.braniffpages.com
AsyncRAT botnet C2 domain (confidence level: 75%)
domainmls-home-listings.com
StrelaStealer payload delivery domain (confidence level: 100%)
domainmisled.picklescoop.com
StrelaStealer payload delivery domain (confidence level: 100%)
domainlususlee.com
StrelaStealer payload delivery domain (confidence level: 100%)
domainluukva.site.transip.me
StrelaStealer payload delivery domain (confidence level: 100%)
domainmayhematthemarket.com
StrelaStealer payload delivery domain (confidence level: 100%)
domainmaynuocnongsolahart.vn
StrelaStealer payload delivery domain (confidence level: 100%)
domainmayprint.ma
StrelaStealer payload delivery domain (confidence level: 100%)
domainmazurskiwypoczynek.com.pl
StrelaStealer payload delivery domain (confidence level: 100%)
domainmbm.maximelauzier.dev
StrelaStealer payload delivery domain (confidence level: 100%)
domainmclawpc.com
StrelaStealer payload delivery domain (confidence level: 100%)
domain7v4hd5u6r.localto.net
XWorm botnet C2 domain (confidence level: 100%)
domain5mux6rtj8.localto.net
XWorm botnet C2 domain (confidence level: 100%)
domainunenvied-saskatoon.with.playit.plus
XWorm botnet C2 domain (confidence level: 100%)
domaina.pinggy.io
XWorm botnet C2 domain (confidence level: 100%)
domaindecrvv.ru.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domaindownload-book.jp.net
AsyncRAT botnet C2 domain (confidence level: 100%)
domainmco.edu.vn
StrelaStealer payload delivery domain (confidence level: 100%)
domainmcwedding.topvacations.com
StrelaStealer payload delivery domain (confidence level: 100%)
domainmczcontemplados.com.br
StrelaStealer payload delivery domain (confidence level: 100%)
domainmdaestheticsmobilebay.com
StrelaStealer payload delivery domain (confidence level: 100%)
domainmdatemp.com
StrelaStealer payload delivery domain (confidence level: 100%)
domainmddgroup.ro
StrelaStealer payload delivery domain (confidence level: 100%)
domainstore-image.sbs
Unknown malware payload delivery domain (confidence level: 100%)
domainyutoridesignpty.com
Unknown malware payload delivery domain (confidence level: 100%)
domainwmqbd7l8.opticprime.digital
ClearFake payload delivery domain (confidence level: 100%)
domain95zxw7vw.opticprime.digital
ClearFake payload delivery domain (confidence level: 100%)
domainmebelarity.com
StrelaStealer payload delivery domain (confidence level: 100%)
domain9gztfgi4.synthgrid.digital
ClearFake payload delivery domain (confidence level: 100%)
domainzpcm9g8o.synthgrid.digital
ClearFake payload delivery domain (confidence level: 100%)
domainmediation-eberherr.de
StrelaStealer payload delivery domain (confidence level: 100%)
domainmediazionefamiliarepn.com
StrelaStealer payload delivery domain (confidence level: 100%)
domainwalwood.be
IClickFix payload delivery domain (confidence level: 50%)
domaincastellodiviano.it
IClickFix payload delivery domain (confidence level: 50%)
domaingrowfuture.in.net
AsyncRAT botnet C2 domain (confidence level: 50%)
domainnbaz.it.com
AsyncRAT botnet C2 domain (confidence level: 50%)
domainvco6haqa.optiweave.digital
ClearFake payload delivery domain (confidence level: 100%)
domaindenidsdneisaas3.dynuddns.com
DCRat botnet C2 domain (confidence level: 50%)
domainsealllyzo-56611.portmap.host
DCRat botnet C2 domain (confidence level: 50%)
domaingctradlng.in
Remcos botnet C2 domain (confidence level: 50%)
domainq8dmuuna.optiweave.digital
ClearFake payload delivery domain (confidence level: 100%)
domainscan.aryamint.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainlrjovevg.cyberlens.digital
ClearFake payload delivery domain (confidence level: 100%)
domainww1xqffa.cyberlens.digital
ClearFake payload delivery domain (confidence level: 100%)
domainkuy.eu.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainwin1011.ddns.net
Quasar RAT botnet C2 domain (confidence level: 100%)
domainmeditech.webdesignnoida.in
StrelaStealer payload delivery domain (confidence level: 100%)
domainconnected.enzstack.xyz
Unknown malware botnet C2 domain (confidence level: 100%)
domainursosmart.lol
Unknown Stealer botnet C2 domain (confidence level: 100%)
domainmedseabrasil.com
StrelaStealer payload delivery domain (confidence level: 100%)
domainihcoghbj.cortexforge.digital
ClearFake payload delivery domain (confidence level: 100%)
domainz2wx6ccc.cortexforge.digital
ClearFake payload delivery domain (confidence level: 100%)
domaindeceptpower.onfinality.pro
Unknown Stealer botnet C2 domain (confidence level: 100%)
domainfdasfsd-51675.portmap.host
XWorm botnet C2 domain (confidence level: 100%)
domaininteractiom.top
Unknown Stealer botnet C2 domain (confidence level: 100%)
domain9cxnwc3a.mozillacola.digital
ClearFake payload delivery domain (confidence level: 100%)
domaindmv2ddsm.mozillacola.digital
ClearFake payload delivery domain (confidence level: 100%)
