Reconnecting to live updates…
ThreatFox IOCs for 2026-03-26
Severity: mediumType: malware
ThreatFox IOCs for 2026-03-26
AI Analysis
Technical Summary
This entry from the ThreatFox MISP feed dated March 26, 2026, provides Indicators of Compromise (IOCs) related to malware activities, specifically categorized under OSINT (Open Source Intelligence), network activity, and payload delivery. The data does not specify any affected software versions or products, indicating it is a general intelligence update rather than a vulnerability or exploit targeting a particular system. The absence of patches and known exploits in the wild suggests that this is an informational feed designed to enhance situational awareness for cybersecurity teams. The threat level is low to medium, with a threatLevel score of 2 and analysis score of 1, while distribution is rated 3, implying moderate dissemination of these IOCs. The lack of detailed technical indicators or payload specifics limits the ability to assess precise attack vectors or methodologies. This feed is intended to support threat hunting, network monitoring, and incident response by providing timely intelligence on emerging or ongoing malware-related activities. It is a proactive measure to help organizations detect potential malicious network behaviors and payload deliveries before they escalate into active compromises.
Potential Impact
The potential impact of this threat intelligence feed is primarily in enhancing detection capabilities rather than indicating an immediate risk of compromise. Organizations worldwide can leverage these IOCs to improve their network monitoring and threat hunting processes, potentially identifying malicious activities earlier. Since there are no known exploits or affected products, the direct risk to confidentiality, integrity, or availability is low at this time. However, failure to incorporate such intelligence could delay detection of emerging threats, increasing the risk of successful payload delivery and subsequent malware infections. The impact is thus indirect but important for maintaining a proactive security posture. Organizations that do not utilize threat intelligence feeds may face higher risks from undetected malware activities. The medium severity reflects the value of this intelligence in preventing future incidents rather than responding to an active exploit.
Mitigation Recommendations
To effectively utilize this threat intelligence, organizations should integrate the ThreatFox IOCs into their existing security information and event management (SIEM) systems and intrusion detection/prevention systems (IDS/IPS). Regularly updating threat intelligence feeds and correlating IOC data with network logs can enhance early detection of suspicious network activities and payload delivery attempts. Security teams should conduct proactive threat hunting exercises using these indicators to identify potential compromises. Additionally, maintaining robust endpoint protection, network segmentation, and strict access controls will reduce the risk of malware propagation if payload delivery attempts are detected. Organizations should also ensure that their incident response plans incorporate procedures for analyzing and acting upon OSINT-derived threat intelligence. Training security analysts to interpret and operationalize such intelligence is critical. Since no patches are available, emphasis should be on detection and response capabilities rather than remediation of vulnerabilities.
Affected Countries
United States, United Kingdom, Germany, France, Canada, Australia, Japan, South Korea, Netherlands, Sweden
Indicators of Compromise
- file: 104.131.55.144
- hash: 8001
- file: 138.197.75.250
- hash: 9035
- file: 159.65.32.78
- hash: 8443
- domain: events.wealth-london.com
- url: https://urotypos.com/dd/tmp
- file: 159.203.46.99
- hash: 8001
- file: 143.110.214.167
- hash: 8001
- domain: bulletproofdomai2n.com
- file: 143.110.212.191
- hash: 5555
- file: 143.198.35.193
- hash: 8001
- file: 159.203.40.220
- hash: 8001
- url: https://se.tsukivpn.ru:443/
- hash: b2204e8635b84670d8f18932db005dece6c5846e5cb012cf40888727bbe678c8
- hash: 737a630bff6234403fe00d74991338a2f730632766cd29477f0d4ad763c22efd
- file: 178.128.226.244
- hash: 8001
- file: 143.198.35.11
- hash: 8001
- file: 143.110.223.39
- hash: 8001
- file: 138.197.173.171
- hash: 8001
- file: 142.93.144.53
- hash: 8001
- file: 165.227.33.175
- hash: 8001
- file: 138.197.144.85
- hash: 8001
- file: 137.184.161.78
- hash: 8001
- file: 138.197.163.118
- hash: 8001
- file: 165.22.228.153
- hash: 8001
- file: 159.203.43.206
- hash: 8001
- file: 167.99.181.174
- hash: 8001
- file: 178.128.234.250
- hash: 8001
- file: 142.93.150.151
- hash: 8001
- file: 159.203.39.31
- hash: 8001
- file: 159.203.39.31
- hash: 8080
- file: 139.180.159.16
- hash: 8001
- file: 66.42.50.172
- hash: 8001
- file: 64.176.81.172
- hash: 8001
- file: 207.148.76.131
- hash: 8001
- file: 45.77.242.24
- hash: 8001
- domain: moondev.digital
- file: 173.44.62.141
- hash: 8081
- file: 147.45.179.14
- hash: 32895
- file: 160.187.210.154
- hash: 8808
- file: 78.84.234.11
- hash: 8808
- file: 161.248.239.247
- hash: 9999
- file: 45.153.34.14
- hash: 8888
- file: 203.109.70.19
- hash: 8888
- domain: ces.yeyr.lol
- file: 137.220.219.244
- hash: 443
- domain: triage-test.evilpony.win
- file: 62.171.131.243
- hash: 1337
- domain: svc4static.blueoak.in.net
- domain: ext1meta.darkbay.in.net
- domain: ext2proc.darkbay.in.net
- domain: ext3gate.darkbay.in.net
- domain: ext4sync.darkbay.in.net
- domain: cl1store.greenpit.in.net
- domain: cl2remote.greenpit.in.net
- domain: cl3dev.greenpit.in.net
- domain: cl4link.greenpit.in.net
- domain: dev1proc.northoak.in.net
- domain: dev2power.northoak.in.net
- domain: dev3local.northoak.in.net
- domain: dev4work.northoak.in.net
- domain: svc1infra.westpit.in.net
- domain: svc2base.westpit.in.net
- domain: svc3user.westpit.in.net
- domain: svc4link.westpit.in.net
- domain: ext1proc.deepoak.in.net
- domain: ext2core.deepoak.in.net
- domain: ext3ghost.deepoak.in.net
- domain: ext4view.deepoak.in.net
- domain: cl1proc.sunnode.in.net
- domain: cl2point.sunnode.in.net
- domain: cl3view.sunnode.in.net
- domain: cl4path.sunnode.in.net
- domain: dev1proc.oakcore.in.net
- domain: dev2outer.oakcore.in.net
- domain: mever.duckdns.org
- domain: bj88games.global
- url: https://chinasite.com.br/msi_180922.png
- url: https://tiger.kesug.com/img_053646.png
- domain: borntolease.com
