Reconnecting to live updates…
ThreatFox IOCs for 2026-03-02
Severity: mediumType: malware
ThreatFox IOCs for 2026-03-02
AI Analysis
Technical Summary
This entry from the ThreatFox MISP feed dated March 2, 2026, presents a collection of Indicators of Compromise (IOCs) related to malware activity, specifically focusing on OSINT, network activity, and payload delivery. The data does not specify affected software versions or products, indicating it is a general intelligence update rather than a vulnerability tied to a particular system. The absence of known exploits in the wild and lack of patch availability suggest that this is either a newly observed threat or an intelligence gathering effort without active exploitation. The threat level is rated as medium, reflecting moderate concern primarily due to the potential for payload delivery mechanisms that could be leveraged in future attacks. The technical details provided are minimal, with threat level and distribution scores indicating moderate dissemination but limited analysis depth. No concrete indicators such as hashes, IP addresses, or domains are included, which limits actionable defensive measures. The classification under OSINT and network activity implies that the threat intelligence is intended to inform defenders about emerging or ongoing malware campaigns rather than describing a specific zero-day or critical vulnerability. Overall, this threat intelligence update serves as a situational awareness tool for cybersecurity teams to monitor and prepare for potential malware-related network threats.
Potential Impact
The potential impact of this threat is currently limited due to the lack of specific exploit details or active campaigns. However, the involvement of payload delivery and network activity categories suggests that if leveraged, this threat could facilitate malware infections, data exfiltration, or network disruptions. Organizations worldwide could face risks of intrusion attempts or malware deployment if threat actors utilize these IOCs effectively. The absence of patches or mitigations means that defensive measures rely heavily on detection and response capabilities. Without concrete indicators, the ability to preemptively block or contain the threat is reduced, potentially increasing exposure. The medium severity rating indicates a moderate risk level, where successful exploitation could impact confidentiality and integrity but is unlikely to cause widespread availability issues or critical system failures at this stage. The threat intelligence is valuable for enhancing situational awareness and refining network monitoring but does not currently represent an immediate, high-impact threat.
Mitigation Recommendations
Given the nature of this threat intelligence update, organizations should focus on enhancing their detection and monitoring capabilities rather than applying specific patches. Practical recommendations include: 1) Integrate ThreatFox and other OSINT feeds into Security Information and Event Management (SIEM) systems to automate IOC ingestion and alerting. 2) Conduct network traffic analysis to identify unusual payload delivery patterns or suspicious network activity consistent with the threat categories. 3) Employ endpoint detection and response (EDR) tools to monitor for anomalous behavior indicative of malware execution. 4) Maintain up-to-date threat hunting procedures to proactively search for signs of compromise related to emerging malware campaigns. 5) Educate security teams on interpreting OSINT data and correlating it with internal telemetry for timely incident response. 6) Collaborate with information sharing communities to receive updated indicators and contextual intelligence. 7) Implement strict network segmentation and access controls to limit potential lateral movement if a payload delivery attempt succeeds. These measures go beyond generic advice by emphasizing integration of OSINT feeds, proactive threat hunting, and operational readiness to detect and respond to evolving malware threats.
Affected Countries
United States, Germany, United Kingdom, France, Canada, Australia, Japan, South Korea, Netherlands, Sweden
Indicators of Compromise
- domain: 78smp.com
- file: 137.184.215.213
- hash: 8443
- domain: satanc2.top
- url: https://74.0.48.25/
- file: 156.239.225.187
- hash: 44550
- domain: mount-atlas.de
- domain: movetorecover.be
- domain: mradsafety.com
- domain: mrbdl.com
- domain: mrpc.pramnos.net
- domain: ms-landtechnik.com
- domain: msi.marketstockindo.com
- domain: msicpl.com
- domain: vid-crypto-assess.com
- domain: assessiohq.com
- domain: blockassess.com
- domain: blockchainjobassessment.com
- domain: blockchainjobhub.com
- domain: candidateinsightinfo.com
- domain: coinbase-walet.biz
- domain: coinbase-walet.me
- domain: competency-core.com
- domain: devchallengehq.com
- domain: evalassesso.com
- domain: evalswift.com
- domain: quickskill-review.com
- domain: jobinterview360.com
- domain: livehirehub.com
- domain: talenthiring360.com
- domain: quickassessio.com
- domain: quickhire360.com
- domain: quickinterview360.com
- domain: eskillprof.com
- domain: evalvidz.com
- domain: intervwolf.com
- domain: vidcruiterinterview.com
- domain: vidcruitermaster.com
- domain: vidintermaster.com
- domain: skillhiretrack.com
- domain: skillprooflab.com
- domain: talentcheck.pro
- domain: talentsnaptest.com
- domain: talentview360.com
- domain: test-wolf.com
- domain: toptalentassess.com
- domain: ugethired360.com
- domain: vidassess360.com
- domain: vidassesspro.com
- domain: videorecruitpro.com
- domain: vidhirehub.com
- domain: zenspiretech.com
- domain: smartdriverfix.cloud
- domain: webcamdrivers.cloud
- domain: webcamwizard.cloud
- domain: camdriversupport.com
- domain: camera-drive.org
- domain: camtechdrivers.com
- domain: drivercams.cloud
- domain: drive-release.cloud
- domain: web-cam.cloud
- domain: bksrvcs.sbs
- domain: confirmation-reserv.com
- domain: heuenis.direct.quickconnect.to
- file: 31.57.216.44
- hash: 2404
- domain: er0dbme.uk.com
- domain: vgsshop.vn
- domain: intercontinentalphuquoc.vn
- domain: juggle.it.com
- domain: mugsandpuddles.com
- domain: muhancorp.gabia.io
- file: 47.239.240.171
- hash: 6666
- domain: multicanaltvcali.com
- domain: ciatranoler.za.com
- domain: fb88i.dev
- domain: rpv.uk.com
- domain: wifi.eu.com
- domain: logspot.aktuel.cloud
- domain: lomboking.com
- file: 180.76.111.89
- hash: 80
- file: 1.94.186.19
- hash: 8888
- file: 150.241.73.11
- hash: 443
- file: 59.110.166.104
- hash: 4444
- domain: 7lj1il64.grosstable.digital
- domain: 20t2lqnx.grosstable.digital
- domain: bagcare.space
- domain: gunbear.xyz
- domain: birthdaymagic.xyz
- domain: passengerbrake.space
- file: 192.52.242.73
- hash: 4443
- domain: townquiver.xyz
- file: 185.121.235.118
- hash: 443
- file: 77.238.228.60
- hash: 443
- domain: anonymous5334.duckdns.org
- domain: 73bet.app
- domain: km-ok365.site
- file: 104.21.63.144
- hash: 4782
- file: 104.21.63.144
- hash: 6060
- file: 104.21.63.144
- hash: 8080
- file: 172.67.146.169
- hash: 4782
- file: 172.67.146.169
- hash: 6060
- file: 172.67.146.169
- hash: 8080
- domain: imsorrydidhejustsayhislastnameisburgur.vietnamddns.com
- domain: free-represents.gl.at.ply.gg
- url: https://pastebin.com/raw/rq7ymk0w
- file: 176.65.132.10
- hash: 6000
- domain: bootstrap.jqu3ry.cfd
- file: 45.94.31.59
- hash: 443
- domain: 406nf3za.immunizeoot.digital
- domain: wpc99gxs.immunizeoot.digital
- file: 89.106.65.100
- hash: 8001
- domain: sps.cricket-matters.com
- url: https://telegram.me/m0r5hl
- domain: ofegofo.biz
- domain: niggerniggerniggerniggerniggernigger.icu
- file: 91.92.241.10
- hash: 8880
- file: 23.94.99.174
- hash: 8080
- file: 91.92.243.47
- hash: 7004
- file: 23.94.99.174
- hash: 8081
- url: https://steamcommunity.com/profiles/76561198733506974
- url: https://pay.it-bd.com/
- url: https://pay.cardiffphysio.com/
- url: https://hro.it-bd.com/
- url: https://hro.cardiffphysio.com/
- url: https://ctl.it-bd.com/
- url: https://ctl.cardiffphysio.com/
- url: https://bis.jhotpot.com.bd/
- url: https://goo.jhotpot.com.bd/
- url: https://wib.jhotpot.com.bd/
- url: https://sps.jhotpot.com.bd/
- url: https://gtp.jhotpot.com.bd/
- url: https://ctl.jhotpot.com.bd/
- url: https://goo.cricket-matters.com/
- url: https://bis.cricket-matters.com/
- url: https://ttt.cricket-matters.com/
- url: https://wib.cricket-matters.com/
- url: https://sps.cricket-matters.com/
- url: https://gtp.cricket-matters.com/
- url: https://ctl.cricket-matters.com/
- url: https://95.216.251.55/
- url: https://95.217.50.17/
- url: https://74.0.32.131/
- url: https://74.0.32.127/
- url: https://74.0.32.81/
- url: https://46.225.128.252/
- url: https://95.216.251.51/
- url: https://46.225.140.51/
- url: https://74.0.48.26/
- url: https://91.99.21.118/
- url: https://95.217.50.16/
- url: https://138.226.237.195/
- url: https://95.216.251.53/
- url: https://207.180.58.180/
- url: https://77.42.49.74/
- url: https://74.0.48.62/
- url: https://95.216.251.52/
- url: https://65.108.21.223/
- url: https://89.167.51.54/
- url: https://74.0.48.135/
- url: https://74.0.48.55/
- url: https://74.0.48.183/
- url: https://74.0.32.197/
- url: https://74.0.32.233/
- url: https://207.180.58.177/
- url: https://74.0.48.140/
- url: https://138.226.237.185/
- domain: ctl.it-bd.com
- domain: ctl.cardiffphysio.com
- domain: hro.it-bd.com
- domain: hro.cardiffphysio.com
- domain: pay.it-bd.com
- domain: pay.cardiffphysio.com
- domain: bis.jhotpot.com.bd
- domain: goo.jhotpot.com.bd
- domain: wib.jhotpot.com.bd
- domain: sps.jhotpot.com.bd