domainmelocatalogo.meloteste.site
StrelaStealer payload delivery domain (confidence level: 100%)
domainoperafanta.digital
ClearFake payload delivery domain (confidence level: 100%)
domainr0e3fpkc.operafanta.digital
ClearFake payload delivery domain (confidence level: 100%)
domainadblueturkey.com
Unknown Stealer payload delivery domain (confidence level: 100%)
domainberlinphysiotherapie.com
Unknown Stealer payload delivery domain (confidence level: 100%)
domainarayapps.cl
Unknown Stealer payload delivery domain (confidence level: 100%)
domaincatalogocanjefideliza.amsd.cl
Unknown Stealer payload delivery domain (confidence level: 100%)
domaincoveney-ltd.com
Unknown Stealer payload delivery domain (confidence level: 100%)
domaincpcalendars.beverlyhillmanor.com
Unknown Stealer payload delivery domain (confidence level: 100%)
domaincustomblindinstall.com
Unknown Stealer payload delivery domain (confidence level: 100%)
domainceymox.xyz
Unknown Stealer payload delivery domain (confidence level: 100%)
domainfundingfactors.com
Unknown Stealer payload delivery domain (confidence level: 100%)
domainmail.castlefordlocksmiths.co.uk
Unknown Stealer payload delivery domain (confidence level: 100%)
domainmail.fundacion-primavera.org
Unknown Stealer payload delivery domain (confidence level: 100%)
domainmail.tileroofinglasvegas.com
Unknown Stealer payload delivery domain (confidence level: 100%)
domainmcash.trumpcode.com
Unknown Stealer payload delivery domain (confidence level: 100%)
domainmail.kalantarilaw.com
Unknown Stealer payload delivery domain (confidence level: 100%)
domainsoftlima.com.br
Unknown Stealer payload delivery domain (confidence level: 100%)
domainsprayboothspecialists.com
Unknown Stealer botnet C2 domain (confidence level: 100%)
domainarthconsultancy.com
Unknown Stealer botnet C2 domain (confidence level: 100%)
domainpasbdyi.cyou
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainchamkzw.cyou
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainkinyqxr.cyou
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainmentorni.com
StrelaStealer payload delivery domain (confidence level: 100%)
domain800kc64u.chromepepsi.digital
ClearFake payload delivery domain (confidence level: 100%)
domainkn1kwx56.chromepepsi.digital
ClearFake payload delivery domain (confidence level: 100%)
domainmerac.no
StrelaStealer payload delivery domain (confidence level: 100%)
domainmersa.com.do
StrelaStealer payload delivery domain (confidence level: 100%)
domaincornilleau.ru.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainmetaverzse.com
StrelaStealer payload delivery domain (confidence level: 100%)
domainsadexity-32220.portmap.host
Quasar RAT botnet C2 domain (confidence level: 100%)
domainmexico.is
StrelaStealer payload delivery domain (confidence level: 100%)
domainmfk.toys
StrelaStealer payload delivery domain (confidence level: 100%)
domainmfsetiquetas.com.br
StrelaStealer payload delivery domain (confidence level: 100%)
domainmgmoulamiah.com
StrelaStealer payload delivery domain (confidence level: 100%)
domainmhyklnieves.com
StrelaStealer payload delivery domain (confidence level: 100%)
domainmialcubo.cl
StrelaStealer payload delivery domain (confidence level: 100%)
domainmiatafcr.com
StrelaStealer payload delivery domain (confidence level: 100%)
domainmic.uilpa.it
StrelaStealer payload delivery domain (confidence level: 100%)
domainatex.megology.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainbackup.megology.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domaindata.megology.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainddos.megology.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainmalware.megology.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainphishing.megology.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainquantri.megology.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainv2.megology.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainv3.megology.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainatex.fshcgroup.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainbackup.fshcgroup.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domaindata.fshcgroup.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainddos.fshcgroup.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainmalware.fshcgroup.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainphishing.fshcgroup.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainquantri.fshcgroup.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainv2.fshcgroup.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainv3.fshcgroup.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainbet88cf.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainbet88nr.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainbet88tm.