- file: 185.27.134.221
- hash: 443
- domain: dev3field.oakcore.in.net
- domain: dev4space.oakcore.in.net
- domain: svc1proc.redbyte.in.net
- domain: svc2steel.redbyte.in.net
- domain: svc3core.redbyte.in.net
- domain: svc4sat.redbyte.in.net
- domain: ext1infra.blugrid.in.net
- domain: ext2proxy.blugrid.in.net
- domain: ext3data.blugrid.in.net
- file: 14.103.160.117
- hash: 60061
- file: 192.144.32.54
- hash: 443
- file: 107.175.246.25
- hash: 2404
- file: 191.107.90.235
- hash: 5060
- file: 178.16.54.208
- hash: 80
- file: 222.190.151.53
- hash: 8888
- file: 160.187.210.154
- hash: 8080
- file: 81.85.73.104
- hash: 7443
- domain: ext4point.blugrid.in.net
- domain: flamemarket.blueoak.in.net
- domain: w8nzz58.blueoak.in.net
- domain: neuron-graph.darkbay.in.net
- domain: pubserv.darkbay.in.net
- domain: vaul5-vault.greenpit.in.net
- domain: 58edm.greenpit.in.net
- domain: tritideor3.northoak.in.net
- domain: quorcresta.northoak.in.net
- domain: trans5-ring.westpit.in.net
- domain: ic3-frame.westpit.in.net
- domain: railvalidator.deepoak.in.net
- domain: cav33-phase.deepoak.in.net
- domain: crypt0-vector.sunnode.in.net
- domain: storapowe.sunnode.in.net
- domain: rain-wave.oakcore.in.net
- domain: d34l5-well.oakcore.in.net
- domain: xun7.redbyte.in.net
- file: 143.14.44.58
- hash: 18954
- domain: red.redirectme.net
- domain: woonort.redbyte.in.net
- domain: 5par-stream.blugrid.in.net
- domain: directdrive.blugrid.in.net
- domain: 0rrpdvc.blueoak.in.net
- domain: freightvalley.darkbay.in.net
- domain: suddencul.greenpit.in.net
- domain: akl1.northoak.in.net
- domain: newlinkforconnect.duckdns.org
- file: 47.92.109.107
- hash: 32251
- file: 151.243.109.36
- hash: 6606
- file: 151.243.109.36
- hash: 7707
- file: 151.243.109.36
- hash: 8808
- domain: 18.tcp.cpolar.top
- domain: vdyrne1g.westpit.in.net
- domain: velg.deepoak.in.net
- file: 149.28.158.118
- hash: 8001
- domain: sercresta3.sunnode.in.net
- domain: fxassistant.4nmn.com
- file: 45.39.255.14
- hash: 10213
- file: 130.12.180.119
- hash: 427
- file: 130.12.182.175
- hash: 427
- file: 176.65.148.55
- hash: 427
- file: 31.57.216.27
- hash: 427
- file: 31.57.216.28
- hash: 427
- file: 46.151.182.19
- hash: 427
- file: 46.151.182.245
- hash: 427
- domain: zen-fluxex.oakcore.in.net
- domain: l0ad-mark.redbyte.in.net
- domain: tr1g-cache.blugrid.in.net
- domain: airplanemove.info
- domain: wingevent.info
- domain: pixe-forge.thorncoil.in.net
- url: https://159.89.20.198
- file: 81.90.29.241
- hash: 443
- domain: cree-crest.thorncoil.in.net
- file: 156.234.74.238
- hash: 48463
- file: 156.234.162.241
- hash: 48463
- file: 45.74.48.74
- hash: 443
- file: 168.93.224.183
- hash: 8888
- file: 87.120.107.33
- hash: 9000
- file: 158.94.209.224
- hash: 9000
- file: 102.98.114.155
- hash: 443
- file: 72.61.102.71
- hash: 8443
- file: 103.177.47.89
- hash: 3790
- domain: d3fen-line.thorncoil.in.net
- file: 94.26.106.197
- hash: 1999
- domain: 4mp-loop.thorncoil.in.net
- file: 94.154.32.198
- hash: 8040
- file: 94.154.32.198
- hash: 8041
- file: 194.110.172.159
- hash: 1995
- file: 54.251.50.97
- hash: 7070
- domain: vaultdispatch.thorncoil.in.net
- file: 45.32.119.26
- hash: 8443
- domain: hcsrx.driftmuse.in.net
- file: 83.217.208.93
- hash: 5021
- file: 83.217.208.72
- hash: 6062
- domain: merlithar9.driftmuse.in.net
- file: 212.34.128.99
- hash: 443
- domain: u900wa.driftmuse.in.net
- domain: cachesensor.driftmuse.in.net
- domain: kkji.driftmuse.in.net
- domain: convoymassive.skyl0dge.in.net
- file: 45.141.26.201
- hash: 7004
- file: 45.83.207.90
- hash: 7000
- domain: depdea.amber-drift.in.net
- domain: narr9-vector.aurorift.in.net
- url: https://46.224.162.148/
- url: https://204.168.190.65/
- url: https://31.57.201.151/
- url: https://isf.syslicense.net/
- url: https://isf.ssffaa4.xyz/
- domain: ampsyst.brisklume.in.net
- domain: isf.syslicense.net
- domain: isf.ssffaa4.xyz
- file: 46.224.162.148
- hash: 443
- file: 204.168.190.65
- hash: 443
- file: 31.57.201.151
- hash: 443
- file: 46.224.169.62
- hash: 443
- domain: glacier3-signal.cinderpeak.in.net
- domain: pten.cl0udmere.in.net
- domain: daemon6-logic.crestfall.in.net
- domain: c0rte8-flow.dawnspire.in.net
- domain: nfqbq5.f0xharbor.in.net
- domain: looseoak.fablegrove.in.net
- domain: 4jv9.gl1mmeroak.in.net
- domain: clie-zone.n1ghtridge.in.net
- domain: s75g160.stonemuse.in.net
- domain: buildwar.thornbyte.in.net
- domain: peta-cre.tires8f.in.net
- file: 158.94.209.95
- hash: 80
- domain: mermarkal5.velorune.in.net
- domain: smaton.z7hire.in.net
- domain: crystal-bridge.amber-drift.in.net
- domain: mer-spireis.amber-drift.in.net
- domain: lecture.kotoha.or.jp
- domain: quanpuls.aurorift.in.net
- file: 103.83.86.16
- hash: 50030
- file: 103.83.86.16
- hash: 50033
- domain: k4tpzok.uk.com
- domain: erinagastro.ch
- domain: sportsimportance.in.net
- domain: journal-world.za.com
- domain: magento.cn.com
- domain: tcp4.tunnel4.com
- domain: 0sta343.aurorift.in.net
- file: 144.172.105.56
- hash: 1420
- domain: scantermin.brisklume.in.net
- url: http://45.131.214.189
- domain: runw-maj.brisklume.in.net
- domain: rnolecu0-drive.cinderpeak.in.net
- domain: 27tjfer7.cinderpeak.in.net
- domain: proxyspe.cl0udmere.in.net
- domain: tricorear4.cl0udmere.in.net
- domain: plain-ivo.crestfall.in.net
- domain: zen-valeet.crestfall.in.net
- domain: meta-5udde.dawnspire.in.net
- file: 34.175.4.25
- hash: 8443
- file: 146.70.100.96
- hash: 8808
- file: 20.251.153.103
- hash: 443
- file: 178.128.125.237
- hash: 443
- file: 98.92.48.13
- hash: 80
- file: 171.233.25.200
- hash: 9999
- file: 169.40.135.97
- hash: 7777
- domain: ultra-5un.dawnspire.in.net
- file: 85.121.148.139
- hash: 4444
- file: 168.245.203.118
- hash: 3790
- file: 178.104.97.98
- hash: 4444
- domain: ultrbird.f0xharbor.in.net
- domain: solidmount.f0xharbor.in.net
- domain: xr71purq.fablegrove.in.net
- url: https://116.202.22.103
- url: https://steamcommunity.com/profiles/76561198724155486
- url: https://telegram.me/v2ts23m
- domain: move-friendly-international-observed.trycloudflare.com
- hash: da55783ca9c4098e5ea47e33507bd38ae9851b6617b574d1fa294a6205cb143e
- hash: a78b29252a7954b588392b952b970da7ddb760cec7320ac4e8a50f79a8cf8f9b
- hash: 978a54a42629e0d19ef41bd5db7e560d618e1fdcc8e77c14694642840dfad8a2
- domain: stocforg.fablegrove.in.net
- domain: shelldecode.gl1mmeroak.in.net
- domain: orchestheo.gl1mmeroak.in.net
- domain: vel-tideal.n1ghtridge.in.net
- domain: p0lar-mark.n1ghtridge.in.net
- domain: irgss.stonemuse.in.net
- file: 149.28.158.184
- hash: 8443
- domain: cedargri.stonemuse.in.net
- domain: fj0r-stream.thornbyte.in.net
- domain: fuddj2yd.thornbyte.in.net
- domain: sign-live.tires8f.in.net
- domain: 6u0py.tires8f.in.net
- domain: sket-stack.velorune.in.net
- domain: torship.velorune.in.net
- domain: r1ch-node.z7hire.in.net
- domain: velcrest4is.z7hire.in.net
- domain: eastretainer.ra8gera.in.net
- file: 45.32.150.251
- hash: 4787
- url: http://45.32.150.251/nijjiverqdmwmcuyrwx4hq%3d%3d
- url: http://45.32.150.251/r9zc5gmlym%2fhy1hwn6obyg%3d%3d
- url: http://45.32.150.251/g/r9zc5gmlym%2fhy1hwn6obyg%3d%3d
- url: http://217.69.3.51/nijjiverqdmwmcuyrwx4hq%3d%3d
- url: http://217.69.3.51/r9zc5gmlym%2fhy1hwn6obyg%3d%3d
- url: http://208.85.20.124/p2p
- file: 207.148.79.102
- hash: 9034
- domain: 5hff.ra8gera.in.net
- file: 207.148.70.225
- hash: 8443
- url: https://flasrta.cyou
- file: 149.28.136.177
- hash: 8443
- domain: tal-markal.ra8gera.in.net
- file: 45.32.99.68
- hash: 8001
- url: https://lxc.syslicense.net/
- url: https://lxc.ssffaa4.xyz/
- url: https://pr1.skfilmsint.com/
- url: https://pr2.skfilmsint.com/
- domain: lxc.syslicense.net
- domain: lxc.ssffaa4.xyz
- domain: pr1.skfilmsint.com
- domain: pr2.skfilmsint.com
- domain: nimb3-reach.ra8gera.in.net
- domain: plas2-graph.ra8gera.in.net
- file: 149.28.141.101
- hash: 8001
- url: https://gralino.top/realm/throttle-template.php
- domain: gralino.top
- url: https://gralino.top/realm/role-asset.js
- url: https://vexnali.com/cc/info
- domain: tricrest7ar.x7lora.in.net
- file: 45.32.99.68
- hash: 34567
- file: 207.148.70.225
- hash: 9034
- domain: unload6-gate.x7lora.in.net
- file: 149.28.136.177
- hash: 8001
- domain: bridgecampa.x7lora.in.net
- domain: royalgla.x7lora.in.net
- domain: mnsm.us.com
- domain: appistartes.com
- domain: solidactivate.com
- file: 193.222.99.231
- hash: 80
- file: 185.112.59.64
- hash: 8443
- file: 144.31.158.33
- hash: 443
- hash: 84802194859b530dcb8e374b7970912f6a27ff5e97f2bec509e59b2dffcc6146
- url: https://t.me/jdzoddhzu
- domain: otter-aut.x7lora.in.net
- domain: ffzt1.fabledock.in.net
- domain: ewdgyl.fabledock.in.net
- domain: sdjteamsmd.casa
- url: https://sdjteamsmd.casa/api/css.js
- domain: 5sxuqx.fabledock.in.net
- domain: profuture.sa.com
- domain: 2025bj.it.com
- domain: hunewsbaytara4.ru.com
- domain: j880.shop
- domain: u8886.shop
- domain: ukrtelecom.in.net
- domain: kernmetri.fabledock.in.net
- file: 212.162.148.16
- hash: 4040
- domain: cyrexmods.st
- domain: cyrexmods.icu
- domain: aetherixcore.cc
- domain: rendfie.fabledock.in.net
- url: https://gralino.top/realm/audit-worker.js
- domain: 55wmwoni.bramblepath.in.net
- url: https://vexnali.com/ss/look
- domain: vexnali.com
- domain: inkchec.bramblepath.in.net
- domain: freegaten.com
- domain: freegaten.info
- domain: solidclouaps.com
- domain: sendertokencf.com
- domain: sendtokenscf.com
- domain: selerscope.com
- domain: inversivaldcf.com
- domain: vrfideyoidnty.com
- domain: cfintegrity.com
- file: 185.122.187.55
- hash: 80
- domain: mertide3on.bramblepath.in.net
- domain: v3ct4-loop.bramblepath.in.net
- domain: river-fle.bramblepath.in.net
- file: 91.219.238.140
- hash: 7000
- hash: 8f0cc4291878220e680bf0b6891f70ede20f49e5d5164d1db0765da71c658ae3
- url: http://47.92.109.107:32251/9jpj
- domain: 0islm.foxglade.in.net
- domain: ekdt78.foxglade.in.net
- domain: uppxbwm.foxglade.in.net
- domain: op3n-bridge.foxglade.in.net
- file: 156.234.226.34
- hash: 54123
- file: 120.48.25.153
- hash: 80
- file: 154.205.200.50
- hash: 9200
- file: 172.111.233.91
- hash: 5000
- file: 81.91.176.224
- hash: 9000
- file: 198.23.196.205
- hash: 7443
- file: 157.230.225.35
- hash: 80
- file: 171.233.25.200
- hash: 5000
- file: 194.58.47.89
- hash: 1337
- file: 91.92.128.89
- hash: 6001
- file: 18.171.150.28
- hash: 5986
- domain: 5p4r2-forge.foxglade.in.net
- domain: demandnod.cl0verbyte.in.net
- domain: fjordhard.cl0verbyte.in.net
- domain: whreceiverrrrrrrrr.ru
- domain: remotev2.whreceiverrrrrrrrr.ru
- domain: tar973lz.cl0verbyte.in.net
- domain: geo-4mp.cl0verbyte.in.net
- domain: gu4r2-field.cl0verbyte.in.net
- domain: svc1sync.frozenleafnetwork.in.net
- domain: svc2data.frozenleafnetwork.in.net
- domain: svc3edge.frozenleafnetwork.in.net
- domain: lesmaillesdutemps.be
- domain: svc4static.frozenleafnetwork.in.net
- domain: ext1meta.goldenridgesystem.in.net
- domain: ext2proc.goldenridgesystem.in.net
- domain: ext3gate.goldenridgesystem.in.net
- domain: letaur1.ru
- domain: ext4sync.goldenridgesystem.in.net
- domain: letrerosbiobio.cl
- domain: cl1store.silverstreambuffer.in.net
- domain: cl2remote.silverstreambuffer.in.net
- file: 202.95.14.133
- hash: 8899
- domain: cl3dev.silverstreambuffer.in.net
- domain: cl4link.silverstreambuffer.in.net
- file: 157.245.48.127
- hash: 443
- domain: whizz.us.com
- domain: maestroload.it.com
- domain: rmkyde.za.com
- domain: uiptoq.sa.com
- domain: ok8386.marketing
- domain: ok8386.gb.net
- domain: thedailylove.gb.net
- domain: rummymars.in.net
- domain: benfoster.it.com
- domain: redcubeclient.in.net
- domain: rkvfg.za.com
- domain: fbf.uk.com
- domain: mcjw.cn.com
- domain: klinker-stone.sa.com
- domain: farzan.co.com
- domain: zowin88.it.com
- domain: zowinj.uk.com
- domain: dev1proc.blackpeakstorage.in.net
- domain: building-blocks.uk.com
- domain: xn--eckybaxbw6bypoc.jpn.com
- domain: rescuereliefcica.eu.com
- domain: moviehub.in.net
- domain: nui.uk.com
- domain: reprint-stories.sa.com
- domain: amelialondon.uk.com
- domain: plissachlab.in.net
- domain: hki.uk.com
- domain: pdat.sa.com
- domain: pbxvvz.sa.com
- domain: globosnwiy.ru.com
- url: https://pun.syslicense.net/
- url: https://pun.ssffaa4.xyz/
- domain: gue.us.com
- domain: twp.in.net
- domain: hawaii.jp.net
- domain: www.mydevportfolio.in.net
- domain: aga.br.com
- domain: margas.sa.com
- domain: pun.syslicense.net
- domain: pun.ssffaa4.xyz
- domain: wuu.zoomqwer.com
- domain: dev2power.blackpeakstorage.in.net
- domain: dev3local.blackpeakstorage.in.net
- domain: dev4work.blackpeakstorage.in.net
- domain: svc1infra.whitetideinterface.in.net
- domain: svc2base.whitetideinterface.in.net
- domain: svc3user.whitetideinterface.in.net
- domain: svc4link.whitetideinterface.in.net
- domain: ext1proc.coldstonemetrics.in.net
- domain: ext2core.coldstonemetrics.in.net
- domain: cooempresasltda104.duckdns.org
- domain: ext3ghost.coldstonemetrics.in.net
- file: 83.217.209.98
- hash: 1111
- domain: ext4view.coldstonemetrics.in.net
- domain: cl1proc.wildbranchcluster.in.net
- domain: cl2point.wildbranchcluster.in.net
- domain: cl3view.wildbranchcluster.in.net
- domain: cl4path.wildbranchcluster.in.net
- domain: dev1proc.ironrootprocessor.in.net
- domain: dev2outer.ironrootprocessor.in.net
- domain: dev3field.ironrootprocessor.in.net
- domain: library.germanyphilatelicsocietyusa.org
- domain: dev4space.ironrootprocessor.in.net
- domain: svc1proc.darkcloudgateway.in.net
- file: 8.138.225.145
- hash: 443
- file: 216.224.116.143
- hash: 28396
- file: 85.192.27.126
- hash: 8080
- file: 8.216.26.169
- hash: 8888
- file: 51.77.66.14
- hash: 8082
- domain: www.rw5c0wt9.shop
- domain: www.pxtlh9o3.shop
- domain: www.u2jlxcn8.shop
- domain: www.l3foqnjx.shop
- file: 80.253.251.143
- hash: 8080
- file: 36.138.203.171
- hash: 8000
- domain: svc2steel.darkcloudgateway.in.net
- domain: library.scriptclips.com
- domain: svc3core.darkcloudgateway.in.net
- domain: svc4sat.darkcloudgateway.in.net
- domain: ext1infra.bluepointterminal.in.net
- domain: ext2proxy.bluepointterminal.in.net
- file: 143.198.52.66
- hash: 1177
- domain: lichtermanlaw.com
- domain: ext3data.bluepointterminal.in.net
- domain: ext4point.bluepointterminal.in.net
- domain: svc1sync.donkeyemploy.in.net
- file: 91.92.240.127
- hash: 6000
- file: 91.92.242.249
- hash: 7377
- domain: svc2data.donkeyemploy.in.net
- file: 47.119.122.113
- hash: 443
- domain: svc3edge.donkeyemploy.in.net
- domain: svc4static.donkeyemploy.in.net
- domain: ext1meta.angularsilic.in.net
- domain: ext2proc.angularsilic.in.net
- domain: lifegoesonblog.nl
- domain: lifeisanexcursion.com
- domain: cl1store.cruciferdiesel.in.net
- domain: cl2remote.cruciferdiesel.in.net
- domain: lifeonadot.com
- domain: cl3dev.cruciferdiesel.in.net
- domain: lifestylemenu.net
- domain: cl4link.cruciferdiesel.in.net
- domain: dev1proc.investonerous.in.net
- domain: dev2power.investonerous.in.net
- domain: dev3local.investonerous.in.net
- domain: dev4work.investonerous.in.net
- domain: lighthouse.sellquicksellnow.com
- domain: svc1infra.secretgeneral.in.net
- domain: svc2base.secretgeneral.in.net
- domain: svc3user.secretgeneral.in.net
- domain: svc4link.secretgeneral.in.net
- domain: remcoctubre2024.duckdns.org
- domain: buike0147.duckdns.org
- domain: sub.noforabusers2.xyz
- domain: fastroute633.duckdns.org
- domain: ext1proc.usurylocomotive.in.net
- domain: lilicleaningservicellc.com
- domain: lilintaatelier.com
- domain: ext2core.usurylocomotive.in.net
- domain: ext3ghost.usurylocomotive.in.net
- domain: ext4view.usurylocomotive.in.net
- domain: cl1proc.diversityvent.in.net
- domain: limasan.web.id
- domain: cl2point.diversityvent.in.net
- domain: limogeswindows.com
- domain: cl3view.diversityvent.in.net
- domain: limousinecasablanca.sovoycars.com
- domain: cl4path.diversityvent.in.net
- domain: dev1proc.patronageshelk.in.net
- domain: dev2outer.patronageshelk.in.net
- domain: dev3field.patronageshelk.in.net
ThreatFox IOCs for 2026-03-26
0
MediumPublished: Thu Mar 26 2026 (03/26/2026, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2026-03-26
AI-Powered Analysis
Machine-generated threat intelligence
AILast updated: 03/27/2026, 00:15:36 UTC
Technical Analysis
This entry from the ThreatFox MISP feed dated March 26, 2026, provides Indicators of Compromise (IOCs) related to malware activities, specifically categorized under OSINT (Open Source Intelligence), network activity, and payload delivery. The data does not specify any affected software versions or products, indicating it is a general intelligence update rather than a vulnerability or exploit targeting a particular system. The absence of patches and known exploits in the wild suggests that this is an informational feed designed to enhance situational awareness for cybersecurity teams. The threat level is low to medium, with a threatLevel score of 2 and analysis score of 1, while distribution is rated 3, implying moderate dissemination of these IOCs. The lack of detailed technical indicators or payload specifics limits the ability to assess precise attack vectors or methodologies. This feed is intended to support threat hunting, network monitoring, and incident response by providing timely intelligence on emerging or ongoing malware-related activities. It is a proactive measure to help organizations detect potential malicious network behaviors and payload deliveries before they escalate into active compromises.
Potential Impact
The potential impact of this threat intelligence feed is primarily in enhancing detection capabilities rather than indicating an immediate risk of compromise. Organizations worldwide can leverage these IOCs to improve their network monitoring and threat hunting processes, potentially identifying malicious activities earlier. Since there are no known exploits or affected products, the direct risk to confidentiality, integrity, or availability is low at this time. However, failure to incorporate such intelligence could delay detection of emerging threats, increasing the risk of successful payload delivery and subsequent malware infections. The impact is thus indirect but important for maintaining a proactive security posture. Organizations that do not utilize threat intelligence feeds may face higher risks from undetected malware activities. The medium severity reflects the value of this intelligence in preventing future incidents rather than responding to an active exploit.
Mitigation Recommendations
To effectively utilize this threat intelligence, organizations should integrate the ThreatFox IOCs into their existing security information and event management (SIEM) systems and intrusion detection/prevention systems (IDS/IPS). Regularly updating threat intelligence feeds and correlating IOC data with network logs can enhance early detection of suspicious network activities and payload delivery attempts. Security teams should conduct proactive threat hunting exercises using these indicators to identify potential compromises. Additionally, maintaining robust endpoint protection, network segmentation, and strict access controls will reduce the risk of malware propagation if payload delivery attempts are detected. Organizations should also ensure that their incident response plans incorporate procedures for analyzing and acting upon OSINT-derived threat intelligence. Training security analysts to interpret and operationalize such intelligence is critical. Since no patches are available, emphasis should be on detection and response capabilities rather than remediation of vulnerabilities.
Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- b5f3b77d-da0c-46b2-a086-10289e6d87e5
- Original Timestamp
- 1774569786
Indicators of Compromise
File
| Value | Description | Copy |
|---|---|---|
file104.131.55.144 | Aisuru botnet C2 server (confidence level: 100%) | |
file138.197.75.250 | Aisuru botnet C2 server (confidence level: 100%) | |
file159.65.32.78 | Aisuru botnet C2 server (confidence level: 100%) | |
file159.203.46.99 | Aisuru botnet C2 server (confidence level: 100%) | |
file143.110.214.167 | Aisuru botnet C2 server (confidence level: 100%) | |
file143.110.212.191 | Aisuru botnet C2 server (confidence level: 100%) | |
file143.198.35.193 | Aisuru botnet C2 server (confidence level: 100%) | |
file159.203.40.220 | Aisuru botnet C2 server (confidence level: 100%) | |
file178.128.226.244 | Aisuru botnet C2 server (confidence level: 100%) | |
file143.198.35.11 | Aisuru botnet C2 server (confidence level: 100%) | |
file143.110.223.39 | Aisuru botnet C2 server (confidence level: 100%) | |
file138.197.173.171 | Aisuru botnet C2 server (confidence level: 100%) | |
file142.93.144.53 | Aisuru botnet C2 server (confidence level: 100%) | |
file165.227.33.175 | Aisuru botnet C2 server (confidence level: 100%) | |
file138.197.144.85 | Aisuru botnet C2 server (confidence level: 100%) | |
file137.184.161.78 | Aisuru botnet C2 server (confidence level: 100%) | |
file138.197.163.118 | Aisuru botnet C2 server (confidence level: 100%) | |
file165.22.228.153 | Aisuru botnet C2 server (confidence level: 100%) | |
file159.203.43.206 | Aisuru botnet C2 server (confidence level: 100%) | |
file167.99.181.174 | Aisuru botnet C2 server (confidence level: 100%) | |
file178.128.234.250 | Aisuru botnet C2 server (confidence level: 100%) | |
file142.93.150.151 | Aisuru botnet C2 server (confidence level: 100%) | |
file159.203.39.31 | Aisuru botnet C2 server (confidence level: 100%) | |
file159.203.39.31 | Aisuru botnet C2 server (confidence level: 100%) | |
file139.180.159.16 | Aisuru botnet C2 server (confidence level: 100%) | |
file66.42.50.172 | Aisuru botnet C2 server (confidence level: 100%) | |
file64.176.81.172 | Aisuru botnet C2 server (confidence level: 100%) | |
file207.148.76.131 | Aisuru botnet C2 server (confidence level: 100%) | |
file45.77.242.24 | Aisuru botnet C2 server (confidence level: 100%) | |
file173.44.62.141 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file147.45.179.14 | Remcos botnet C2 server (confidence level: 100%) | |
file160.187.210.154 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file78.84.234.11 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file161.248.239.247 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.153.34.14 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file203.109.70.19 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file137.220.219.244 | Hook botnet C2 server (confidence level: 100%) | |
file62.171.131.243 | Empire Downloader botnet C2 server (confidence level: 100%) | |
file185.27.134.221 | XpertRAT payload delivery server (confidence level: 50%) | |
file14.103.160.117 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file192.144.32.54 | Remcos botnet C2 server (confidence level: 100%) | |
file107.175.246.25 | Remcos botnet C2 server (confidence level: 100%) | |
file191.107.90.235 | Remcos botnet C2 server (confidence level: 100%) | |
file178.16.54.208 | Remcos botnet C2 server (confidence level: 100%) | |
file222.190.151.53 | Unknown malware botnet C2 server (confidence level: 100%) | |
file160.187.210.154 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file81.85.73.104 | Unknown malware botnet C2 server (confidence level: 100%) | |
file143.14.44.58 | Unknown RAT botnet C2 server (confidence level: 100%) | |
file47.92.109.107 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file151.243.109.36 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file151.243.109.36 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file151.243.109.36 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file149.28.158.118 | Aisuru botnet C2 server (confidence level: 100%) | |
file45.39.255.14 | Unknown malware botnet C2 server (confidence level: 75%) | |
file130.12.180.119 | Tofsee botnet C2 server (confidence level: 75%) | |
file130.12.182.175 | Tofsee botnet C2 server (confidence level: 75%) | |
file176.65.148.55 | Tofsee botnet C2 server (confidence level: 75%) | |
file31.57.216.27 | Tofsee botnet C2 server (confidence level: 75%) | |
file31.57.216.28 | Tofsee botnet C2 server (confidence level: 75%) | |
file46.151.182.19 | Tofsee botnet C2 server (confidence level: 75%) | |
file46.151.182.245 | Tofsee botnet C2 server (confidence level: 75%) | |
file81.90.29.241 | ACR Stealer botnet C2 server (confidence level: 75%) | |
file156.234.74.238 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.234.162.241 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.74.48.74 | Remcos botnet C2 server (confidence level: 100%) | |
file168.93.224.183 | Unknown malware botnet C2 server (confidence level: 100%) | |
file87.120.107.33 | SectopRAT botnet C2 server (confidence level: 100%) | |
file158.94.209.224 | SectopRAT botnet C2 server (confidence level: 100%) | |
file102.98.114.155 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file72.61.102.71 | Chaos botnet C2 server (confidence level: 100%) | |
file103.177.47.89 | Meterpreter botnet C2 server (confidence level: 100%) | |
file94.26.106.197 | Mirai botnet C2 server (confidence level: 80%) | |
file94.154.32.198 | Unknown RAT botnet C2 server (confidence level: 75%) | |
file94.154.32.198 | Unknown RAT botnet C2 server (confidence level: 75%) | |
file194.110.172.159 | XWorm botnet C2 server (confidence level: 75%) | |
file54.251.50.97 | ValleyRAT botnet C2 server (confidence level: 75%) | |
file45.32.119.26 | Aisuru botnet C2 server (confidence level: 100%) | |
file83.217.208.93 | Unknown malware botnet C2 server (confidence level: 75%) | |
file83.217.208.72 | Unknown malware botnet C2 server (confidence level: 75%) | |
file212.34.128.99 | ACR Stealer botnet C2 server (confidence level: 75%) | |
file45.141.26.201 | XWorm botnet C2 server (confidence level: 75%) | |
file45.83.207.90 | XWorm botnet C2 server (confidence level: 75%) | |
file46.224.162.148 | Vidar botnet C2 server (confidence level: 100%) | |
file204.168.190.65 | Vidar botnet C2 server (confidence level: 100%) | |
file31.57.201.151 | Vidar botnet C2 server (confidence level: 100%) | |
file46.224.169.62 | Vidar botnet C2 server (confidence level: 100%) | |
file158.94.209.95 | GCleaner botnet C2 server (confidence level: 100%) | |
file103.83.86.16 | Remcos botnet C2 server (confidence level: 100%) | |
file103.83.86.16 | Remcos botnet C2 server (confidence level: 100%) | |
file144.172.105.56 | Mirai botnet C2 server (confidence level: 80%) | |
file34.175.4.25 | Sliver botnet C2 server (confidence level: 100%) | |
file146.70.100.96 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file20.251.153.103 | Unknown malware botnet C2 server (confidence level: 100%) | |
file178.128.125.237 | Havoc botnet C2 server (confidence level: 100%) | |
file98.92.48.13 | Havoc botnet C2 server (confidence level: 100%) | |
file171.233.25.200 | Venom RAT botnet C2 server (confidence level: 100%) | |
file169.40.135.97 | Venom RAT botnet C2 server (confidence level: 100%) | |
file85.121.148.139 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file168.245.203.118 | Meterpreter botnet C2 server (confidence level: 100%) | |
file178.104.97.98 | Meterpreter botnet C2 server (confidence level: 100%) | |
file149.28.158.184 | Aisuru botnet C2 server (confidence level: 100%) | |
file45.32.150.251 | GlassWorm botnet C2 server (confidence level: 100%) | |
file207.148.79.102 | Aisuru botnet C2 server (confidence level: 100%) | |
file207.148.70.225 | Aisuru botnet C2 server (confidence level: 100%) | |
file149.28.136.177 | Aisuru botnet C2 server (confidence level: 100%) | |
file45.32.99.68 | Aisuru botnet C2 server (confidence level: 100%) | |
file149.28.141.101 | Aisuru botnet C2 server (confidence level: 100%) | |
file45.32.99.68 | Aisuru botnet C2 server (confidence level: 100%) | |
file207.148.70.225 | Aisuru botnet C2 server (confidence level: 100%) | |
file149.28.136.177 | Aisuru botnet C2 server (confidence level: 100%) | |
file193.222.99.231 | NodeRAT payload delivery server (confidence level: 100%) | |
file185.112.59.64 | NodeRAT botnet C2 server (confidence level: 100%) | |
file144.31.158.33 | NodeRAT botnet C2 server (confidence level: 75%) | |
file212.162.148.16 | XWorm botnet C2 server (confidence level: 100%) | |
file185.122.187.55 | NodeRAT payload delivery server (confidence level: 75%) | |
file91.219.238.140 | Venom RAT botnet C2 server (confidence level: 100%) | |
file156.234.226.34 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file120.48.25.153 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.205.200.50 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file172.111.233.91 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file81.91.176.224 | SectopRAT botnet C2 server (confidence level: 100%) | |
file198.23.196.205 | Unknown malware botnet C2 server (confidence level: 100%) | |
file157.230.225.35 | Havoc botnet C2 server (confidence level: 100%) | |
file171.233.25.200 | Venom RAT botnet C2 server (confidence level: 100%) | |
file194.58.47.89 | Bashlite botnet C2 server (confidence level: 100%) | |
file91.92.128.89 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file18.171.150.28 | Meterpreter botnet C2 server (confidence level: 100%) | |
file202.95.14.133 | Quasar RAT botnet C2 server (confidence level: 75%) | |
file157.245.48.127 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file83.217.209.98 | XWorm botnet C2 server (confidence level: 100%) | |
file8.138.225.145 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file216.224.116.143 | Remcos botnet C2 server (confidence level: 100%) | |
file85.192.27.126 | Sliver botnet C2 server (confidence level: 100%) | |
file8.216.26.169 | Unknown malware botnet C2 server (confidence level: 100%) | |
file51.77.66.14 | Hook botnet C2 server (confidence level: 100%) | |
file80.253.251.143 | Chaos botnet C2 server (confidence level: 100%) | |
file36.138.203.171 | MimiKatz botnet C2 server (confidence level: 100%) | |
file143.198.52.66 | NjRAT botnet C2 server (confidence level: 100%) | |
file91.92.240.127 | XWorm botnet C2 server (confidence level: 75%) | |
file91.92.242.249 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file47.119.122.113 | Cobalt Strike botnet C2 server (confidence level: 75%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash9035 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8443 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash5555 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hashb2204e8635b84670d8f18932db005dece6c5846e5cb012cf40888727bbe678c8 | Cobalt Strike payload (confidence level: 50%) | |
hash737a630bff6234403fe00d74991338a2f730632766cd29477f0d4ad763c22efd | Cobalt Strike payload (confidence level: 50%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8080 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash32895 | Remcos botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash9999 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Hook botnet C2 server (confidence level: 100%) | |
hash1337 | Empire Downloader botnet C2 server (confidence level: 100%) | |
hash443 | XpertRAT payload delivery server (confidence level: 50%) | |
hash60061 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash5060 | Remcos botnet C2 server (confidence level: 100%) | |
hash80 | Remcos botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash18954 | Unknown RAT botnet C2 server (confidence level: 100%) | |
hash32251 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash6606 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash7707 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash8808 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash10213 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash427 | Tofsee botnet C2 server (confidence level: 75%) | |
hash427 | Tofsee botnet C2 server (confidence level: 75%) | |
hash427 | Tofsee botnet C2 server (confidence level: 75%) | |
hash427 | Tofsee botnet C2 server (confidence level: 75%) | |
hash427 | Tofsee botnet C2 server (confidence level: 75%) | |
hash427 | Tofsee botnet C2 server (confidence level: 75%) | |
hash427 | Tofsee botnet C2 server (confidence level: 75%) | |
hash443 | ACR Stealer botnet C2 server (confidence level: 75%) | |
hash48463 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash48463 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Remcos botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8443 | Chaos botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash1999 | Mirai botnet C2 server (confidence level: 80%) | |
hash8040 | Unknown RAT botnet C2 server (confidence level: 75%) | |
hash8041 | Unknown RAT botnet C2 server (confidence level: 75%) | |
hash1995 | XWorm botnet C2 server (confidence level: 75%) | |
hash7070 | ValleyRAT botnet C2 server (confidence level: 75%) | |
hash8443 | Aisuru botnet C2 server (confidence level: 100%) | |
hash5021 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash6062 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash443 | ACR Stealer botnet C2 server (confidence level: 75%) | |
hash7004 | XWorm botnet C2 server (confidence level: 75%) | |
hash7000 | XWorm botnet C2 server (confidence level: 75%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash80 | GCleaner botnet C2 server (confidence level: 100%) | |
hash50030 | Remcos botnet C2 server (confidence level: 100%) | |
hash50033 | Remcos botnet C2 server (confidence level: 100%) | |
hash1420 | Mirai botnet C2 server (confidence level: 80%) | |
hash8443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash80 | Havoc botnet C2 server (confidence level: 100%) | |
hash9999 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash7777 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash4444 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash4444 | Meterpreter botnet C2 server (confidence level: 100%) | |
hashda55783ca9c4098e5ea47e33507bd38ae9851b6617b574d1fa294a6205cb143e | Cobalt Strike payload (confidence level: 50%) | |
hasha78b29252a7954b588392b952b970da7ddb760cec7320ac4e8a50f79a8cf8f9b | Cobalt Strike payload (confidence level: 50%) | |
hash978a54a42629e0d19ef41bd5db7e560d618e1fdcc8e77c14694642840dfad8a2 | Cobalt Strike payload (confidence level: 50%) | |
hash8443 | Aisuru botnet C2 server (confidence level: 100%) | |
hash4787 | GlassWorm botnet C2 server (confidence level: 100%) | |
hash9034 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8443 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8443 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash34567 | Aisuru botnet C2 server (confidence level: 100%) | |
hash9034 | Aisuru botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 100%) | |
hash80 | NodeRAT payload delivery server (confidence level: 100%) | |
hash8443 | NodeRAT botnet C2 server (confidence level: 100%) | |
hash443 | NodeRAT botnet C2 server (confidence level: 75%) | |
hash84802194859b530dcb8e374b7970912f6a27ff5e97f2bec509e59b2dffcc6146 | NodeRAT payload (confidence level: 100%) | |
hash4040 | XWorm botnet C2 server (confidence level: 100%) | |
hash80 | NodeRAT payload delivery server (confidence level: 75%) | |
hash7000 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash8f0cc4291878220e680bf0b6891f70ede20f49e5d5164d1db0765da71c658ae3 | Venom RAT payload (confidence level: 100%) | |
hash54123 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9200 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash5000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Havoc botnet C2 server (confidence level: 100%) | |
hash5000 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash1337 | Bashlite botnet C2 server (confidence level: 100%) | |
hash6001 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash5986 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash8899 | Quasar RAT botnet C2 server (confidence level: 75%) | |
hash443 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash1111 | XWorm botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash28396 | Remcos botnet C2 server (confidence level: 100%) | |
hash8080 | Sliver botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8082 | Hook botnet C2 server (confidence level: 100%) | |
hash8080 | Chaos botnet C2 server (confidence level: 100%) | |
hash8000 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash1177 | NjRAT botnet C2 server (confidence level: 100%) | |
hash6000 | XWorm botnet C2 server (confidence level: 75%) | |
hash7377 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainevents.wealth-london.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainbulletproofdomai2n.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainmoondev.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domainces.yeyr.lol | Hook botnet C2 domain (confidence level: 100%) | |
domaintriage-test.evilpony.win | Havoc botnet C2 domain (confidence level: 100%) | |
domainsvc4static.blueoak.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainext1meta.darkbay.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainext2proc.darkbay.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainext3gate.darkbay.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainext4sync.darkbay.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaincl1store.greenpit.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaincl2remote.greenpit.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaincl3dev.greenpit.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaincl4link.greenpit.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaindev1proc.northoak.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaindev2power.northoak.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaindev3local.northoak.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaindev4work.northoak.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsvc1infra.westpit.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsvc2base.westpit.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsvc3user.westpit.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsvc4link.westpit.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainext1proc.deepoak.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainext2core.deepoak.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainext3ghost.deepoak.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainext4view.deepoak.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaincl1proc.sunnode.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaincl2point.sunnode.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaincl3view.sunnode.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaincl4path.sunnode.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaindev1proc.oakcore.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaindev2outer.oakcore.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainmever.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainbj88games.global | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainborntolease.com | XpertRAT botnet C2 domain (confidence level: 50%) | |
domaindev3field.oakcore.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaindev4space.oakcore.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsvc1proc.redbyte.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsvc2steel.redbyte.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsvc3core.redbyte.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsvc4sat.redbyte.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainext1infra.blugrid.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainext2proxy.blugrid.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainext3data.blugrid.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainext4point.blugrid.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainflamemarket.blueoak.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainw8nzz58.blueoak.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainneuron-graph.darkbay.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainpubserv.darkbay.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainvaul5-vault.greenpit.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domain58edm.greenpit.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaintritideor3.northoak.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainquorcresta.northoak.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaintrans5-ring.westpit.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainic3-frame.westpit.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainrailvalidator.deepoak.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaincav33-phase.deepoak.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaincrypt0-vector.sunnode.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainstorapowe.sunnode.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainrain-wave.oakcore.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaind34l5-well.oakcore.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainxun7.redbyte.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainred.redirectme.net | Revenge RAT botnet C2 domain (confidence level: 100%) | |
domainwoonort.redbyte.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domain5par-stream.blugrid.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaindirectdrive.blugrid.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domain0rrpdvc.blueoak.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainfreightvalley.darkbay.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsuddencul.greenpit.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainakl1.northoak.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainnewlinkforconnect.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domain18.tcp.cpolar.top | XWorm botnet C2 domain (confidence level: 100%) | |
domainvdyrne1g.westpit.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainvelg.deepoak.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsercresta3.sunnode.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainfxassistant.4nmn.com | Remcos botnet C2 domain (confidence level: 75%) | |
domainzen-fluxex.oakcore.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainl0ad-mark.redbyte.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaintr1g-cache.blugrid.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainairplanemove.info | Unknown Loader botnet C2 domain (confidence level: 100%) | |
domainwingevent.info | Unknown Loader botnet C2 domain (confidence level: 100%) | |
domainpixe-forge.thorncoil.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaincree-crest.thorncoil.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaind3fen-line.thorncoil.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domain4mp-loop.thorncoil.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainvaultdispatch.thorncoil.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainhcsrx.driftmuse.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainmerlithar9.driftmuse.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainu900wa.driftmuse.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaincachesensor.driftmuse.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainkkji.driftmuse.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainconvoymassive.skyl0dge.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaindepdea.amber-drift.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainnarr9-vector.aurorift.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainampsyst.brisklume.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainisf.syslicense.net | Vidar botnet C2 domain (confidence level: 100%) | |
domainisf.ssffaa4.xyz | Vidar botnet C2 domain (confidence level: 100%) | |
domainglacier3-signal.cinderpeak.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainpten.cl0udmere.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaindaemon6-logic.crestfall.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainc0rte8-flow.dawnspire.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainnfqbq5.f0xharbor.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainlooseoak.fablegrove.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domain4jv9.gl1mmeroak.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainclie-zone.n1ghtridge.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domains75g160.stonemuse.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainbuildwar.thornbyte.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainpeta-cre.tires8f.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainmermarkal5.velorune.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsmaton.z7hire.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaincrystal-bridge.amber-drift.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainmer-spireis.amber-drift.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainlecture.kotoha.or.jp | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainquanpuls.aurorift.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaink4tpzok.uk.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainerinagastro.ch | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainsportsimportance.in.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainjournal-world.za.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainmagento.cn.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaintcp4.tunnel4.com | XWorm botnet C2 domain (confidence level: 100%) | |
domain0sta343.aurorift.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainscantermin.brisklume.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainrunw-maj.brisklume.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainrnolecu0-drive.cinderpeak.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domain27tjfer7.cinderpeak.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainproxyspe.cl0udmere.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaintricorear4.cl0udmere.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainplain-ivo.crestfall.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainzen-valeet.crestfall.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainmeta-5udde.dawnspire.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainultra-5un.dawnspire.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainultrbird.f0xharbor.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsolidmount.f0xharbor.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainxr71purq.fablegrove.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainmove-friendly-international-observed.trycloudflare.com | Cobalt Strike payload delivery domain (confidence level: 50%) | |
domainstocforg.fablegrove.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainshelldecode.gl1mmeroak.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainorchestheo.gl1mmeroak.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainvel-tideal.n1ghtridge.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainp0lar-mark.n1ghtridge.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainirgss.stonemuse.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaincedargri.stonemuse.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainfj0r-stream.thornbyte.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainfuddj2yd.thornbyte.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsign-live.tires8f.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domain6u0py.tires8f.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsket-stack.velorune.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaintorship.velorune.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainr1ch-node.z7hire.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainvelcrest4is.z7hire.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaineastretainer.ra8gera.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domain5hff.ra8gera.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaintal-markal.ra8gera.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainlxc.syslicense.net | Vidar botnet C2 domain (confidence level: 100%) | |
domainlxc.ssffaa4.xyz | Vidar botnet C2 domain (confidence level: 100%) | |
domainpr1.skfilmsint.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainpr2.skfilmsint.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainnimb3-reach.ra8gera.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainplas2-graph.ra8gera.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaingralino.top | SmartApeSG payload delivery domain (confidence level: 100%) | |
domaintricrest7ar.x7lora.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainunload6-gate.x7lora.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainbridgecampa.x7lora.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainroyalgla.x7lora.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainmnsm.us.com | NodeRAT payload delivery domain (confidence level: 100%) | |
domainappistartes.com | NodeRAT botnet C2 domain (confidence level: 100%) | |
domainsolidactivate.com | NodeRAT botnet C2 domain (confidence level: 75%) | |
domainotter-aut.x7lora.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainffzt1.fabledock.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainewdgyl.fabledock.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsdjteamsmd.casa | Unknown malware payload delivery domain (confidence level: 100%) | |
domain5sxuqx.fabledock.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainprofuture.sa.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domain2025bj.it.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainhunewsbaytara4.ru.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainj880.shop | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainu8886.shop | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainukrtelecom.in.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainkernmetri.fabledock.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaincyrexmods.st | Unknown malware payload delivery domain (confidence level: 100%) | |
domaincyrexmods.icu | Unknown malware payload delivery domain (confidence level: 100%) | |
domainaetherixcore.cc | Unknown malware payload delivery domain (confidence level: 100%) | |
domainrendfie.fabledock.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domain55wmwoni.bramblepath.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainvexnali.com | SmartApeSG payload delivery domain (confidence level: 100%) | |
domaininkchec.bramblepath.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainfreegaten.com | NodeRAT payload delivery domain (confidence level: 75%) | |
domainfreegaten.info | NodeRAT payload delivery domain (confidence level: 75%) | |
domainsolidclouaps.com | NodeRAT payload delivery domain (confidence level: 75%) | |
domainsendertokencf.com | NodeRAT payload delivery domain (confidence level: 75%) | |
domainsendtokenscf.com | NodeRAT payload delivery domain (confidence level: 75%) | |
domainselerscope.com | NodeRAT payload delivery domain (confidence level: 75%) | |
domaininversivaldcf.com | NodeRAT payload delivery domain (confidence level: 75%) | |
domainvrfideyoidnty.com | NodeRAT payload delivery domain (confidence level: 75%) | |
domaincfintegrity.com | NodeRAT payload delivery domain (confidence level: 75%) | |
domainmertide3on.bramblepath.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainv3ct4-loop.bramblepath.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainriver-fle.bramblepath.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domain0islm.foxglade.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainekdt78.foxglade.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainuppxbwm.foxglade.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainop3n-bridge.foxglade.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domain5p4r2-forge.foxglade.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaindemandnod.cl0verbyte.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainfjordhard.cl0verbyte.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainwhreceiverrrrrrrrr.ru | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainremotev2.whreceiverrrrrrrrr.ru | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaintar973lz.cl0verbyte.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaingeo-4mp.cl0verbyte.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaingu4r2-field.cl0verbyte.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsvc1sync.frozenleafnetwork.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsvc2data.frozenleafnetwork.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsvc3edge.frozenleafnetwork.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainlesmaillesdutemps.be | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainsvc4static.frozenleafnetwork.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainext1meta.goldenridgesystem.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainext2proc.goldenridgesystem.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainext3gate.goldenridgesystem.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainletaur1.ru | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainext4sync.goldenridgesystem.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainletrerosbiobio.cl | StrelaStealer payload delivery domain (confidence level: 100%) | |
domaincl1store.silverstreambuffer.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaincl2remote.silverstreambuffer.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaincl3dev.silverstreambuffer.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaincl4link.silverstreambuffer.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainwhizz.us.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainmaestroload.it.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainrmkyde.za.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainuiptoq.sa.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainok8386.marketing | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainok8386.gb.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainthedailylove.gb.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainrummymars.in.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainbenfoster.it.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainredcubeclient.in.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainrkvfg.za.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainfbf.uk.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainmcjw.cn.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainklinker-stone.sa.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainfarzan.co.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainzowin88.it.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainzowinj.uk.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaindev1proc.blackpeakstorage.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainbuilding-blocks.uk.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainxn--eckybaxbw6bypoc.jpn.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainrescuereliefcica.eu.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainmoviehub.in.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainnui.uk.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainreprint-stories.sa.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainamelialondon.uk.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainplissachlab.in.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainhki.uk.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainpdat.sa.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainpbxvvz.sa.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainglobosnwiy.ru.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaingue.us.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaintwp.in.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainhawaii.jp.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainwww.mydevportfolio.in.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainaga.br.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainmargas.sa.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainpun.syslicense.net | Vidar botnet C2 domain (confidence level: 100%) | |
domainpun.ssffaa4.xyz | Vidar botnet C2 domain (confidence level: 100%) | |
domainwuu.zoomqwer.com | ValleyRAT botnet C2 domain (confidence level: 100%) | |
domaindev2power.blackpeakstorage.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaindev3local.blackpeakstorage.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaindev4work.blackpeakstorage.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsvc1infra.whitetideinterface.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsvc2base.whitetideinterface.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsvc3user.whitetideinterface.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsvc4link.whitetideinterface.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainext1proc.coldstonemetrics.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainext2core.coldstonemetrics.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaincooempresasltda104.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainext3ghost.coldstonemetrics.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainext4view.coldstonemetrics.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaincl1proc.wildbranchcluster.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaincl2point.wildbranchcluster.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaincl3view.wildbranchcluster.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaincl4path.wildbranchcluster.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaindev1proc.ironrootprocessor.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaindev2outer.ironrootprocessor.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaindev3field.ironrootprocessor.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainlibrary.germanyphilatelicsocietyusa.org | StrelaStealer payload delivery domain (confidence level: 100%) | |
domaindev4space.ironrootprocessor.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsvc1proc.darkcloudgateway.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainwww.rw5c0wt9.shop | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainwww.pxtlh9o3.shop | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainwww.u2jlxcn8.shop | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainwww.l3foqnjx.shop | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainsvc2steel.darkcloudgateway.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainlibrary.scriptclips.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainsvc3core.darkcloudgateway.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsvc4sat.darkcloudgateway.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainext1infra.bluepointterminal.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainext2proxy.bluepointterminal.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainlichtermanlaw.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainext3data.bluepointterminal.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainext4point.bluepointterminal.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsvc1sync.donkeyemploy.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsvc2data.donkeyemploy.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsvc3edge.donkeyemploy.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsvc4static.donkeyemploy.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainext1meta.angularsilic.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainext2proc.angularsilic.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainlifegoesonblog.nl | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainlifeisanexcursion.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domaincl1store.cruciferdiesel.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaincl2remote.cruciferdiesel.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainlifeonadot.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domaincl3dev.cruciferdiesel.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainlifestylemenu.net | StrelaStealer payload delivery domain (confidence level: 100%) | |
domaincl4link.cruciferdiesel.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaindev1proc.investonerous.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaindev2power.investonerous.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaindev3local.investonerous.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaindev4work.investonerous.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainlighthouse.sellquicksellnow.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainsvc1infra.secretgeneral.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsvc2base.secretgeneral.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsvc3user.secretgeneral.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsvc4link.secretgeneral.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainremcoctubre2024.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainbuike0147.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainsub.noforabusers2.xyz | Remcos botnet C2 domain (confidence level: 100%) | |
domainfastroute633.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainext1proc.usurylocomotive.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainlilicleaningservicellc.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainlilintaatelier.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domainext2core.usurylocomotive.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainext3ghost.usurylocomotive.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainext4view.usurylocomotive.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaincl1proc.diversityvent.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainlimasan.web.id | StrelaStealer payload delivery domain (confidence level: 100%) | |
domaincl2point.diversityvent.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainlimogeswindows.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domaincl3view.diversityvent.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainlimousinecasablanca.sovoycars.com | StrelaStealer payload delivery domain (confidence level: 100%) | |
domaincl4path.diversityvent.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaindev1proc.patronageshelk.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaindev2outer.patronageshelk.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaindev3field.patronageshelk.in.net | ClearFake payload delivery domain (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://urotypos.com/dd/tmp | SmartApeSG payload delivery URL (confidence level: 100%) | |
urlhttps://se.tsukivpn.ru:443/ | Cobalt Strike botnet C2 (confidence level: 50%) | |
urlhttps://chinasite.com.br/msi_180922.png | XpertRAT payload delivery URL (confidence level: 75%) | |
urlhttps://tiger.kesug.com/img_053646.png | XpertRAT payload delivery URL (confidence level: 75%) | |
urlhttps://159.89.20.198 | Vidar botnet C2 (confidence level: 75%) | |
urlhttps://46.224.162.148/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://204.168.190.65/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://31.57.201.151/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://isf.syslicense.net/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://isf.ssffaa4.xyz/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://45.131.214.189 | Stealc botnet C2 (confidence level: 75%) | |
urlhttps://116.202.22.103 | Vidar botnet C2 (confidence level: 75%) | |
urlhttps://steamcommunity.com/profiles/76561198724155486 | Vidar botnet C2 (confidence level: 75%) | |
urlhttps://telegram.me/v2ts23m | Vidar botnet C2 (confidence level: 75%) | |
urlhttp://45.32.150.251/nijjiverqdmwmcuyrwx4hq%3d%3d | GlassWorm payload delivery URL (confidence level: 100%) | |
urlhttp://45.32.150.251/r9zc5gmlym%2fhy1hwn6obyg%3d%3d | GlassWorm payload delivery URL (confidence level: 100%) | |
urlhttp://45.32.150.251/g/r9zc5gmlym%2fhy1hwn6obyg%3d%3d | GlassWorm payload delivery URL (confidence level: 100%) | |
urlhttp://217.69.3.51/nijjiverqdmwmcuyrwx4hq%3d%3d | GlassWorm payload delivery URL (confidence level: 100%) | |
urlhttp://217.69.3.51/r9zc5gmlym%2fhy1hwn6obyg%3d%3d | GlassWorm payload delivery URL (confidence level: 100%) | |
urlhttp://208.85.20.124/p2p | GlassWorm botnet C2 (confidence level: 100%) | |
urlhttps://flasrta.cyou | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://lxc.syslicense.net/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://lxc.ssffaa4.xyz/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://pr1.skfilmsint.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://pr2.skfilmsint.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://gralino.top/realm/throttle-template.php | SmartApeSG payload delivery URL (confidence level: 100%) | |
urlhttps://gralino.top/realm/role-asset.js | SmartApeSG payload delivery URL (confidence level: 100%) | |
urlhttps://vexnali.com/cc/info | SmartApeSG payload delivery URL (confidence level: 100%) | |
urlhttps://t.me/jdzoddhzu | Vidar botnet C2 (confidence level: 75%) | |
urlhttps://sdjteamsmd.casa/api/css.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://gralino.top/realm/audit-worker.js | SmartApeSG payload delivery URL (confidence level: 100%) | |
urlhttps://vexnali.com/ss/look | SmartApeSG payload delivery URL (confidence level: 100%) | |
urlhttp://47.92.109.107:32251/9jpj | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttps://pun.syslicense.net/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://pun.ssffaa4.xyz/ | Vidar botnet C2 (confidence level: 100%) |
Threat ID: 69c5cbec3c064ed76fe7358e
Added to database: 3/27/2026, 12:14:36 AM
Last enriched: 3/27/2026, 12:15:36 AM
Last updated: 3/27/2026, 5:25:29 AM
Views: 12
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Sort by
Loading community insights…
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
PRO
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Please log in to the Console to use AI analysis features.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Breach by OffSeqOFFSEQFRIENDS — 25% OFF
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
OffSeq TrainingCredly Certified
Lead Pen Test Professional
Technical5-day eLearningPECB Accredited