- domain: gtp.jhotpot.com.bd
- domain: ctl.jhotpot.com.bd
- domain: goo.cricket-matters.com
- domain: bis.cricket-matters.com
- domain: ttt.cricket-matters.com
- domain: wib.cricket-matters.com
- domain: gtp.cricket-matters.com
- domain: ctl.cricket-matters.com
- file: 95.216.251.55
- hash: 443
- file: 95.217.50.17
- hash: 443
- file: 74.0.32.131
- hash: 443
- file: 74.0.32.127
- hash: 443
- file: 74.0.42.183
- hash: 443
- file: 74.0.32.81
- hash: 443
- file: 46.225.128.252
- hash: 443
- file: 95.216.251.51
- hash: 443
- file: 46.225.140.51
- hash: 443
- file: 74.0.48.26
- hash: 443
- file: 91.99.21.118
- hash: 443
- file: 91.99.163.84
- hash: 443
- file: 95.217.50.16
- hash: 443
- file: 138.226.237.195
- hash: 443
- file: 95.216.251.53
- hash: 443
- file: 207.180.58.180
- hash: 443
- file: 77.42.49.74
- hash: 443
- file: 74.0.48.62
- hash: 443
- file: 95.216.251.52
- hash: 443
- file: 65.108.21.223
- hash: 443
- file: 74.0.48.25
- hash: 443
- file: 89.167.51.54
- hash: 443
- file: 74.0.48.135
- hash: 443
- file: 74.0.48.55
- hash: 443
- file: 74.0.48.183
- hash: 443
- file: 74.0.32.197
- hash: 443
- file: 74.0.32.233
- hash: 443
- file: 207.180.58.177
- hash: 443
- file: 74.0.48.140
- hash: 443
- file: 138.226.237.185
- hash: 443
- file: 135.181.117.114
- hash: 443
- file: 45.139.104.209
- hash: 56002
- url: https://6nfk1oop2kry.xszc666.com/
- url: https://j7mki8.b3h5n3c0.work
- file: 104.243.248.63
- hash: 1800
- file: 89.106.65.100
- hash: 5555
- url: https://che.jhotpot.com.bd/
- url: https://che.cricket-matters.com/
- domain: che.jhotpot.com.bd
- domain: che.cricket-matters.com
- domain: www.delmontoyalogisticsllc.com
- domain: www.delmontoyalogisticsllc1.com
- domain: www.delmontoyalogisticsllc2.com
- domain: vudydhue.comedianmental.digital
- domain: dnvigv97.comedianmental.digital
- domain: blyatblyatblyatblyatblyat.icu
- domain: mustbemolly.com
- domain: mutternetz.de
- domain: 55gamee.com
- file: 130.12.181.39
- hash: 2404
- file: 172.245.246.91
- hash: 2404
- file: 82.158.88.101
- hash: 7000
- file: 89.106.65.100
- hash: 8443
- domain: muuseum.tostamaa.ee
- domain: zs5a7k6f.lickunsung.digital
- domain: jxx0qj1x.lickunsung.digital
- domain: merafondeur.com
- domain: dianganadores.duckdns.org
- domain: mwtinting.com
- domain: vdp.uk.com
- file: 47.242.153.43
- hash: 8443
- file: 47.242.153.43
- hash: 443
- file: 89.106.65.100
- hash: 34567
- file: 103.44.90.113
- hash: 46513
- file: 103.39.16.251
- hash: 20411
- file: 103.39.16.245
- hash: 20411
- file: 103.39.16.228
- hash: 20411
- file: 103.39.16.233
- hash: 20411
- file: 103.39.16.249
- hash: 20411
- file: 103.39.16.234
- hash: 20411
- file: 103.39.16.230
- hash: 20411
- file: 103.39.16.225
- hash: 20411
- file: 103.39.16.239
- hash: 20411
- file: 103.39.16.253
- hash: 20411
- file: 23.235.177.9
- hash: 23761
- file: 103.39.16.231
- hash: 20411
- file: 176.191.216.232
- hash: 80
- file: 103.39.16.242
- hash: 20411
- file: 103.39.16.227
- hash: 20411
- file: 103.39.16.254
- hash: 20411
- file: 103.39.16.244
- hash: 20411
- file: 103.39.16.246
- hash: 20411
- file: 103.39.16.240
- hash: 20411
- file: 103.39.16.236
- hash: 20411
- file: 103.39.16.237
- hash: 20411
- file: 103.39.16.248
- hash: 20411
- file: 103.39.16.238
- hash: 20411
- file: 47.107.139.30
- hash: 443
- file: 103.39.16.243
- hash: 20411
- file: 103.39.16.247
- hash: 20411
- file: 103.39.16.229
- hash: 20411
- file: 80.97.160.68
- hash: 3306
- file: 103.39.16.232
- hash: 20411
- file: 103.39.16.235
- hash: 20411
- file: 103.39.16.226
- hash: 20411
- file: 103.39.16.250
- hash: 20411
- file: 43.240.239.254
- hash: 20411
- file: 103.39.16.252
- hash: 20411
- file: 38.175.200.150
- hash: 80
- file: 27.124.21.96
- hash: 443
- file: 93.127.138.239
- hash: 2404
- file: 130.12.181.40
- hash: 2404
- file: 5.101.86.24
- hash: 2428
- file: 172.94.100.226
- hash: 29811
- file: 185.221.215.196
- hash: 2404
- file: 5.101.86.53
- hash: 2428
- file: 149.50.96.57
- hash: 8080
- file: 163.172.39.176
- hash: 80
- file: 143.198.186.90
- hash: 38656
- file: 91.84.123.250
- hash: 9000
- file: 31.59.139.31
- hash: 9000
- domain: www.nfokam9i.shop
- domain: www.pvoiv6vk.shop
- domain: www.uchvqxc8.shop
- domain: www.o8w9i1r0.shop
- domain: www.yw4ufrqo.shop
- domain: www.qqpw0z0r.shop
- domain: www.w62le3kb.shop
- domain: www.unokb9vc.shop
- domain: www.ysrmrhon.shop
- domain: www.pyjdhaie.shop
- domain: www.i7nf86tz.shop
- domain: www.qplzc7af.shop
- domain: www.u31jq3of.shop
- domain: www.lepx7nf8.shop
- domain: www.lqakk1dg.shop
- domain: www.mlicguwa.shop
- file: 45.139.104.161
- hash: 4782
- file: 62.60.226.168
- hash: 2222
- file: 94.181.229.245
- hash: 4782
- file: 187.124.1.63
- hash: 8443
- file: 65.0.58.184
- hash: 80
- file: 171.236.84.112
- hash: 443
- file: 113.192.61.4
- hash: 4449
- file: 50.114.206.110
- hash: 10134
- file: 130.51.23.168
- hash: 25565
- file: 88.210.13.112
- hash: 25565
- file: 93.198.178.134
- hash: 82
- file: 64.225.123.12
- hash: 7443
- file: 45.38.42.197
- hash: 81
- file: 37.119.171.241
- hash: 443
- file: 80.71.224.166
- hash: 80
- file: 94.154.32.153
- hash: 80
- file: 45.76.48.155
- hash: 4321
- file: 168.245.203.38
- hash: 3790
- file: 168.245.203.76
- hash: 3790
- file: 103.177.46.19
- hash: 3790
- file: 51.17.22.44
- hash: 790
- file: 95.40.107.121
- hash: 4679
- file: 35.178.68.216
- hash: 950
- file: 35.178.68.216
- hash: 7000
- file: 35.178.68.216
- hash: 11000
- file: 35.178.68.216
- hash: 18100
- file: 58.244.40.227
- hash: 10001
- file: 5.189.189.14
- hash: 4444
- file: 103.54.153.177
- hash: 60195
- file: 107.175.206.36
- hash: 8866
- url: http://107.175.206.36:8866/1ewp
- domain: rapidfilevault1.homes
- domain: rapidfilevault2.homes
- domain: rapidfilevault3.homes
- domain: rapidfilevault4.homes
- domain: rapidfilevault5.homes
- domain: s4xq03z7.slobodaspang.digital
- domain: ej41ykw1.slobodaspang.digital
- domain: saramoftah.com
- domain: amowdwt.cyou
- file: 187.124.6.129
- hash: 443
- file: 62.164.177.230
- hash: 443
- file: 23.163.0.24
- hash: 443
- domain: qnxzzwihawagrarx.globalgforce.com
- file: 89.106.65.100
- hash: 9034
- url: https://74.0.32.234/
- url: https://74.0.32.129/
- domain: zgrmktug.judaspapal.digital
- domain: h977pm9s.judaspapal.digital
- domain: reviewloading.t3.storage.dev
- domain: customblindinstall.com
- domain: berlinphysiotherapie.com
- domain: arayapps.cl
- domain: catalogocanjefideliza.amsd.cl
- domain: ceymox.xyz
- domain: coveney-ltd.com
- domain: mail.castlefordlocksmiths.co.uk
- domain: mail.fundacion-primavera.org
- domain: mcash.trumpcode.com
- domain: mail.kalantarilaw.com
- domain: sos-ch-gva-2.exo.io
- domain: walwood.be
- domain: inheritance-claims-portal-32792.com
- domain: goansgsr.shop
- domain: verify-slack.com
- domain: socheaphost.com
- domain: dblanka.com
- domain: digiskillzz.com
- domain: gatepass-corp.com
- domain: binadata.com
- domain: admin.ilygold.com
- domain: asgwellness.korrakang.com
- domain: demo14.netbazaarbd.com
- domain: ddledu.dev.sugaweb.com
- domain: celik.bewapps.com
- domain: goldnews24h.com.yemint.com
- domain: funpasta.webdevlink.com
- domain: willlog7.com
- domain: wehouse.au
- domain: tenabl.io
- domain: visa.ourdubaitravel.com
- domain: sales.activemedicaresolutions.com
- domain: nouralhalaby.com
- domain: newsite.jacquiejordan.com
- domain: mail.diskopumkm-minahasa.my.id
- domain: mail.istar-vip.com
- domain: securelearn.co
- domain: senioryuyu.com
- domain: wurk.africa
- domain: mail.panorama-g.com
- domain: mail.domonova.co.ao
- domain: 3iss-online.3iss-online.com.br
- domain: 99idesign.com
- domain: aksafil.ru
- domain: africaexports.click
- domain: cavallotech.de.businessecontact.com
- domain: cammy-freelance.com
- domain: cpcontacts.centrocirugiaplastica.com
- domain: edgenroots.net
- domain: gia5.ru
- domain: hitokara-kishin.com
- domain: horodniany.pl
- domain: lafabri-k.com
- domain: mail.e1staffingandrecruiting.com
- domain: mail.mamahdannirwana.com
- domain: kinugort.ru
- domain: mebelinki.ru
- domain: wp.retirevillage.com
- domain: saboresdomalte.com.br
- domain: zoolatours.com
- domain: zestsolar.pt
- domain: viraghagymafesztival.hu
- domain: videoo.fit
- domain: toyama-housenavi.net
- domain: toolspro.su
- domain: traqc.net
- domain: sleeve.diamantflex.com
- domain: ragdoll-blog.online
- domain: edition-daily.sa.com
- domain: au88.gr.com
- domain: au88.jp.net
- domain: auif.sa.com
- domain: ausieslots.za.com
- domain: emfoot.sa.com
- domain: mystery.co.com
- domain: uit.co.com
- domain: usk.co.com
- domain: fm.radio.fm
- domain: icbd.co.com
- domain: katana.jp.net
- domain: libell.jp.net
- domain: xbqj.sa.com
- domain: teensuicide-48670.portmap.host
- file: 94.154.32.18
- hash: 8383
- domain: unease-liens.with.playit.plus
- url: https://achandograca.com/7f4d.js
- domain: achandograca.com
- url: https://achandograca.com/js.php
- domain: gamepinxjzr.com
- url: https://gamepinxjzr.com/data.php
- url: https://gamepinxjzr.com/data.zip
- url: https://gamepinxjzr.com/test.php
- url: https://gamepinxjzr.com/configpack.zip
- url: https://gamepinxjzr.com/helpu.php
- url: https://gamepinxjzr.com/server.php
- file: 104.243.248.63
- hash: 1801
- file: 89.106.65.100
- hash: 8080
- domain: montefer.com
- domain: lpmdiseno.com
- file: 8.162.1.240
- hash: 10086
- file: 47.84.31.220
- hash: 443
- file: 91.202.233.57
- hash: 9000
- file: 16.112.189.111
- hash: 56020
- url: https://bst.jhotpot.com.bd/
- url: https://bst.cricket-matters.com/
- domain: bst.jhotpot.com.bd
- domain: bst.cricket-matters.com
- domain: c1js1obl.eighteenshuga.digital
- domain: njpv91f5.eighteenshuga.digital
- domain: ltnworld.com
- file: 116.203.167.195
- hash: 443
- file: 91.211.251.249
- hash: 443
- domain: av-srvcn.com
- domain: bozorki.com
- domain: homokiddo.com
- domain: mndtrprcs.com
- domain: nokolers.com
- domain: okolosedal.com
- domain: rentalcentrals.com
- domain: srvcmandatory.com
- domain: srvc-av.com
- domain: hotelsyscheck.com
- domain: mandatoryhotel.com
- domain: localsrvcs.com
- domain: hotelupdatesys.com
- domain: channelmanagerpms.com
- domain: hotelservicemonitor.com
- domain: hotelcncts.com
- domain: srvc-mcrst.com
- domain: chrm-srv.com
- domain: ms-scedg.com
- domain: bookstablesoon.com
- domain: stayonbokablesol.com
- domain: jakkakaskakasj.com
- domain: asjkfalasfkaksflalaf.com
- domain: boksopable.com
- domain: bukpuka.com
- domain: jasjdpoekkqwda.com
- domain: jaskfakfafasjfafkasfkakfaasw.com
- domain: t4305hzn.gastronsyriansky.digital
- domain: ni3h0x2y.gastronsyriansky.digital
- domain: lucia-stone.com
- domain: luciannethais.com
- domain: ninja-browser.it.com
- domain: isc.it.com
- domain: qik.it.com
- domain: pragmaticplay.it.com
- domain: establishment.uk.com
- domain: jhv.uk.com
- domain: healthmatters.eu.com
- domain: 02070op.uk.com
- domain: itu.us.com
- domain: tr88.br.com
- domain: npa.uk.com
- domain: sg1.localto.net
- file: 140.245.10.127
- hash: 7727
- domain: brasserieontarioaube.com
- domain: lujanyleon.graficaleon.com
- domain: lukasbartos.cz
- domain: lumdokolola.nicolasalliot.com
- domain: lummondo.com
- domain: lunamedios.com.ar
- file: 43.134.52.221
- hash: 22443
- file: 147.45.69.34
- hash: 4443
- file: 15.216.14.131
- hash: 43
- file: 23.26.129.38
- hash: 24045
- domain: lunkenbuilding.com
- domain: lux-improvement.nl
- domain: lvrehc.com
- domain: lydianpayments.com
- domain: lynn.nutmeg.com.au
- domain: lynne.windley.org
- domain: luxcocinas.com
- file: 154.92.16.22
- hash: 22311
- domain: atex.xoilaczhx.tv
- domain: backup.xoilaczhx.tv
- domain: data.xoilaczhx.tv
- domain: ddos.xoilaczhx.tv
- domain: malware.xoilaczhx.tv
- domain: phishing.xoilaczhx.tv
- domain: quantri.xoilaczhx.tv
- domain: v2.xoilaczhx.tv
- domain: v3.xoilaczhx.tv
- domain: atex.barefootblonde.com
- domain: backup.barefootblonde.com
- domain: data.barefootblonde.com
- domain: ddos.barefootblonde.com
- domain: malware.barefootblonde.com
- domain: phishing.barefootblonde.com
- domain: quantri.barefootblonde.com
- domain: v2.barefootblonde.com
- domain: v3.barefootblonde.com
- domain: atex.xoilacztx.tv
- domain: backup.xoilacztx.tv
- domain: data.xoilacztx.tv
- domain: ddos.xoilacztx.tv
- domain: malware.xoilacztx.tv
- domain: phishing.xoilacztx.tv
- domain: quantri.xoilacztx.tv
- domain: v2.xoilacztx.tv
- domain: v3.xoilacztx.tv
- domain: atex.gmo-compass.org
- domain: backup.gmo-compass.org
- domain: data.gmo-compass.org
- domain: ddos.gmo-compass.org
- domain: malware.gmo-compass.org
- domain: phishing.gmo-compass.org
- domain: quantri.gmo-compass.org
- domain: v2.gmo-compass.org
- domain: v3.gmo-compass.org
- file: 46.183.218.150
- hash: 42830
- domain: lwgconsulting.net
ThreatFox IOCs for 2026-03-02
0
MediumPublished: Mon Mar 02 2026 (03/02/2026, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2026-03-02
AI-Powered Analysis
AILast updated: 03/03/2026, 00:17:36 UTC
Technical Analysis
This entry from the ThreatFox MISP feed dated March 2, 2026, presents a collection of Indicators of Compromise (IOCs) related to malware activity, specifically focusing on OSINT, network activity, and payload delivery. The data does not specify affected software versions or products, indicating it is a general intelligence update rather than a vulnerability tied to a particular system. The absence of known exploits in the wild and lack of patch availability suggest that this is either a newly observed threat or an intelligence gathering effort without active exploitation. The threat level is rated as medium, reflecting moderate concern primarily due to the potential for payload delivery mechanisms that could be leveraged in future attacks. The technical details provided are minimal, with threat level and distribution scores indicating moderate dissemination but limited analysis depth. No concrete indicators such as hashes, IP addresses, or domains are included, which limits actionable defensive measures. The classification under OSINT and network activity implies that the threat intelligence is intended to inform defenders about emerging or ongoing malware campaigns rather than describing a specific zero-day or critical vulnerability. Overall, this threat intelligence update serves as a situational awareness tool for cybersecurity teams to monitor and prepare for potential malware-related network threats.
Potential Impact
The potential impact of this threat is currently limited due to the lack of specific exploit details or active campaigns. However, the involvement of payload delivery and network activity categories suggests that if leveraged, this threat could facilitate malware infections, data exfiltration, or network disruptions. Organizations worldwide could face risks of intrusion attempts or malware deployment if threat actors utilize these IOCs effectively. The absence of patches or mitigations means that defensive measures rely heavily on detection and response capabilities. Without concrete indicators, the ability to preemptively block or contain the threat is reduced, potentially increasing exposure. The medium severity rating indicates a moderate risk level, where successful exploitation could impact confidentiality and integrity but is unlikely to cause widespread availability issues or critical system failures at this stage. The threat intelligence is valuable for enhancing situational awareness and refining network monitoring but does not currently represent an immediate, high-impact threat.
Mitigation Recommendations
Given the nature of this threat intelligence update, organizations should focus on enhancing their detection and monitoring capabilities rather than applying specific patches. Practical recommendations include: 1) Integrate ThreatFox and other OSINT feeds into Security Information and Event Management (SIEM) systems to automate IOC ingestion and alerting. 2) Conduct network traffic analysis to identify unusual payload delivery patterns or suspicious network activity consistent with the threat categories. 3) Employ endpoint detection and response (EDR) tools to monitor for anomalous behavior indicative of malware execution. 4) Maintain up-to-date threat hunting procedures to proactively search for signs of compromise related to emerging malware campaigns. 5) Educate security teams on interpreting OSINT data and correlating it with internal telemetry for timely incident response. 6) Collaborate with information sharing communities to receive updated indicators and contextual intelligence. 7) Implement strict network segmentation and access controls to limit potential lateral movement if a payload delivery attempt succeeds. These measures go beyond generic advice by emphasizing integration of OSINT feeds, proactive threat hunting, and operational readiness to detect and respond to evolving malware threats.
Need more detailed analysis?Upgrade to Pro Console
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 96705117-0818-4d04-9b1f-38512216c94b
- Original Timestamp
- 1772496186
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domain78smp.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainsatanc2.top | Mirai botnet C2 domain (confidence level: 50%) | |
domainmount-atlas.de | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmovetorecover.be | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmradsafety.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmrbdl.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmrpc.pramnos.net | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainms-landtechnik.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmsi.marketstockindo.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmsicpl.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainvid-crypto-assess.com | ClearFake botnet C2 domain (confidence level: 75%) | |
domainassessiohq.com | ClearFake botnet C2 domain (confidence level: 75%) | |
domainblockassess.com | ClearFake botnet C2 domain (confidence level: 75%) | |
domainblockchainjobassessment.com | ClearFake botnet C2 domain (confidence level: 75%) | |
domainblockchainjobhub.com | ClearFake botnet C2 domain (confidence level: 75%) | |
domaincandidateinsightinfo.com | ClearFake botnet C2 domain (confidence level: 75%) | |
domaincoinbase-walet.biz | ClearFake botnet C2 domain (confidence level: 75%) | |
domaincoinbase-walet.me | ClearFake botnet C2 domain (confidence level: 75%) | |
domaincompetency-core.com | ClearFake botnet C2 domain (confidence level: 75%) | |
domaindevchallengehq.com | ClearFake botnet C2 domain (confidence level: 75%) | |
domainevalassesso.com | ClearFake botnet C2 domain (confidence level: 75%) | |
domainevalswift.com | ClearFake botnet C2 domain (confidence level: 75%) | |
domainquickskill-review.com | ClearFake botnet C2 domain (confidence level: 75%) | |
domainjobinterview360.com | ClearFake botnet C2 domain (confidence level: 75%) | |
domainlivehirehub.com | ClearFake botnet C2 domain (confidence level: 75%) | |
domaintalenthiring360.com | ClearFake botnet C2 domain (confidence level: 75%) | |
domainquickassessio.com | ClearFake botnet C2 domain (confidence level: 75%) | |
domainquickhire360.com | ClearFake botnet C2 domain (confidence level: 75%) | |
domainquickinterview360.com | ClearFake botnet C2 domain (confidence level: 75%) | |
domaineskillprof.com | ClearFake botnet C2 domain (confidence level: 75%) | |
domainevalvidz.com | ClearFake botnet C2 domain (confidence level: 75%) | |
domainintervwolf.com | ClearFake botnet C2 domain (confidence level: 75%) | |
domainvidcruiterinterview.com | ClearFake botnet C2 domain (confidence level: 75%) | |
domainvidcruitermaster.com | ClearFake botnet C2 domain (confidence level: 75%) | |
domainvidintermaster.com | ClearFake botnet C2 domain (confidence level: 75%) | |
domainskillhiretrack.com | ClearFake botnet C2 domain (confidence level: 75%) | |
domainskillprooflab.com | ClearFake botnet C2 domain (confidence level: 75%) | |
domaintalentcheck.pro | ClearFake botnet C2 domain (confidence level: 75%) | |
domaintalentsnaptest.com | ClearFake botnet C2 domain (confidence level: 75%) | |
domaintalentview360.com | ClearFake botnet C2 domain (confidence level: 75%) | |
domaintest-wolf.com | ClearFake botnet C2 domain (confidence level: 75%) | |
domaintoptalentassess.com | ClearFake botnet C2 domain (confidence level: 75%) | |
domainugethired360.com | ClearFake botnet C2 domain (confidence level: 75%) | |
domainvidassess360.com | ClearFake botnet C2 domain (confidence level: 75%) | |
domainvidassesspro.com | ClearFake botnet C2 domain (confidence level: 75%) | |
domainvideorecruitpro.com | ClearFake botnet C2 domain (confidence level: 75%) | |
domainvidhirehub.com | ClearFake botnet C2 domain (confidence level: 75%) | |
domainzenspiretech.com | ClearFake botnet C2 domain (confidence level: 75%) | |
domainsmartdriverfix.cloud | ClearFake botnet C2 domain (confidence level: 75%) | |
domainwebcamdrivers.cloud | ClearFake botnet C2 domain (confidence level: 75%) | |
domainwebcamwizard.cloud | ClearFake botnet C2 domain (confidence level: 75%) | |
domaincamdriversupport.com | ClearFake botnet C2 domain (confidence level: 75%) | |
domaincamera-drive.org | ClearFake botnet C2 domain (confidence level: 75%) | |
domaincamtechdrivers.com | ClearFake botnet C2 domain (confidence level: 75%) | |
domaindrivercams.cloud | ClearFake botnet C2 domain (confidence level: 75%) | |
domaindrive-release.cloud | ClearFake botnet C2 domain (confidence level: 75%) | |
domainweb-cam.cloud | ClearFake botnet C2 domain (confidence level: 75%) | |
domainbksrvcs.sbs | ClearFake botnet C2 domain (confidence level: 100%) | |
domainconfirmation-reserv.com | ClearFake botnet C2 domain (confidence level: 100%) | |
domainheuenis.direct.quickconnect.to | ClearFake botnet C2 domain (confidence level: 100%) | |
domainer0dbme.uk.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainvgsshop.vn | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainintercontinentalphuquoc.vn | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainjuggle.it.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainmugsandpuddles.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmuhancorp.gabia.io | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmulticanaltvcali.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainciatranoler.za.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainfb88i.dev | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainrpv.uk.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainwifi.eu.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainlogspot.aktuel.cloud | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainlomboking.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domain7lj1il64.grosstable.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domain20t2lqnx.grosstable.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domainbagcare.space | Unknown Loader botnet C2 domain (confidence level: 100%) | |
domaingunbear.xyz | Unknown Loader botnet C2 domain (confidence level: 100%) | |
domainbirthdaymagic.xyz | Unknown Loader botnet C2 domain (confidence level: 100%) | |
domainpassengerbrake.space | Unknown Loader botnet C2 domain (confidence level: 100%) | |
domaintownquiver.xyz | Unknown Loader botnet C2 domain (confidence level: 100%) | |
domainanonymous5334.duckdns.org | DarkComet botnet C2 domain (confidence level: 50%) | |
domain73bet.app | DCRat botnet C2 domain (confidence level: 50%) | |
domainkm-ok365.site | DCRat botnet C2 domain (confidence level: 50%) | |
domainimsorrydidhejustsayhislastnameisburgur.vietnamddns.com | Mirai botnet C2 domain (confidence level: 50%) | |
domainfree-represents.gl.at.ply.gg | NjRAT botnet C2 domain (confidence level: 50%) | |
domainbootstrap.jqu3ry.cfd | AdaptixC2 botnet C2 domain (confidence level: 100%) | |
domain406nf3za.immunizeoot.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domainwpc99gxs.immunizeoot.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domainsps.cricket-matters.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainofegofo.biz | Unknown malware botnet C2 domain (confidence level: 50%) | |
domainniggerniggerniggerniggerniggernigger.icu | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainctl.it-bd.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainctl.cardiffphysio.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainhro.it-bd.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainhro.cardiffphysio.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainpay.it-bd.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainpay.cardiffphysio.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainbis.jhotpot.com.bd | Vidar botnet C2 domain (confidence level: 100%) | |
domaingoo.jhotpot.com.bd | Vidar botnet C2 domain (confidence level: 100%) | |
domainwib.jhotpot.com.bd | Vidar botnet C2 domain (confidence level: 100%) | |
domainsps.jhotpot.com.bd | Vidar botnet C2 domain (confidence level: 100%) | |
domaingtp.jhotpot.com.bd | Vidar botnet C2 domain (confidence level: 100%) | |
domainctl.jhotpot.com.bd | Vidar botnet C2 domain (confidence level: 100%) | |
domaingoo.cricket-matters.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainbis.cricket-matters.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainttt.cricket-matters.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainwib.cricket-matters.com | Vidar botnet C2 domain (confidence level: 100%) | |
domaingtp.cricket-matters.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainctl.cricket-matters.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainche.jhotpot.com.bd | Vidar botnet C2 domain (confidence level: 100%) | |
domainche.cricket-matters.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainwww.delmontoyalogisticsllc.com | Remcos botnet C2 domain (confidence level: 75%) | |
domainwww.delmontoyalogisticsllc1.com | Remcos botnet C2 domain (confidence level: 75%) | |
domainwww.delmontoyalogisticsllc2.com | Remcos botnet C2 domain (confidence level: 75%) | |
domainvudydhue.comedianmental.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domaindnvigv97.comedianmental.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domainblyatblyatblyatblyatblyat.icu | SantaStealer botnet C2 domain (confidence level: 100%) | |
domainmustbemolly.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainmutternetz.de | StrelaStealer payload delivery domain (confidence level: 100%) | |
domain55gamee.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainmuuseum.tostamaa.ee | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainzs5a7k6f.lickunsung.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domainjxx0qj1x.lickunsung.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domainmerafondeur.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domaindianganadores.duckdns.org | XWorm botnet C2 domain (confidence level: 75%) | |
domainmwtinting.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainvdp.uk.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainwww.nfokam9i.shop | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainwww.pvoiv6vk.shop | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainwww.uchvqxc8.shop | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainwww.o8w9i1r0.shop | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainwww.yw4ufrqo.shop | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainwww.qqpw0z0r.shop | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainwww.w62le3kb.shop | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainwww.unokb9vc.shop | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainwww.ysrmrhon.shop | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainwww.pyjdhaie.shop | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainwww.i7nf86tz.shop | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainwww.qplzc7af.shop | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainwww.u31jq3of.shop | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainwww.lepx7nf8.shop | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainwww.lqakk1dg.shop | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainwww.mlicguwa.shop | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainrapidfilevault1.homes | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainrapidfilevault2.homes | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainrapidfilevault3.homes | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainrapidfilevault4.homes | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainrapidfilevault5.homes | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domains4xq03z7.slobodaspang.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domainej41ykw1.slobodaspang.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domainsaramoftah.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainamowdwt.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainqnxzzwihawagrarx.globalgforce.com | AdaptixC2 botnet C2 domain (confidence level: 100%) | |
domainzgrmktug.judaspapal.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domainh977pm9s.judaspapal.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domainreviewloading.t3.storage.dev | IClickFix botnet C2 domain (confidence level: 75%) | |
domaincustomblindinstall.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainberlinphysiotherapie.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainarayapps.cl | IClickFix botnet C2 domain (confidence level: 75%) | |
domaincatalogocanjefideliza.amsd.cl | IClickFix botnet C2 domain (confidence level: 75%) | |
domainceymox.xyz | IClickFix botnet C2 domain (confidence level: 75%) | |
domaincoveney-ltd.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainmail.castlefordlocksmiths.co.uk | IClickFix botnet C2 domain (confidence level: 75%) | |
domainmail.fundacion-primavera.org | IClickFix botnet C2 domain (confidence level: 75%) | |
domainmcash.trumpcode.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainmail.kalantarilaw.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainsos-ch-gva-2.exo.io | IClickFix botnet C2 domain (confidence level: 75%) | |
domainwalwood.be | IClickFix botnet C2 domain (confidence level: 75%) | |
domaininheritance-claims-portal-32792.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaingoansgsr.shop | IClickFix botnet C2 domain (confidence level: 75%) | |
domainverify-slack.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainsocheaphost.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaindblanka.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaindigiskillzz.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaingatepass-corp.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainbinadata.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainadmin.ilygold.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainasgwellness.korrakang.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaindemo14.netbazaarbd.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainddledu.dev.sugaweb.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaincelik.bewapps.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaingoldnews24h.com.yemint.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainfunpasta.webdevlink.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainwilllog7.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainwehouse.au | IClickFix botnet C2 domain (confidence level: 75%) | |
domaintenabl.io | IClickFix botnet C2 domain (confidence level: 75%) | |
domainvisa.ourdubaitravel.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainsales.activemedicaresolutions.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainnouralhalaby.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainnewsite.jacquiejordan.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainmail.diskopumkm-minahasa.my.id | IClickFix botnet C2 domain (confidence level: 75%) | |
domainmail.istar-vip.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainsecurelearn.co | IClickFix botnet C2 domain (confidence level: 75%) | |
domainsenioryuyu.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainwurk.africa | IClickFix botnet C2 domain (confidence level: 75%) | |
domainmail.panorama-g.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainmail.domonova.co.ao | IClickFix botnet C2 domain (confidence level: 75%) | |
domain3iss-online.3iss-online.com.br | IClickFix botnet C2 domain (confidence level: 75%) | |
domain99idesign.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainaksafil.ru | IClickFix botnet C2 domain (confidence level: 75%) | |
domainafricaexports.click | IClickFix botnet C2 domain (confidence level: 75%) | |
domaincavallotech.de.businessecontact.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaincammy-freelance.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domaincpcontacts.centrocirugiaplastica.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainedgenroots.net | IClickFix botnet C2 domain (confidence level: 75%) | |
domaingia5.ru | IClickFix botnet C2 domain (confidence level: 75%) | |
domainhitokara-kishin.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainhorodniany.pl | IClickFix botnet C2 domain (confidence level: 75%) | |
domainlafabri-k.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainmail.e1staffingandrecruiting.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainmail.mamahdannirwana.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainkinugort.ru | IClickFix botnet C2 domain (confidence level: 75%) | |
domainmebelinki.ru | IClickFix botnet C2 domain (confidence level: 75%) | |
domainwp.retirevillage.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainsaboresdomalte.com.br | IClickFix botnet C2 domain (confidence level: 75%) | |
domainzoolatours.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainzestsolar.pt | IClickFix botnet C2 domain (confidence level: 75%) | |
domainviraghagymafesztival.hu | IClickFix botnet C2 domain (confidence level: 75%) | |
domainvideoo.fit | IClickFix botnet C2 domain (confidence level: 75%) | |
domaintoyama-housenavi.net | IClickFix botnet C2 domain (confidence level: 75%) | |
domaintoolspro.su | IClickFix botnet C2 domain (confidence level: 75%) | |
domaintraqc.net | IClickFix botnet C2 domain (confidence level: 75%) | |
domainsleeve.diamantflex.com | IClickFix botnet C2 domain (confidence level: 75%) | |
domainragdoll-blog.online | IClickFix botnet C2 domain (confidence level: 75%) | |
domainedition-daily.sa.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainau88.gr.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainau88.jp.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainauif.sa.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainausieslots.za.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainemfoot.sa.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainmystery.co.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainuit.co.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainusk.co.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainfm.radio.fm | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainicbd.co.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainkatana.jp.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainlibell.jp.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainxbqj.sa.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainteensuicide-48670.portmap.host | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainunease-liens.with.playit.plus | XWorm botnet C2 domain (confidence level: 100%) | |
domainachandograca.com | KongTuke payload delivery domain (confidence level: 100%) | |
domaingamepinxjzr.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainmontefer.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainlpmdiseno.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainbst.jhotpot.com.bd | Vidar botnet C2 domain (confidence level: 100%) | |
domainbst.cricket-matters.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainc1js1obl.eighteenshuga.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domainnjpv91f5.eighteenshuga.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domainltnworld.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainav-srvcn.com | NetSupportManager RAT botnet C2 domain (confidence level: 100%) | |
domainbozorki.com | NetSupportManager RAT botnet C2 domain (confidence level: 100%) | |
domainhomokiddo.com | NetSupportManager RAT botnet C2 domain (confidence level: 100%) | |
domainmndtrprcs.com | NetSupportManager RAT botnet C2 domain (confidence level: 100%) | |
domainnokolers.com | NetSupportManager RAT botnet C2 domain (confidence level: 100%) | |
domainokolosedal.com | NetSupportManager RAT botnet C2 domain (confidence level: 100%) | |
domainrentalcentrals.com | NetSupportManager RAT botnet C2 domain (confidence level: 100%) | |
domainsrvcmandatory.com | NetSupportManager RAT botnet C2 domain (confidence level: 100%) | |
domainsrvc-av.com | NetSupportManager RAT botnet C2 domain (confidence level: 100%) | |
domainhotelsyscheck.com | NetSupportManager RAT botnet C2 domain (confidence level: 100%) | |
domainmandatoryhotel.com | NetSupportManager RAT botnet C2 domain (confidence level: 100%) | |
domainlocalsrvcs.com | NetSupportManager RAT botnet C2 domain (confidence level: 100%) | |
domainhotelupdatesys.com | NetSupportManager RAT botnet C2 domain (confidence level: 100%) | |
domainchannelmanagerpms.com | NetSupportManager RAT botnet C2 domain (confidence level: 100%) | |
domainhotelservicemonitor.com | NetSupportManager RAT botnet C2 domain (confidence level: 100%) | |
domainhotelcncts.com | NetSupportManager RAT botnet C2 domain (confidence level: 100%) | |
domainsrvc-mcrst.com | NetSupportManager RAT botnet C2 domain (confidence level: 100%) | |
domainchrm-srv.com | NetSupportManager RAT botnet C2 domain (confidence level: 100%) | |
domainms-scedg.com | NetSupportManager RAT botnet C2 domain (confidence level: 100%) | |
domainbookstablesoon.com | NetSupportManager RAT botnet C2 domain (confidence level: 100%) | |
domainstayonbokablesol.com | NetSupportManager RAT botnet C2 domain (confidence level: 100%) | |
domainjakkakaskakasj.com | NetSupportManager RAT botnet C2 domain (confidence level: 100%) | |
domainasjkfalasfkaksflalaf.com | NetSupportManager RAT botnet C2 domain (confidence level: 100%) | |
domainboksopable.com | NetSupportManager RAT botnet C2 domain (confidence level: 100%) | |
domainbukpuka.com | NetSupportManager RAT botnet C2 domain (confidence level: 100%) | |
domainjasjdpoekkqwda.com | NetSupportManager RAT botnet C2 domain (confidence level: 100%) | |
domainjaskfakfafasjfafkasfkakfaasw.com | NetSupportManager RAT botnet C2 domain (confidence level: 100%) | |
domaint4305hzn.gastronsyriansky.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domainni3h0x2y.gastronsyriansky.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domainlucia-stone.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainluciannethais.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainninja-browser.it.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainisc.it.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainqik.it.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainpragmaticplay.it.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainestablishment.uk.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainjhv.uk.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainhealthmatters.eu.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domain02070op.uk.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainitu.us.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaintr88.br.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainnpa.uk.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainsg1.localto.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainbrasserieontarioaube.com | DeerStealer botnet C2 domain (confidence level: 100%) | |
domainlujanyleon.graficaleon.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainlukasbartos.cz | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainlumdokolola.nicolasalliot.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainlummondo.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainlunamedios.com.ar | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainlunkenbuilding.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainlux-improvement.nl | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainlvrehc.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainlydianpayments.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainlynn.nutmeg.com.au | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainlynne.windley.org | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainluxcocinas.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainatex.xoilaczhx.tv | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainbackup.xoilaczhx.tv | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaindata.xoilaczhx.tv | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainddos.xoilaczhx.tv | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainmalware.xoilaczhx.tv | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainphishing.xoilaczhx.tv | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainquantri.xoilaczhx.tv | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainv2.xoilaczhx.tv | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainv3.xoilaczhx.tv | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainatex.barefootblonde.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainbackup.barefootblonde.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaindata.barefootblonde.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainddos.barefootblonde.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainmalware.barefootblonde.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainphishing.barefootblonde.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainquantri.barefootblonde.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainv2.barefootblonde.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainv3.barefootblonde.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainatex.xoilacztx.tv | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainbackup.xoilacztx.tv | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaindata.xoilacztx.tv | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainddos.xoilacztx.tv | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainmalware.xoilacztx.tv | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainphishing.xoilacztx.tv | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainquantri.xoilacztx.tv | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainv2.xoilacztx.tv | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainv3.xoilacztx.tv | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainatex.gmo-compass.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainbackup.gmo-compass.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaindata.gmo-compass.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainddos.gmo-compass.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainmalware.gmo-compass.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainphishing.gmo-compass.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainquantri.gmo-compass.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainv2.gmo-compass.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainv3.gmo-compass.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainlwgconsulting.net | StrelaStealer payload delivery domain (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file137.184.215.213 | Aisuru botnet C2 server (confidence level: 100%) | |
file156.239.225.187 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file31.57.216.44 | Remcos botnet C2 server (confidence level: 100%) | |
file47.239.240.171 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file180.76.111.89 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file1.94.186.19 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file150.241.73.11 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file59.110.166.104 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file192.52.242.73 | Unknown malware botnet C2 server (confidence level: 75%) | |
file185.121.235.118 | Amatera botnet C2 server (confidence level: 75%) | |
file77.238.228.60 | Amatera botnet C2 server (confidence level: 75%) | |
file104.21.63.144 | DCRat botnet C2 server (confidence level: 50%) | |
file104.21.63.144 | DCRat botnet C2 server (confidence level: 50%) | |
file104.21.63.144 | DCRat botnet C2 server (confidence level: 50%) | |
file172.67.146.169 | DCRat botnet C2 server (confidence level: 50%) | |
file172.67.146.169 | DCRat botnet C2 server (confidence level: 50%) | |
file172.67.146.169 | DCRat botnet C2 server (confidence level: 50%) | |
file176.65.132.10 | XWorm botnet C2 server (confidence level: 50%) | |
file45.94.31.59 | Unknown RAT botnet C2 server (confidence level: 75%) | |
file89.106.65.100 | Aisuru botnet C2 server (confidence level: 100%) | |
file91.92.241.10 | Unknown malware botnet C2 server (confidence level: 75%) | |
file23.94.99.174 | Unknown malware botnet C2 server (confidence level: 75%) | |
file91.92.243.47 | Unknown malware botnet C2 server (confidence level: 75%) | |
file23.94.99.174 | Unknown malware botnet C2 server (confidence level: 75%) | |
file95.216.251.55 | Vidar botnet C2 server (confidence level: 100%) | |
file95.217.50.17 | Vidar botnet C2 server (confidence level: 100%) | |
file74.0.32.131 | Vidar botnet C2 server (confidence level: 100%) | |
file74.0.32.127 | Vidar botnet C2 server (confidence level: 100%) | |
file74.0.42.183 | Vidar botnet C2 server (confidence level: 100%) | |
file74.0.32.81 | Vidar botnet C2 server (confidence level: 100%) | |
file46.225.128.252 | Vidar botnet C2 server (confidence level: 100%) | |
file95.216.251.51 | Vidar botnet C2 server (confidence level: 100%) | |
file46.225.140.51 | Vidar botnet C2 server (confidence level: 100%) | |
file74.0.48.26 | Vidar botnet C2 server (confidence level: 100%) | |
file91.99.21.118 | Vidar botnet C2 server (confidence level: 100%) | |
file91.99.163.84 | Vidar botnet C2 server (confidence level: 100%) | |
file95.217.50.16 | Vidar botnet C2 server (confidence level: 100%) | |
file138.226.237.195 | Vidar botnet C2 server (confidence level: 100%) | |
file95.216.251.53 | Vidar botnet C2 server (confidence level: 100%) | |
file207.180.58.180 | Vidar botnet C2 server (confidence level: 100%) | |
file77.42.49.74 | Vidar botnet C2 server (confidence level: 100%) | |
file74.0.48.62 | Vidar botnet C2 server (confidence level: 100%) | |
file95.216.251.52 | Vidar botnet C2 server (confidence level: 100%) | |
file65.108.21.223 | Vidar botnet C2 server (confidence level: 100%) | |
file74.0.48.25 | Vidar botnet C2 server (confidence level: 100%) | |
file89.167.51.54 | Vidar botnet C2 server (confidence level: 100%) | |
file74.0.48.135 | Vidar botnet C2 server (confidence level: 100%) | |
file74.0.48.55 | Vidar botnet C2 server (confidence level: 100%) | |
file74.0.48.183 | Vidar botnet C2 server (confidence level: 100%) | |
file74.0.32.197 | Vidar botnet C2 server (confidence level: 100%) | |
file74.0.32.233 | Vidar botnet C2 server (confidence level: 100%) | |
file207.180.58.177 | Vidar botnet C2 server (confidence level: 100%) | |
file74.0.48.140 | Vidar botnet C2 server (confidence level: 100%) | |
file138.226.237.185 | Vidar botnet C2 server (confidence level: 100%) | |
file135.181.117.114 | Vidar botnet C2 server (confidence level: 100%) | |
file45.139.104.209 | PureRAT botnet C2 server (confidence level: 75%) | |
file104.243.248.63 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file89.106.65.100 | Aisuru botnet C2 server (confidence level: 100%) | |
file130.12.181.39 | Remcos botnet C2 server (confidence level: 100%) | |
file172.245.246.91 | Remcos botnet C2 server (confidence level: 100%) | |
file82.158.88.101 | XWorm botnet C2 server (confidence level: 100%) | |
file89.106.65.100 | Aisuru botnet C2 server (confidence level: 100%) | |
file47.242.153.43 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file47.242.153.43 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file89.106.65.100 | Aisuru botnet C2 server (confidence level: 100%) | |
file103.44.90.113 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.251 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.245 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.228 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.233 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.249 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.234 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.230 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.225 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.239 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.253 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.235.177.9 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.231 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file176.191.216.232 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.242 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.227 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.254 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.244 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.246 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.240 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.236 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.237 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.248 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.238 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.107.139.30 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.243 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.247 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.229 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file80.97.160.68 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.232 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.235 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.226 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.250 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.240.239.254 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.39.16.252 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file38.175.200.150 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file27.124.21.96 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file93.127.138.239 | Remcos botnet C2 server (confidence level: 100%) | |
file130.12.181.40 | Remcos botnet C2 server (confidence level: 100%) | |
file5.101.86.24 | Remcos botnet C2 server (confidence level: 100%) | |
file172.94.100.226 | Remcos botnet C2 server (confidence level: 100%) | |
file185.221.215.196 | Remcos botnet C2 server (confidence level: 100%) | |
file5.101.86.53 | Remcos botnet C2 server (confidence level: 100%) | |
file149.50.96.57 | Remcos botnet C2 server (confidence level: 100%) | |
file163.172.39.176 | Sliver botnet C2 server (confidence level: 100%) | |
file143.198.186.90 | Sliver botnet C2 server (confidence level: 100%) | |
file91.84.123.250 | SectopRAT botnet C2 server (confidence level: 100%) | |
file31.59.139.31 | SectopRAT botnet C2 server (confidence level: 100%) | |
file45.139.104.161 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file62.60.226.168 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file94.181.229.245 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file187.124.1.63 | Havoc botnet C2 server (confidence level: 100%) | |
file65.0.58.184 | Havoc botnet C2 server (confidence level: 100%) | |
file171.236.84.112 | Havoc botnet C2 server (confidence level: 100%) | |
file113.192.61.4 | Venom RAT botnet C2 server (confidence level: 100%) | |
file50.114.206.110 | Orcus RAT botnet C2 server (confidence level: 100%) | |
file130.51.23.168 | Orcus RAT botnet C2 server (confidence level: 100%) | |
file88.210.13.112 | Orcus RAT botnet C2 server (confidence level: 100%) | |
file93.198.178.134 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file64.225.123.12 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.38.42.197 | Unknown malware botnet C2 server (confidence level: 100%) | |
file37.119.171.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file80.71.224.166 | Bashlite botnet C2 server (confidence level: 100%) | |
file94.154.32.153 | Bashlite botnet C2 server (confidence level: 100%) | |
file45.76.48.155 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file168.245.203.38 | Meterpreter botnet C2 server (confidence level: 100%) | |
file168.245.203.76 | Meterpreter botnet C2 server (confidence level: 100%) | |
file103.177.46.19 | Meterpreter botnet C2 server (confidence level: 100%) | |
file51.17.22.44 | Meterpreter botnet C2 server (confidence level: 100%) | |
file95.40.107.121 | Meterpreter botnet C2 server (confidence level: 100%) | |
file35.178.68.216 | Meterpreter botnet C2 server (confidence level: 100%) | |
file35.178.68.216 | Meterpreter botnet C2 server (confidence level: 100%) | |
file35.178.68.216 | Meterpreter botnet C2 server (confidence level: 100%) | |
file35.178.68.216 | Meterpreter botnet C2 server (confidence level: 100%) | |
file58.244.40.227 | Meterpreter botnet C2 server (confidence level: 100%) | |
file5.189.189.14 | Meterpreter botnet C2 server (confidence level: 100%) | |
file103.54.153.177 | Mirai botnet C2 server (confidence level: 100%) | |
file107.175.206.36 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file187.124.6.129 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file62.164.177.230 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file23.163.0.24 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file89.106.65.100 | Aisuru botnet C2 server (confidence level: 100%) | |
file94.154.32.18 | XWorm botnet C2 server (confidence level: 100%) | |
file104.243.248.63 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file89.106.65.100 | Aisuru botnet C2 server (confidence level: 100%) | |
file8.162.1.240 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.84.31.220 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file91.202.233.57 | SectopRAT botnet C2 server (confidence level: 100%) | |
file16.112.189.111 | Meterpreter botnet C2 server (confidence level: 100%) | |
file116.203.167.195 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file91.211.251.249 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file140.245.10.127 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file43.134.52.221 | Havoc botnet C2 server (confidence level: 100%) | |
file147.45.69.34 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file15.216.14.131 | Meterpreter botnet C2 server (confidence level: 100%) | |
file23.26.129.38 | Remcos botnet C2 server (confidence level: 100%) | |
file154.92.16.22 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file46.183.218.150 | Remcos botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash8443 | Aisuru botnet C2 server (confidence level: 100%) | |
hash44550 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash6666 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4443 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash443 | Amatera botnet C2 server (confidence level: 75%) | |
hash443 | Amatera botnet C2 server (confidence level: 75%) | |
hash4782 | DCRat botnet C2 server (confidence level: 50%) | |
hash6060 | DCRat botnet C2 server (confidence level: 50%) | |
hash8080 | DCRat botnet C2 server (confidence level: 50%) | |
hash4782 | DCRat botnet C2 server (confidence level: 50%) | |
hash6060 | DCRat botnet C2 server (confidence level: 50%) | |
hash8080 | DCRat botnet C2 server (confidence level: 50%) | |
hash6000 | XWorm botnet C2 server (confidence level: 50%) | |
hash443 | Unknown RAT botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8880 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash7004 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash8081 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash56002 | PureRAT botnet C2 server (confidence level: 75%) | |
hash1800 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash5555 | Aisuru botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash8443 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8443 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash443 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash34567 | Aisuru botnet C2 server (confidence level: 100%) | |
hash46513 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash20411 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash20411 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash20411 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash20411 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash20411 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash20411 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash20411 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash20411 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash20411 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash20411 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash23761 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash20411 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash20411 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash20411 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash20411 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash20411 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash20411 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash20411 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash20411 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash20411 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash20411 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash20411 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash20411 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash20411 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash20411 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash3306 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash20411 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash20411 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash20411 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash20411 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash20411 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash20411 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2428 | Remcos botnet C2 server (confidence level: 100%) | |
hash29811 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2428 | Remcos botnet C2 server (confidence level: 100%) | |
hash8080 | Remcos botnet C2 server (confidence level: 100%) | |
hash80 | Sliver botnet C2 server (confidence level: 100%) | |
hash38656 | Sliver botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash2222 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8443 | Havoc botnet C2 server (confidence level: 100%) | |
hash80 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash4449 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash10134 | Orcus RAT botnet C2 server (confidence level: 100%) | |
hash25565 | Orcus RAT botnet C2 server (confidence level: 100%) | |
hash25565 | Orcus RAT botnet C2 server (confidence level: 100%) | |
hash82 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash81 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Bashlite botnet C2 server (confidence level: 100%) | |
hash80 | Bashlite botnet C2 server (confidence level: 100%) | |
hash4321 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash4679 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash950 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash7000 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash11000 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash18100 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash10001 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash4444 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash60195 | Mirai botnet C2 server (confidence level: 100%) | |
hash8866 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash9034 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8383 | XWorm botnet C2 server (confidence level: 100%) | |
hash1801 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8080 | Aisuru botnet C2 server (confidence level: 100%) | |
hash10086 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash56020 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash7727 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash22443 | Havoc botnet C2 server (confidence level: 100%) | |
hash4443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash43 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash24045 | Remcos botnet C2 server (confidence level: 100%) | |
hash22311 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash42830 | Remcos botnet C2 server (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://74.0.48.25/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://pastebin.com/raw/rq7ymk0w | XWorm botnet C2 (confidence level: 50%) | |
urlhttps://telegram.me/m0r5hl | Vidar botnet C2 (confidence level: 50%) | |
urlhttps://steamcommunity.com/profiles/76561198733506974 | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://pay.it-bd.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://pay.cardiffphysio.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://hro.it-bd.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://hro.cardiffphysio.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://ctl.it-bd.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://ctl.cardiffphysio.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://bis.jhotpot.com.bd/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://goo.jhotpot.com.bd/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://wib.jhotpot.com.bd/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://sps.jhotpot.com.bd/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://gtp.jhotpot.com.bd/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://ctl.jhotpot.com.bd/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://goo.cricket-matters.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://bis.cricket-matters.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://ttt.cricket-matters.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://wib.cricket-matters.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://sps.cricket-matters.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://gtp.cricket-matters.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://ctl.cricket-matters.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://95.216.251.55/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://95.217.50.17/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://74.0.32.131/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://74.0.32.127/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://74.0.32.81/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://46.225.128.252/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://95.216.251.51/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://46.225.140.51/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://74.0.48.26/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://91.99.21.118/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://95.217.50.16/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://138.226.237.195/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://95.216.251.53/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://207.180.58.180/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://77.42.49.74/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://74.0.48.62/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://95.216.251.52/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://65.108.21.223/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://89.167.51.54/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://74.0.48.135/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://74.0.48.55/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://74.0.48.183/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://74.0.32.197/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://74.0.32.233/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://207.180.58.177/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://74.0.48.140/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://138.226.237.185/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://6nfk1oop2kry.xszc666.com/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://j7mki8.b3h5n3c0.work | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://che.jhotpot.com.bd/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://che.cricket-matters.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://107.175.206.36:8866/1ewp | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttps://74.0.32.234/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://74.0.32.129/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://achandograca.com/7f4d.js | KongTuke payload delivery URL (confidence level: 100%) | |
urlhttps://achandograca.com/js.php | KongTuke payload delivery URL (confidence level: 100%) | |
urlhttps://gamepinxjzr.com/data.php | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://gamepinxjzr.com/data.zip | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://gamepinxjzr.com/test.php | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://gamepinxjzr.com/configpack.zip | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://gamepinxjzr.com/helpu.php | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://gamepinxjzr.com/server.php | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://bst.jhotpot.com.bd/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://bst.cricket-matters.com/ | Vidar botnet C2 (confidence level: 100%) |
Threat ID: 69a62892d1a09e29cb62b7a5
Added to database: 3/3/2026, 12:17:22 AM
Last enriched: 3/3/2026, 12:17:36 AM
Last updated: 3/3/2026, 4:34:39 AM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Sort by
Loading community insights…
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
Maltrail IOC for 2026-03-02
MediumMalwareMon Mar 02 2026
Fake Zoom meeting 'update' silently installs unauthorized version of monitoring tool abused by cybercriminals to spy on victims
MediumMalwareMon Mar 02 2026
PlugX Meeting Invitation via MSBuild and GDATA
MediumMalwareMon Mar 02 2026
Abusing Windows File Explorer and WebDAV for Malware Delivery
MediumMalwareMon Mar 02 2026
ThreatFox IOCs for 2026-03-01
MediumMalwareMon Mar 02 2026
Actions
PRO
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Please log in to the Console to use AI analysis features.
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Breach by OffSeqOFFSEQFRIENDS — 25% OFF
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
OffSeq TrainingCredly Certified
Lead Pen Test Professional
Technical5-day eLearningPECB Accredited