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domaintinhthongaz.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainwww.bet88ce.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainwww.bet88ec.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainwww.bet88ga.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainwww.bet88so.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainwww.bet88va.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainwww.bet88ve.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainwww.bet88we.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainwww.bet88zi.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainwww.bet88zu.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainwww.tinhthongaz.co
AsyncRAT botnet C2 domain (confidence level: 100%)
domainatex.cclp.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainbackup.cclp.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domaindata.cclp.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainddos.cclp.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainmalware.cclp.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainphishing.cclp.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainquantri.cclp.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainv2.cclp.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainv3.cclp.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainatex.diamundialradio.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainbackup.diamundialradio.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domaindata.diamundialradio.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainddos.diamundialradio.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainmalware.diamundialradio.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainphishing.diamundialradio.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainquantri.diamundialradio.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainv2.diamundialradio.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainv3.diamundialradio.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainatex.wb270.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainbackup.wb270.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domaindata.wb270.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainddos.wb270.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainmalware.wb270.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainphishing.wb270.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainquantri.wb270.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainv2.wb270.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainv3.wb270.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainatex.silent-frog-4440.hrmcxaeel.workers.dev
AsyncRAT botnet C2 domain (confidence level: 100%)
domainbackup.silent-frog-4440.hrmcxaeel.workers.dev
AsyncRAT botnet C2 domain (confidence level: 100%)
domaindata.silent-frog-4440.hrmcxaeel.workers.dev
AsyncRAT botnet C2 domain (confidence level: 100%)
domainddos.silent-frog-4440.hrmcxaeel.workers.dev
AsyncRAT botnet C2 domain (confidence level: 100%)
domainmalware.silent-frog-4440.hrmcxaeel.workers.dev
AsyncRAT botnet C2 domain (confidence level: 100%)
domainphishing.silent-frog-4440.hrmcxaeel.workers.dev
AsyncRAT botnet C2 domain (confidence level: 100%)
domainquantri.silent-frog-4440.hrmcxaeel.workers.dev
AsyncRAT botnet C2 domain (confidence level: 100%)
domainv2.silent-frog-4440.hrmcxaeel.workers.dev
AsyncRAT botnet C2 domain (confidence level: 100%)
domainv3.silent-frog-4440.hrmcxaeel.workers.dev
AsyncRAT botnet C2 domain (confidence level: 100%)
domaingreatman1290man2349.click
Remcos botnet C2 domain (confidence level: 100%)
domaingreatmen.zip
Remcos botnet C2 domain (confidence level: 100%)
domainmichaelostergaard.garage.dk
StrelaStealer payload delivery domain (confidence level: 100%)
domain6pzdx6w7.vivaldisprite.digital
ClearFake payload delivery domain (confidence level: 100%)
domaino90zx8u6.vivaldisprite.digital
ClearFake payload delivery domain (confidence level: 100%)

Threat ID: 69a383e532ffcdb8a279ce9a

Added to database: 3/1/2026, 12:10:13 AM

Last enriched: 3/1/2026, 12:10:25 AM

Last updated: 3/1/2026, 6:34:24 AM

Views: 9

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Related Threats

Maltrail IOC for 2026-02-28

Medium
MalwareSat Feb 28 2026

ThreatFox IOCs for 2026-02-27

Medium
MalwareSat Feb 28 2026

Maltrail IOC for 2026-02-27

Medium
MalwareFri Feb 27 2026

Fake Fedex Email Delivers Donuts!, (Fri, Feb 27th)

Medium
MalwareFri Feb 27 2026

New Dohdoor malware campaign targets education and health care

Medium
MalwareFri Feb 27 2026

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need more coverage?

Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses