Reconnecting to live updates…
ThreatFox IOCs for 2026-03-31
Severity: mediumType: malware
ThreatFox IOCs for 2026-03-31
AI Analysis
Technical Summary
This entry from the ThreatFox MISP feed dated March 31, 2026, provides a set of Indicators of Compromise (IOCs) related to malware activities primarily involving OSINT (Open Source Intelligence), payload delivery, and network activity. The data lacks detailed technical specifics such as affected software versions, exploit mechanisms, or payload descriptions. No patches or fixes are available, and there are no known exploits actively used in the wild. The threat level is assessed as medium, reflecting a moderate concern based on the nature of the indicators and their potential use in reconnaissance or initial payload delivery stages. The absence of concrete indicators or affected versions suggests this is a general intelligence update rather than a report on a newly discovered vulnerability or active attack. The classification tags and categories indicate this intelligence is intended to support detection and analysis efforts by security teams, helping them identify suspicious network behaviors or malware payloads. The technical details provided are minimal and do not specify attack vectors or exploitation techniques. Consequently, this intelligence should be integrated into existing security monitoring frameworks to enhance situational awareness and early detection capabilities.
Potential Impact
Given the lack of specific affected software or active exploitation, the direct impact on organizations is limited at this time. However, the presence of IOCs related to payload delivery and network activity suggests potential reconnaissance or preparatory stages of malware campaigns. If leveraged by threat actors, these indicators could facilitate initial compromise, lateral movement, or data exfiltration in targeted environments. Organizations worldwide that rely on OSINT for threat detection or those with insufficient network monitoring might miss early signs of intrusion attempts. The medium severity reflects a moderate risk that, if unaddressed, could lead to more severe consequences in the future. The absence of patches or fixes indicates that mitigation relies heavily on detection and response capabilities rather than vulnerability remediation. Overall, the impact is primarily on the ability to detect and respond to emerging threats rather than immediate compromise or system damage.
Mitigation Recommendations
Organizations should integrate the provided IOCs into their security information and event management (SIEM) systems and endpoint detection and response (EDR) tools to enhance detection of suspicious payload delivery and network activities. Regularly updating threat intelligence feeds and correlating them with internal logs can improve early warning capabilities. Network segmentation and strict egress filtering can limit the impact of potential payload delivery attempts. Employ behavioral analytics to identify anomalous network traffic patterns that may indicate reconnaissance or malware activity. Conduct regular threat hunting exercises using the latest OSINT indicators to proactively identify potential compromises. Since no patches are available, focus on strengthening incident response readiness and user awareness training to recognize phishing or social engineering attempts that could deliver malware payloads. Collaborate with threat intelligence sharing communities to stay informed about evolving indicators and tactics. Finally, ensure robust backup and recovery processes are in place to mitigate potential damage from successful payload execution.
Affected Countries
United States, United Kingdom, Germany, France, Canada, Australia, Japan, South Korea, India, Brazil
Indicators of Compromise
- domain: gatewayraven.skyl1tfern.in.net
- domain: brokerpasture.mistlatch.in.net
- file: 193.37.213.18
- hash: 80
- file: 185.205.211.217
- hash: 443
- domain: underperformize.com
- domain: relacks.wiki
- domain: misgrapeible.wiki
- hash: cf48286e6a82f62af6637738a0736e4bbc3eaf52620aa4493f49a5f731d251d4
- hash: a91e743f20f236e1d052c42cc40ae9383f88151974782ec400915df3063dec4c
- hash: 0da8d4281946ce2ef6765e68e99b00a37af731e73d8cedbf7486a012d0c7be5c
- domain: sgeek.com
- hash: 04a11791a61a8522af2817801860e6f93f487036d936f0287d28fa94b5837c53
- domain: api-endpoint.vectorforge.in.net
- domain: ios163.com
- domain: qn.ios163.com
- domain: qn666.us
- domain: cvv.qn666.us
- hash: 337873c8d609b7be91635bae8875859c7a6b5729ca875f01946d5d681dd70dc3
- hash: 4a7ccc02e95280df9f89dabd6f62eb715163a2318409fbb887fecb16bc4e21c3
- hash: 434592e3ef8b2b8f549afa71d903d8b4ddb0b7f5849ea1280cfee6d980432b14
- hash: 27d8449808d99f3ef1fd3e0d1a66ae4c85f29543bb6bb13a07dba0cc266624eb
- hash: 0026574a5ffe7131bdb6e8940bcf50415e3cf2ad01b84f0613c21516162618b5
- hash: a4a8dfb2c339eb26a1b41ce520fa41b9fc4ab96272ee6604dc304720fd892b98
- hash: bcdb291bbab81be66bbdae3c9a717e28c83e0db6e7125cefa4292b560b88db77
- domain: safe-harbor.nexushaven.in.net
- domain: light-speed.stellarflux.in.net
- domain: concretecapitalconsulting.com
- domain: beam-target.stellarflux.in.net
- domain: carscanner.life
- domain: playmatket.sbs
- domain: tiktok8291id.sbs
- domain: amir9234321id.sbs
- domain: base-theory.axiomforge.in.net
- domain: math-proc.axiomforge.in.net
- domain: stat-portal.axiomforge.in.net
- domain: micro-chip.circuitflux.in.net
- domain: volt-power.circuitflux.in.net
- domain: signal-box.circuitflux.in.net
- domain: wire-sync.circuitflux.in.net
- domain: amp-control.circuitflux.in.net
- domain: bus-bridge.circuitflux.in.net
- domain: north-star.polarisbloom.in.net
- domain: guide-path.polarisbloom.in.net
- url: https://acn.miseguro.com.co/
- domain: top-render.polarisbloom.in.net
- domain: peak-access.polarisbloom.in.net
- domain: cold-store.polarisbloom.in.net
- domain: ice-vault.polarisbloom.in.net
- domain: sun-flare.helioshaven.in.net
- domain: heat-shield.helioshaven.in.net
- domain: solar-api.helioshaven.in.net
- domain: day-light.helioshaven.in.net
- domain: bright-edge.helioshaven.in.net
- domain: warm-cache.helioshaven.in.net
- domain: power-drive.dynaflux.in.net
- domain: thacoseafoods.com
- file: 45.88.186.163
- hash: 16262
- domain: kdxho645fm.localto.net
- domain: q4k7uphvys.localto.net
- domain: kinetic-io.dynaflux.in.net
- domain: torque-svc.dynaflux.in.net
- domain: motor-unit.dynaflux.in.net
- domain: spin-relay.dynaflux.in.net
- domain: fast-trace.dynaflux.in.net
- domain: deep-space.cosmoforge.in.net
- url: https://voge.pe/
- domain: star-field.cosmoforge.in.net
- domain: void-gate.cosmoforge.in.net
- domain: nova-core.cosmoforge.in.net
- file: 104.131.106.42
- hash: 4443
- file: 104.131.106.42
- hash: 3333
- file: 45.61.136.190
- hash: 3333
- file: 64.95.13.174
- hash: 3333
- file: 23.27.49.106
- hash: 3333
- file: 64.52.80.3
- hash: 443
- file: 185.237.230.50
- hash: 443
- domain: dark-matter.cosmoforge.in.net
- domain: orbit-path.cosmoforge.in.net
- domain: reaction-api.catalyticprocess.in.net
- domain: yield-monitor.catalyticprocess.in.net
- domain: solvent-vault.catalyticprocess.in.net
- domain: filter-press.catalyticprocess.in.net
- domain: batch-report.catalyticprocess.in.net
- domain: agent-proxy.catalyticprocess.in.net
- domain: atom-lattice.molecularbonding.in.net
- domain: chain-logic.molecularbonding.in.net
- domain: covalent-hub.molecularbonding.in.net
- domain: ion-channel.molecularbonding.in.net
- domain: stable-node.molecularbonding.in.net
- file: 167.62.27.10
- hash: 2005
- domain: force-field.molecularbonding.in.net
- domain: heat-sensor.isothermalmetric.in.net
- domain: constant-io.isothermalmetric.in.net
- domain: cold-bridge.isothermalmetric.in.net
- domain: temp-archive.isothermalmetric.in.net
- domain: thermal-sync.isothermalmetric.in.net
- domain: range-finder.isothermalmetric.in.net
- domain: resin-store.syntheticpolymer.in.net
- domain: fiber-optic.syntheticpolymer.in.net
- url: http://178.208.87.49/bot/regex
- domain: plastic-dev.syntheticpolymer.in.net
- domain: mold-engine.syntheticpolymer.in.net
- domain: elastic-net.syntheticpolymer.in.net
- domain: blend-master.syntheticpolymer.in.net
- file: 193.161.193.99
- hash: 49831
- domain: fluid-path.viscositycontrol.in.net
- url: http://158.94.210.91/g8hrs4f4vh/index.php
- domain: thick-layer.viscositycontrol.in.net
- domain: flow-regulator.viscositycontrol.in.net
- domain: friction-log.viscositycontrol.in.net
- file: 130.12.182.175
- hash: 418
- file: 46.151.182.19
- hash: 418
- file: 130.12.180.119
- hash: 418
- file: 31.57.216.27
- hash: 418
- file: 46.151.182.245
- hash: 418
- file: 31.57.216.28
- hash: 418
- file: 204.76.203.165
- hash: 418
- file: 85.215.131.70
- hash: 15367
- domain: density-svc.viscositycontrol.in.net
- domain: pump-gate.viscositycontrol.in.net
- domain: brick-layer.refractorymatrix.in.net
- domain: killadaayyuzdshwskrnsvh5owzuwa4yj7gs2vbhkcjpfslrplfgwwqd.onion
- domain: killadaxczzw3wnuaxkygib67lk2qkgnki4gyjqoo76vh53egitoyaqd.onion
- domain: killadax36r6bbb3md67ekcfv5yasdlnoaklyag66ot4tefa32ywgnyd.onion
- domain: killadahaynpqrkppe2m2tgindbruaeiefzr7pm3cp47tzohhhnogwad.onion
- domain: killada7qgdpvzpezjxaa64b47bz47hzbn6oql5aa4lppzzwymnukqqd.onion
- domain: killada5556ahpb4cwmatv5qpzku2qmdlwawshtykpq37cvfva7zjhid.onion
- hash: a8f67ecea56833ef2fcbdbdc941b8354
- hash: cf4840ae85d7acba4974d6dd55893d6c
- hash: 29145cc1b1400b4b60743a21b075bac7
- hash: a1cc7f562c5c09476849070b0fc928d1
- domain: kiln-control.refractorymatrix.in.net
- domain: rmcnewlistening.duckdns.org
- domain: teebro1800.dynamic-dns.net
- domain: 789fff.onl
- domain: alo789xanh.com
- domain: atlantic.za.com
- domain: ceeuxg.sa.com
- domain: dlf.uk.com
- domain: saatva.us.com
- domain: rophimz.net
- file: 199.68.224.204
- hash: 4782
- domain: jvuqdwzk.aamothership.com
- domain: 9vun520l.aamothership.com
- domain: high-heat.refractorymatrix.in.net
- url: http://5.10.217.60
- file: 108.187.43.242
- hash: 996
- file: 108.187.43.242
- hash: 997
- domain: shield-base.refractorymatrix.in.net
- domain: shiptank.cfd
- domain: texturebadge.xyz
- domain: solid-state.refractorymatrix.in.net
- domain: fire-wall.refractorymatrix.in.net
- domain: base-level.alkalineelement.in.net
- domain: ph-monitor.alkalineelement.in.net
- file: 158.94.210.91
- hash: 80
- domain: salt-buffer.alkalineelement.in.net
- domain: l3cdnns.beer
- url: https://l3cdnns.beer/api/css.js
- domain: caustic-api.alkalineelement.in.net
- domain: exdanteam.beer
- url: https://exdanteam.beer/api/css.js
- domain: reactive-hub.alkalineelement.in.net
- domain: machineryde.duckdns.org
- domain: metal-trace.alkalineelement.in.net
- file: 172.96.188.4
- hash: 4000
- file: 103.118.247.52
- hash: 8080
- file: 107.149.123.161
- hash: 80
- domain: losfiros.com
- url: https://losfiros.com
- url: http://151.240.151.158/tta.txt
- file: 39.100.73.50
- hash: 443
- file: 195.177.94.64
- hash: 444
- file: 42.193.169.176
- hash: 443
- file: 101.35.131.119
- hash: 8443
- domain: half-life.isotopecleaner.in.net
- url: http://158.94.210.91/g8hrs4f4vh/login.php
- domain: trace-element.isotopecleaner.in.net
- file: 151.240.151.158
- hash: 80
- domain: vesifolf.com
- domain: decay-check.isotopecleaner.in.net
- url: https://vesifolf.com
- file: 206.82.6.182
- hash: 80
- url: http://167.148.195.30/ffa.txt
- domain: qyttqxsdf.cn
- file: 167.148.195.30
- hash: 80
- file: 43.198.29.200
- hash: 8880
- domain: radiant-log.isotopecleaner.in.net
- domain: alpha-gate.isotopecleaner.in.net
- domain: beam-portal.isotopecleaner.in.net
- domain: deep-freeze.cryogenicbuffer.in.net
- domain: oswork.duckdns.org
- domain: hughraccoon.run
- domain: the7wanderers.sbs
- domain: nitro-vault.cryogenicbuffer.in.net
- domain: jup.ag-rewards.lat
- domain: sahara.lat
- domain: zebec-io.lat
- domain: dapang.sbs
- domain: oneofmillion.life
- domain: zero-point.cryogenicbuffer.in.net
- domain: paradex.life
- domain: zebec-io.network
- domain: superapp.zebec-io.lat
- domain: frost-node.cryogenicbuffer.in.net
- domain: chilled-link.cryogenicbuffer.in.net
- domain: gas-storage.cryogenicbuffer.in.net
- domain: lucialabs.lat
- domain: momochanonsol.lol
- domain: alloy-forge.metallurgiclink.in.net
- domain: secgov.lol
- domain: steel-core.metallurgiclink.in.net
- domain: natocowards.lat
- domain: zebecio.lat
- domain: ugor.world
- domain: smelt-logic.metallurgiclink.in.net
- domain: realbet.lat
- domain: blast-svc.metallurgiclink.in.net
- domain: cast-iron.metallurgiclink.in.net
- domain: cch-travel.com
- url: http://cch-travel.com/verify.msi
- domain: mine-trace.metallurgiclink.in.net
- domain: paui.paleontraglan.in.net
- domain: l4b-mesh.paleontraglan.in.net
- domain: hardexte.paleontraglan.in.net
- url: https://ndigitals.in/vcapcha.ps1
- url: https://ndigitals.in/reportv.php
- url: https://ndigitals.in/verifya.ps1
- domain: dyn-valeal.paleontraglan.in.net
- url: https://ndigitals.in/notepad.b64
- domain: oasitre.paleontraglan.in.net
- domain: vorforgeet.paleontraglan.in.net
- file: 34.116.192.176
- hash: 10001
- domain: decode-frame.chernomofnothes.in.net
- url: https://ndigitals.in/report.php
- domain: basaltextend.chernomofnothes.in.net
- url: https://zebec-io.lat/
- url: https://jup.ag-rewards.lat/
- url: https://sahara.lat/
- url: https://dapang.sbs/
- url: https://the7wanderers.sbs/
- url: https://hughraccoon.run/
- url: https://oneofmillion.life/
- url: https://lucialabs.lat/
- url: https://paradex.life/
- url: https://momochanonsol.lol/
- url: https://realbet.lat/
- url: https://zebec-io.network/
- url: https://natocowards.lat/
- url: https://secgov.lol/
- url: https://zebecio.lat/
- url: https://ugor.world/
- file: 185.100.157.204
- hash: 443
- domain: protectsup.chernomofnothes.in.net
- url: https://ndigitals.in/version.txt
- url: https://ndigitals.in/myupdaterapp-1.4.7.b64
- domain: gr0v-hold.chernomofnothes.in.net
- file: 38.111.162.120
- hash: 445
- domain: taldrais3.chernomofnothes.in.net
- url: https://ndigitals.in/report-proeval.php
- domain: m0on-flow.chernomofnothes.in.net
- file: 178.16.53.54
- hash: 8972
- file: 188.217.191.167
- hash: 4782
- domain: shopcoc.net
- url: https://www.teamserviceeditore.it/
- domain: crawlerstor.radiatebeef.in.net
- url: https://ndigitals.in/protectversion.txt
- file: 194.116.236.247
- hash: 1222
- domain: vn06.radiatebeef.in.net
- url: https://ndigitals.in/folderlister_1.4.11.b64
- domain: 5ucnd.radiatebeef.in.net
- url: https://ndigitals.in/payloadvbs.b64
- domain: verify-invoi.radiatebeef.in.net
- domain: waveque.radiatebeef.in.net
- url: https://zcredit.eu/ge/
- domain: carg-man.radiatebeef.in.net
- url: https://dfopetroleum.com/bins/binas.txt
- domain: d3nse-gate.beltfloor.in.net
- url: https://dfopetroleum.com/bins/rwbhgsqs.msi
- domain: f4br2-scope.beltfloor.in.net
- domain: sterilelan.beltfloor.in.net
- domain: 11szohw.beltfloor.in.net
- domain: cqnvpcp.beltfloor.in.net
- domain: ahus.beltfloor.in.net
- domain: xehramf.batkascript.in.net
- file: 176.65.139.64
- hash: 38241
- domain: summitgeyser.batkascript.in.net
- domain: canyonfresh.batkascript.in.net
- domain: btkrpap.batkascript.in.net
- domain: clusterclinic.batkascript.in.net
- domain: g38198.batkascript.in.net
- domain: alt-h0llow.premiumtos.in.net
- domain: epkzg.premiumtos.in.net
- url: https://age.cargomanbd.com/
- url: https://age.elythia.ru/
- url: https://fog.cargomanbd.com/
- url: https://fog.elythia.ru/
- url: https://95.217.125.52/
- url: https://216.203.20.183/
- url: https://31.57.201.163/
- url: https://151.247.22.246/
- domain: fog.cargomanbd.com
- domain: fog.elythia.ru
- domain: age.cargomanbd.com
- domain: age.elythia.ru
- domain: imagedis.premiumtos.in.net
- url: https://hanzelka-cze.com/
- file: 95.217.125.52
- hash: 443
- file: 216.203.20.183
- hash: 443
- file: 31.57.201.163
- hash: 443
- file: 151.247.22.246
- hash: 443
- domain: pu1s-trail.premiumtos.in.net
- url: https://xartelvu.top/logout/route-sessionstore.php
- domain: xartelvu.top
- url: https://xartelvu.top/logout/signup-sandbox.js
- url: https://nivraxod.com/opo/call
- domain: markpeak.premiumtos.in.net
- url: https://hanzelka-cze.com/downloads/food.txt
- url: https://hanzelka-cze.com/downloads/inform.txt
- url: https://hanzelka-cze.com/downloads/burst.exe
- domain: meta-cu1tur.premiumtos.in.net
- domain: b4nn-mount.manchustill.in.net
- domain: vxfxox7r.manchustill.in.net
- domain: targettest.manchustill.in.net
- domain: veobw.manchustill.in.net
- domain: tokcheck.manchustill.in.net
- domain: zennex8ar.manchustill.in.net
- domain: lumnexum1.prefixwag.in.net
- domain: zenvaleex.prefixwag.in.net
- domain: csbtxwz.prefixwag.in.net
- domain: 4csbzg.prefixwag.in.net
- file: 35.222.188.75
- hash: 80
- file: 35.222.188.75
- hash: 5555
- file: 146.19.213.175
- hash: 5000
- file: 45.134.173.79
- hash: 443
- file: 91.208.197.9
- hash: 3389
- file: 63.33.129.31
- hash: 443
- domain: ledge5-switch.prefixwag.in.net
- domain: py28ionr.prefixwag.in.net
- domain: c0nvoy5-field.codcomparable.in.net
- url: http://158.94.209.253
- domain: sp0o-forge.codcomparable.in.net
- domain: theor-spool.codcomparable.in.net
- url: https://65.108.55.35
- domain: j30k.codcomparable.in.net
- domain: gentle5-crest.codcomparable.in.net
- domain: plantrav.codcomparable.in.net
- domain: longislandpremium.4nmn.com
- domain: converso.it.com
- domain: eoa.uk.com
- domain: udayachal.in.net
- file: 194.156.79.140
- hash: 9019
- domain: scarlet-tra.cuffsorbsky.in.net
- domain: static-img.thenycmeeting.com
- domain: yfjgi.cuffsorbsky.in.net
- file: 94.103.1.28
- hash: 56001
- domain: bundstar.cuffsorbsky.in.net
- domain: st4b1l-span.cuffsorbsky.in.net
- domain: loosesnow.cuffsorbsky.in.net
- domain: rne4d7-zone.cuffsorbsky.in.net
- file: 192.238.180.62
- hash: 5050
- domain: honestsort.paleontraglan.in.net
- domain: voicefjo.paleontraglan.in.net
- domain: kvvfusu.chernomofnothes.in.net
- domain: load-spark.chernomofnothes.in.net
- domain: mer-lithen.radiatebeef.in.net
- domain: lum-markal.radiatebeef.in.net
- domain: value9-mesh.beltfloor.in.net
- domain: partnerrelay.beltfloor.in.net
- domain: xxhq.batkascript.in.net
- file: 89.110.72.206
- hash: 8080
- file: 5.35.36.198
- hash: 8080
- file: 91.84.97.64
- hash: 8080
- file: 212.34.147.16
- hash: 8080
- file: 91.84.99.78
- hash: 8080
- file: 91.84.99.148
- hash: 8080
- file: 91.84.99.190
- hash: 8080
- file: 5.35.38.118
- hash: 8080
- file: 5.35.37.101
- hash: 8080
- file: 5.35.37.76
- hash: 8080
- file: 89.110.114.39
- hash: 8080
- file: 194.164.34.65
- hash: 8080
- file: 89.110.79.21
- hash: 8080
- file: 212.34.147.146
- hash: 8080
- file: 173.212.194.210
- hash: 8000
- file: 173.212.246.200
- hash: 8000
- file: 128.199.19.192
- hash: 8000
- file: 85.217.170.136
- hash: 3000
- file: 103.138.96.157
- hash: 5002
- domain: cata1og-forge.batkascript.in.net
- domain: vaulvoc.premiumtos.in.net
- domain: formalpod.premiumtos.in.net
- domain: qz65lmfc.manchustill.in.net
- domain: vgtp5o.manchustill.in.net
- domain: devsig.prefixwag.in.net
- domain: vale-gra.prefixwag.in.net
- domain: peak-point.vertexbloom.in.net
- domain: deminestryuid.info
- domain: growth-engine.vertexbloom.in.net
- domain: render-farm.vertexbloom.in.net
- domain: spatial-api.vertexbloom.in.net
- domain: top-level.vertexbloom.in.net
- domain: polygon-svc.vertexbloom.in.net
- domain: star-build.novaforge.in.net
- domain: fusion-core.novaforge.in.net
- domain: heavy-metal.novaforge.in.net
- domain: blast-zone.novaforge.in.net
- url: http://8.216.26.169:8888/supershell/login/
- domain: plasma-node.novaforge.in.net
- domain: smelt-logic.novaforge.in.net
- url: https://bemqorli.top/logout/route-sessionstore.php
- domain: bemqorli.top
- url: https://bemqorli.top/logout/signup-sandbox.js
- domain: bright-beam.luminflux.in.net
- domain: wave-length.luminflux.in.net
- file: 12.202.180.133
- hash: 6745
- domain: uejrhnfq.duckdns.org
- domain: optic-hub.luminflux.in.net
- domain: photo-sync.luminflux.in.net
- domain: light-trace.luminflux.in.net
- domain: glow-portal.luminflux.in.net
- domain: plataformadireta.one
- domain: conectividadeprime.site
- domain: path-finder.orbitforge.in.net
- domain: cycle-monitor.orbitforge.in.net
- domain: round-trip.orbitforge.in.net
- file: 194.59.30.128
- hash: 2021
- domain: catoma11.accesscam.org
- domain: y57kdsa.duckdns.org
- domain: vivogrouplink.duckdns.org
- domain: go88.inc
- domain: sagestream.sa.com
- domain: sc88882.com
- domain: xn--3kqw74a81mpni5rau92aqo3c.jpn.com
- url: https://bankopenhours.com/
- file: 147.185.221.31
- hash: 38645
- domain: edward-fwd-vacuum-changelog.trycloudflare.com
- domain: handed-mines-abc-intensity.trycloudflare.com
- domain: rover-earlier-baseline-karen.trycloudflare.com
- domain: represents-causes-conflicts-silver.trycloudflare.com
- domain: qqxylozz-56474.portmap.host
- file: 81.159.116.2
- hash: 7000
- file: 103.215.77.17
- hash: 4499
- domain: spin-control.orbitforge.in.net
- domain: gravity-io.orbitforge.in.net
- domain: launch-pad.orbitforge.in.net
- domain: safe-ship.astrahaven.in.net
- domain: deep-sky.astrahaven.in.net
- domain: cosmic-link.astrahaven.in.net
- domain: void-storage.astrahaven.in.net
- domain: pilot-auth.astrahaven.in.net
- domain: micro-pulse.quantaflux.in.net
- domain: atom-split.quantaflux.in.net
- domain: logic-gate.quantaflux.in.net
- domain: speed-test.quantaflux.in.net
- domain: packet-flow.quantaflux.in.net
- domain: bit-stream.quantaflux.in.net
- domain: brain-scan.neurobloom.in.net
- domain: thought-api.neurobloom.in.net
- file: 193.24.211.242
- hash: 443
- domain: pulse-logic.neurobloom.in.net
- domain: ghost-shell.cyberhaven.in.net
- domain: threat-log.cyberhaven.in.net
- domain: cgfuryclaud.shop
- url: https://cgfuryclaud.shop/api/css.js
- domain: anon-relay.cyberhaven.in.net
- domain: diddyparty.click
- url: https://diddyparty.click/cf.js
- url: https://diddyparty.click/api/index.php
- url: https://diddyparty.click/log.php
- url: https://djasdajnsdnjgjg.com/sdkfgi.js
- url: https://abulrob.com/wp-blog-footer.php?page=
- domain: asiaverses.com
- url: https://asiaverses.com
- url: http://176.65.144.108/i88.txt
- file: 176.65.144.108
- hash: 80
- domain: high-ridge.datacrest.in.net
- domain: archive-top.datacrest.in.net
- domain: zarnoflidfgvv.com
- domain: bulk-export.datacrest.in.net
- domain: iopajkflorta.com
- domain: info-summit.datacrest.in.net
- domain: krylox.club
- url: https://krylox.club/112.js
- url: https://krylox.club/verify.php
- domain: base-record.datacrest.in.net
- url: https://krylox.club/send_tg.php
- domain: meta-stack.datacrest.in.net
- domain: wave-crest.signalcrest.in.net
- domain: radio-freq.signalcrest.in.net
- file: 143.47.53.106
- hash: 5895
- domain: tower-sync.signalcrest.in.net
- domain: broad-cast.signalcrest.in.net
- file: 69.5.189.12
- hash: 5222
- domain: audipoint.cz
- url: https://audipoint.cz
- domain: ping-gate.signalcrest.in.net
- url: https://audipoint.cz/downloads/kontakt.txt
- url: https://audipoint.cz/downloads/info.txt
- url: https://audipoint.cz/downloads/burst.exe
- domain: micro-scale.nanovector.in.net
- file: 193.233.19.233
- hash: 1177
- domain: blogs.mex.com
- domain: oke.uk.com
- domain: voidbebr-48949.portmap.host
- domain: atom-trace.nanovector.in.net
- domain: small-unit.nanovector.in.net
- domain: particle-api.nanovector.in.net
- domain: scan-core.nanovector.in.net
- domain: color-bit.pixelmatrix.in.net
- domain: render-grid.pixelmatrix.in.net
- domain: image-stack.pixelmatrix.in.net
- domain: video-buffer.pixelmatrix.in.net
- domain: display-svc.pixelmatrix.in.net
- domain: raster-node.pixelmatrix.in.net
- domain: radio-freq.signalforge.in.net
- domain: wave-form.signalforge.in.net
- domain: beam-relay.signalforge.in.net
- domain: tower-sync.signalforge.in.net
- domain: ping-gate.signalforge.in.net
- domain: broad-cast.signalforge.in.net
- domain: logic-gate.infocircuit.in.net
- domain: wire-sync.infocircuit.in.net
- domain: bus-bridge.infocircuit.in.net
ThreatFox IOCs for 2026-03-31
0
MediumPublished: Tue Mar 31 2026 (03/31/2026, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2026-03-31
AI-Powered Analysis
Machine-generated threat intelligence
AILast updated: 04/01/2026, 00:23:19 UTC
Technical Analysis
This entry from the ThreatFox MISP feed dated March 31, 2026, provides a set of Indicators of Compromise (IOCs) related to malware activities primarily involving OSINT (Open Source Intelligence), payload delivery, and network activity. The data lacks detailed technical specifics such as affected software versions, exploit mechanisms, or payload descriptions. No patches or fixes are available, and there are no known exploits actively used in the wild. The threat level is assessed as medium, reflecting a moderate concern based on the nature of the indicators and their potential use in reconnaissance or initial payload delivery stages. The absence of concrete indicators or affected versions suggests this is a general intelligence update rather than a report on a newly discovered vulnerability or active attack. The classification tags and categories indicate this intelligence is intended to support detection and analysis efforts by security teams, helping them identify suspicious network behaviors or malware payloads. The technical details provided are minimal and do not specify attack vectors or exploitation techniques. Consequently, this intelligence should be integrated into existing security monitoring frameworks to enhance situational awareness and early detection capabilities.
Potential Impact
Given the lack of specific affected software or active exploitation, the direct impact on organizations is limited at this time. However, the presence of IOCs related to payload delivery and network activity suggests potential reconnaissance or preparatory stages of malware campaigns. If leveraged by threat actors, these indicators could facilitate initial compromise, lateral movement, or data exfiltration in targeted environments. Organizations worldwide that rely on OSINT for threat detection or those with insufficient network monitoring might miss early signs of intrusion attempts. The medium severity reflects a moderate risk that, if unaddressed, could lead to more severe consequences in the future. The absence of patches or fixes indicates that mitigation relies heavily on detection and response capabilities rather than vulnerability remediation. Overall, the impact is primarily on the ability to detect and respond to emerging threats rather than immediate compromise or system damage.
Mitigation Recommendations
Organizations should integrate the provided IOCs into their security information and event management (SIEM) systems and endpoint detection and response (EDR) tools to enhance detection of suspicious payload delivery and network activities. Regularly updating threat intelligence feeds and correlating them with internal logs can improve early warning capabilities. Network segmentation and strict egress filtering can limit the impact of potential payload delivery attempts. Employ behavioral analytics to identify anomalous network traffic patterns that may indicate reconnaissance or malware activity. Conduct regular threat hunting exercises using the latest OSINT indicators to proactively identify potential compromises. Since no patches are available, focus on strengthening incident response readiness and user awareness training to recognize phishing or social engineering attempts that could deliver malware payloads. Collaborate with threat intelligence sharing communities to stay informed about evolving indicators and tactics. Finally, ensure robust backup and recovery processes are in place to mitigate potential damage from successful payload execution.
Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 02bf2f01-206e-4f64-aa0d-4cebc547d4c5
- Original Timestamp
- 1775001787
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domaingatewayraven.skyl1tfern.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainbrokerpasture.mistlatch.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainunderperformize.com | Konni payload delivery domain (confidence level: 75%) | |
domainrelacks.wiki | Konni payload delivery domain (confidence level: 75%) | |
domainmisgrapeible.wiki | Konni payload delivery domain (confidence level: 75%) | |
domainsgeek.com | Unknown Stealer botnet C2 domain (confidence level: 90%) | |
domainapi-endpoint.vectorforge.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainios163.com | ValleyRAT botnet C2 domain (confidence level: 75%) | |
domainqn.ios163.com | ValleyRAT botnet C2 domain (confidence level: 75%) | |
domainqn666.us | ValleyRAT botnet C2 domain (confidence level: 75%) | |
domaincvv.qn666.us | ValleyRAT botnet C2 domain (confidence level: 75%) | |
domainsafe-harbor.nexushaven.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainlight-speed.stellarflux.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainconcretecapitalconsulting.com | FAKEUPDATES payload delivery domain (confidence level: 50%) | |
domainbeam-target.stellarflux.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaincarscanner.life | ACR Stealer botnet C2 domain (confidence level: 75%) | |
domainplaymatket.sbs | ACR Stealer botnet C2 domain (confidence level: 75%) | |
domaintiktok8291id.sbs | ACR Stealer botnet C2 domain (confidence level: 75%) | |
domainamir9234321id.sbs | ACR Stealer botnet C2 domain (confidence level: 75%) | |
domainbase-theory.axiomforge.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainmath-proc.axiomforge.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainstat-portal.axiomforge.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainmicro-chip.circuitflux.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainvolt-power.circuitflux.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsignal-box.circuitflux.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainwire-sync.circuitflux.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainamp-control.circuitflux.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainbus-bridge.circuitflux.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainnorth-star.polarisbloom.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainguide-path.polarisbloom.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaintop-render.polarisbloom.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainpeak-access.polarisbloom.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaincold-store.polarisbloom.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainice-vault.polarisbloom.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsun-flare.helioshaven.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainheat-shield.helioshaven.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsolar-api.helioshaven.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainday-light.helioshaven.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainbright-edge.helioshaven.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainwarm-cache.helioshaven.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainpower-drive.dynaflux.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainthacoseafoods.com | Remcos botnet C2 domain (confidence level: 100%) | |
domainkdxho645fm.localto.net | XWorm botnet C2 domain (confidence level: 100%) | |
domainq4k7uphvys.localto.net | XWorm botnet C2 domain (confidence level: 100%) | |
domainkinetic-io.dynaflux.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaintorque-svc.dynaflux.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainmotor-unit.dynaflux.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainspin-relay.dynaflux.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainfast-trace.dynaflux.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaindeep-space.cosmoforge.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainstar-field.cosmoforge.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainvoid-gate.cosmoforge.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainnova-core.cosmoforge.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaindark-matter.cosmoforge.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainorbit-path.cosmoforge.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainreaction-api.catalyticprocess.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainyield-monitor.catalyticprocess.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsolvent-vault.catalyticprocess.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainfilter-press.catalyticprocess.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainbatch-report.catalyticprocess.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainagent-proxy.catalyticprocess.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainatom-lattice.molecularbonding.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainchain-logic.molecularbonding.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaincovalent-hub.molecularbonding.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainion-channel.molecularbonding.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainstable-node.molecularbonding.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainforce-field.molecularbonding.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainheat-sensor.isothermalmetric.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainconstant-io.isothermalmetric.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaincold-bridge.isothermalmetric.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaintemp-archive.isothermalmetric.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainthermal-sync.isothermalmetric.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainrange-finder.isothermalmetric.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainresin-store.syntheticpolymer.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainfiber-optic.syntheticpolymer.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainplastic-dev.syntheticpolymer.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainmold-engine.syntheticpolymer.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainelastic-net.syntheticpolymer.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainblend-master.syntheticpolymer.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainfluid-path.viscositycontrol.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainthick-layer.viscositycontrol.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainflow-regulator.viscositycontrol.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainfriction-log.viscositycontrol.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaindensity-svc.viscositycontrol.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainpump-gate.viscositycontrol.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainbrick-layer.refractorymatrix.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainkilladaayyuzdshwskrnsvh5owzuwa4yj7gs2vbhkcjpfslrplfgwwqd.onion | Unknown malware botnet C2 domain (confidence level: 75%) | |
domainkilladaxczzw3wnuaxkygib67lk2qkgnki4gyjqoo76vh53egitoyaqd.onion | Unknown malware botnet C2 domain (confidence level: 75%) | |
domainkilladax36r6bbb3md67ekcfv5yasdlnoaklyag66ot4tefa32ywgnyd.onion | Unknown malware botnet C2 domain (confidence level: 75%) | |
domainkilladahaynpqrkppe2m2tgindbruaeiefzr7pm3cp47tzohhhnogwad.onion | Unknown malware botnet C2 domain (confidence level: 75%) | |
domainkillada7qgdpvzpezjxaa64b47bz47hzbn6oql5aa4lppzzwymnukqqd.onion | Unknown malware botnet C2 domain (confidence level: 75%) | |
domainkillada5556ahpb4cwmatv5qpzku2qmdlwawshtykpq37cvfva7zjhid.onion | Unknown malware botnet C2 domain (confidence level: 75%) | |
domainkiln-control.refractorymatrix.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainrmcnewlistening.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainteebro1800.dynamic-dns.net | Remcos botnet C2 domain (confidence level: 100%) | |
domain789fff.onl | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainalo789xanh.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainatlantic.za.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainceeuxg.sa.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaindlf.uk.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainsaatva.us.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainrophimz.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainjvuqdwzk.aamothership.com | XWorm botnet C2 domain (confidence level: 100%) | |
domain9vun520l.aamothership.com | XWorm botnet C2 domain (confidence level: 100%) | |
domainhigh-heat.refractorymatrix.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainshield-base.refractorymatrix.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainshiptank.cfd | Unknown Loader botnet C2 domain (confidence level: 100%) | |
domaintexturebadge.xyz | Unknown Loader botnet C2 domain (confidence level: 100%) | |
domainsolid-state.refractorymatrix.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainfire-wall.refractorymatrix.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainbase-level.alkalineelement.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainph-monitor.alkalineelement.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsalt-buffer.alkalineelement.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainl3cdnns.beer | Unknown malware payload delivery domain (confidence level: 100%) | |
domaincaustic-api.alkalineelement.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainexdanteam.beer | Unknown malware payload delivery domain (confidence level: 100%) | |
domainreactive-hub.alkalineelement.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainmachineryde.duckdns.org | XWorm botnet C2 domain (confidence level: 75%) | |
domainmetal-trace.alkalineelement.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainlosfiros.com | IClickFix payload delivery domain (confidence level: 100%) | |
domainhalf-life.isotopecleaner.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaintrace-element.isotopecleaner.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainvesifolf.com | IClickFix payload delivery domain (confidence level: 100%) | |
domaindecay-check.isotopecleaner.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainqyttqxsdf.cn | ValleyRAT botnet C2 domain (confidence level: 100%) | |
domainradiant-log.isotopecleaner.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainalpha-gate.isotopecleaner.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainbeam-portal.isotopecleaner.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaindeep-freeze.cryogenicbuffer.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainoswork.duckdns.org | Remcos botnet C2 domain (confidence level: 75%) | |
domainhughraccoon.run | Unknown malware payload delivery domain (confidence level: 100%) | |
domainthe7wanderers.sbs | Unknown malware payload delivery domain (confidence level: 100%) | |
domainnitro-vault.cryogenicbuffer.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainjup.ag-rewards.lat | Unknown malware payload delivery domain (confidence level: 100%) | |
domainsahara.lat | Unknown malware payload delivery domain (confidence level: 100%) | |
domainzebec-io.lat | Unknown malware payload delivery domain (confidence level: 100%) | |
domaindapang.sbs | Unknown malware payload delivery domain (confidence level: 100%) | |
domainoneofmillion.life | Unknown malware payload delivery domain (confidence level: 100%) | |
domainzero-point.cryogenicbuffer.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainparadex.life | Unknown malware payload delivery domain (confidence level: 100%) | |
domainzebec-io.network | Unknown malware payload delivery domain (confidence level: 100%) | |
domainsuperapp.zebec-io.lat | Unknown malware payload delivery domain (confidence level: 100%) | |
domainfrost-node.cryogenicbuffer.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainchilled-link.cryogenicbuffer.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaingas-storage.cryogenicbuffer.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainlucialabs.lat | Unknown malware payload delivery domain (confidence level: 100%) | |
domainmomochanonsol.lol | Unknown malware payload delivery domain (confidence level: 100%) | |
domainalloy-forge.metallurgiclink.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsecgov.lol | Unknown malware payload delivery domain (confidence level: 100%) | |
domainsteel-core.metallurgiclink.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainnatocowards.lat | Unknown malware payload delivery domain (confidence level: 100%) | |
domainzebecio.lat | Unknown malware payload delivery domain (confidence level: 100%) | |
domainugor.world | Unknown malware payload delivery domain (confidence level: 100%) | |
domainsmelt-logic.metallurgiclink.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainrealbet.lat | Unknown malware payload delivery domain (confidence level: 100%) | |
domainblast-svc.metallurgiclink.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaincast-iron.metallurgiclink.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaincch-travel.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainmine-trace.metallurgiclink.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainpaui.paleontraglan.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainl4b-mesh.paleontraglan.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainhardexte.paleontraglan.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaindyn-valeal.paleontraglan.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainoasitre.paleontraglan.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainvorforgeet.paleontraglan.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaindecode-frame.chernomofnothes.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainbasaltextend.chernomofnothes.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainprotectsup.chernomofnothes.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaingr0v-hold.chernomofnothes.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaintaldrais3.chernomofnothes.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainm0on-flow.chernomofnothes.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainshopcoc.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaincrawlerstor.radiatebeef.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainvn06.radiatebeef.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domain5ucnd.radiatebeef.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainverify-invoi.radiatebeef.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainwaveque.radiatebeef.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaincarg-man.radiatebeef.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaind3nse-gate.beltfloor.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainf4br2-scope.beltfloor.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsterilelan.beltfloor.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domain11szohw.beltfloor.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaincqnvpcp.beltfloor.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainahus.beltfloor.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainxehramf.batkascript.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsummitgeyser.batkascript.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaincanyonfresh.batkascript.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainbtkrpap.batkascript.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainclusterclinic.batkascript.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaing38198.batkascript.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainalt-h0llow.premiumtos.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainepkzg.premiumtos.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainfog.cargomanbd.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainfog.elythia.ru | Vidar botnet C2 domain (confidence level: 100%) | |
domainage.cargomanbd.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainage.elythia.ru | Vidar botnet C2 domain (confidence level: 100%) | |
domainimagedis.premiumtos.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainpu1s-trail.premiumtos.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainxartelvu.top | SmartApeSG payload delivery domain (confidence level: 100%) | |
domainmarkpeak.premiumtos.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainmeta-cu1tur.premiumtos.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainb4nn-mount.manchustill.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainvxfxox7r.manchustill.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaintargettest.manchustill.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainveobw.manchustill.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaintokcheck.manchustill.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainzennex8ar.manchustill.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainlumnexum1.prefixwag.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainzenvaleex.prefixwag.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaincsbtxwz.prefixwag.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domain4csbzg.prefixwag.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainledge5-switch.prefixwag.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainpy28ionr.prefixwag.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainc0nvoy5-field.codcomparable.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsp0o-forge.codcomparable.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaintheor-spool.codcomparable.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainj30k.codcomparable.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaingentle5-crest.codcomparable.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainplantrav.codcomparable.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainlongislandpremium.4nmn.com | Remcos botnet C2 domain (confidence level: 100%) | |
domainconverso.it.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaineoa.uk.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainudayachal.in.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainscarlet-tra.cuffsorbsky.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainstatic-img.thenycmeeting.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainyfjgi.cuffsorbsky.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainbundstar.cuffsorbsky.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainst4b1l-span.cuffsorbsky.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainloosesnow.cuffsorbsky.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainrne4d7-zone.cuffsorbsky.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainhonestsort.paleontraglan.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainvoicefjo.paleontraglan.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainkvvfusu.chernomofnothes.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainload-spark.chernomofnothes.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainmer-lithen.radiatebeef.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainlum-markal.radiatebeef.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainvalue9-mesh.beltfloor.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainpartnerrelay.beltfloor.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainxxhq.batkascript.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaincata1og-forge.batkascript.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainvaulvoc.premiumtos.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainformalpod.premiumtos.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainqz65lmfc.manchustill.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainvgtp5o.manchustill.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaindevsig.prefixwag.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainvale-gra.prefixwag.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainpeak-point.vertexbloom.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaindeminestryuid.info | Unknown malware payload delivery domain (confidence level: 100%) | |
domaingrowth-engine.vertexbloom.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainrender-farm.vertexbloom.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainspatial-api.vertexbloom.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaintop-level.vertexbloom.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainpolygon-svc.vertexbloom.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainstar-build.novaforge.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainfusion-core.novaforge.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainheavy-metal.novaforge.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainblast-zone.novaforge.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainplasma-node.novaforge.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsmelt-logic.novaforge.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainbemqorli.top | SmartApeSG payload delivery domain (confidence level: 100%) | |
domainbright-beam.luminflux.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainwave-length.luminflux.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainuejrhnfq.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 75%) | |
domainoptic-hub.luminflux.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainphoto-sync.luminflux.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainlight-trace.luminflux.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainglow-portal.luminflux.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainplataformadireta.one | VENON botnet C2 domain (confidence level: 100%) | |
domainconectividadeprime.site | VENON botnet C2 domain (confidence level: 100%) | |
domainpath-finder.orbitforge.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaincycle-monitor.orbitforge.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainround-trip.orbitforge.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaincatoma11.accesscam.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainy57kdsa.duckdns.org | Venom RAT botnet C2 domain (confidence level: 100%) | |
domainvivogrouplink.duckdns.org | XWorm botnet C2 domain (confidence level: 100%) | |
domaingo88.inc | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainsagestream.sa.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainsc88882.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainxn--3kqw74a81mpni5rau92aqo3c.jpn.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainedward-fwd-vacuum-changelog.trycloudflare.com | Venom RAT payload delivery domain (confidence level: 100%) | |
domainhanded-mines-abc-intensity.trycloudflare.com | Venom RAT payload delivery domain (confidence level: 100%) | |
domainrover-earlier-baseline-karen.trycloudflare.com | Venom RAT payload delivery domain (confidence level: 100%) | |
domainrepresents-causes-conflicts-silver.trycloudflare.com | Venom RAT payload delivery domain (confidence level: 100%) | |
domainqqxylozz-56474.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainspin-control.orbitforge.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaingravity-io.orbitforge.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainlaunch-pad.orbitforge.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsafe-ship.astrahaven.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaindeep-sky.astrahaven.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaincosmic-link.astrahaven.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainvoid-storage.astrahaven.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainpilot-auth.astrahaven.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainmicro-pulse.quantaflux.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainatom-split.quantaflux.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainlogic-gate.quantaflux.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainspeed-test.quantaflux.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainpacket-flow.quantaflux.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainbit-stream.quantaflux.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainbrain-scan.neurobloom.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainthought-api.neurobloom.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainpulse-logic.neurobloom.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainghost-shell.cyberhaven.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainthreat-log.cyberhaven.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaincgfuryclaud.shop | Unknown malware payload delivery domain (confidence level: 100%) | |
domainanon-relay.cyberhaven.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaindiddyparty.click | Unknown malware payload delivery domain (confidence level: 100%) | |
domainasiaverses.com | IClickFix payload delivery domain (confidence level: 100%) | |
domainhigh-ridge.datacrest.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainarchive-top.datacrest.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainzarnoflidfgvv.com | NetSupportManager RAT payload delivery domain (confidence level: 100%) | |
domainbulk-export.datacrest.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainiopajkflorta.com | NetSupportManager RAT payload delivery domain (confidence level: 100%) | |
domaininfo-summit.datacrest.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainkrylox.club | Unknown malware payload delivery domain (confidence level: 100%) | |
domainbase-record.datacrest.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainmeta-stack.datacrest.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainwave-crest.signalcrest.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainradio-freq.signalcrest.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaintower-sync.signalcrest.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainbroad-cast.signalcrest.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainaudipoint.cz | Unknown malware payload delivery domain (confidence level: 100%) | |
domainping-gate.signalcrest.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainmicro-scale.nanovector.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainblogs.mex.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainoke.uk.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainvoidbebr-48949.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainatom-trace.nanovector.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsmall-unit.nanovector.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainparticle-api.nanovector.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainscan-core.nanovector.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaincolor-bit.pixelmatrix.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainrender-grid.pixelmatrix.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainimage-stack.pixelmatrix.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainvideo-buffer.pixelmatrix.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaindisplay-svc.pixelmatrix.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainraster-node.pixelmatrix.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainradio-freq.signalforge.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainwave-form.signalforge.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainbeam-relay.signalforge.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaintower-sync.signalforge.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainping-gate.signalforge.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainbroad-cast.signalforge.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainlogic-gate.infocircuit.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainwire-sync.infocircuit.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainbus-bridge.infocircuit.in.net | ClearFake payload delivery domain (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file193.37.213.18 | Konni botnet C2 server (confidence level: 75%) | |
file185.205.211.217 | Konni botnet C2 server (confidence level: 75%) | |
file45.88.186.163 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file104.131.106.42 | DarkVNC botnet C2 server (confidence level: 75%) | |
file104.131.106.42 | DarkVNC botnet C2 server (confidence level: 75%) | |
file45.61.136.190 | DarkVNC botnet C2 server (confidence level: 75%) | |
file64.95.13.174 | DarkVNC botnet C2 server (confidence level: 75%) | |
file23.27.49.106 | DarkVNC botnet C2 server (confidence level: 75%) | |
file64.52.80.3 | DarkVNC botnet C2 server (confidence level: 75%) | |
file185.237.230.50 | DarkVNC botnet C2 server (confidence level: 75%) | |
file167.62.27.10 | NjRAT botnet C2 server (confidence level: 100%) | |
file193.161.193.99 | RatonRAT botnet C2 server (confidence level: 100%) | |
file130.12.182.175 | Tofsee botnet C2 server (confidence level: 75%) | |
file46.151.182.19 | Tofsee botnet C2 server (confidence level: 75%) | |
file130.12.180.119 | Tofsee botnet C2 server (confidence level: 75%) | |
file31.57.216.27 | Tofsee botnet C2 server (confidence level: 75%) | |
file46.151.182.245 | Tofsee botnet C2 server (confidence level: 75%) | |
file31.57.216.28 | Tofsee botnet C2 server (confidence level: 75%) | |
file204.76.203.165 | Tofsee botnet C2 server (confidence level: 75%) | |
file85.215.131.70 | Bashlite botnet C2 server (confidence level: 100%) | |
file199.68.224.204 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file108.187.43.242 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file108.187.43.242 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file158.94.210.91 | Amadey botnet C2 server (confidence level: 50%) | |
file172.96.188.4 | Loda botnet C2 server (confidence level: 100%) | |
file103.118.247.52 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file107.149.123.161 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.100.73.50 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file195.177.94.64 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file42.193.169.176 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.35.131.119 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file151.240.151.158 | IClickFix payload delivery server (confidence level: 100%) | |
file206.82.6.182 | ValleyRAT botnet C2 server (confidence level: 75%) | |
file167.148.195.30 | IClickFix payload delivery server (confidence level: 100%) | |
file43.198.29.200 | ValleyRAT botnet C2 server (confidence level: 75%) | |
file34.116.192.176 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
file185.100.157.204 | ACR Stealer botnet C2 server (confidence level: 100%) | |
file38.111.162.120 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
file178.16.53.54 | Remcos botnet C2 server (confidence level: 100%) | |
file188.217.191.167 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file194.116.236.247 | XWorm botnet C2 server (confidence level: 100%) | |
file176.65.139.64 | Mirai botnet C2 server (confidence level: 100%) | |
file95.217.125.52 | Vidar botnet C2 server (confidence level: 100%) | |
file216.203.20.183 | Vidar botnet C2 server (confidence level: 100%) | |
file31.57.201.163 | Vidar botnet C2 server (confidence level: 100%) | |
file151.247.22.246 | Vidar botnet C2 server (confidence level: 100%) | |
file35.222.188.75 | Unknown malware botnet C2 server (confidence level: 75%) | |
file35.222.188.75 | Unknown malware botnet C2 server (confidence level: 75%) | |
file146.19.213.175 | Unknown Stealer botnet C2 server (confidence level: 75%) | |
file45.134.173.79 | Unknown Stealer botnet C2 server (confidence level: 75%) | |
file91.208.197.9 | Unknown Stealer botnet C2 server (confidence level: 75%) | |
file63.33.129.31 | Unknown malware botnet C2 server (confidence level: 100%) | |
file194.156.79.140 | XWorm botnet C2 server (confidence level: 100%) | |
file94.103.1.28 | Unknown malware botnet C2 server (confidence level: 75%) | |
file192.238.180.62 | ValleyRAT botnet C2 server (confidence level: 75%) | |
file89.110.72.206 | Unknown malware botnet C2 server (confidence level: 75%) | |
file5.35.36.198 | Unknown malware botnet C2 server (confidence level: 75%) | |
file91.84.97.64 | Unknown malware botnet C2 server (confidence level: 75%) | |
file212.34.147.16 | Unknown malware botnet C2 server (confidence level: 75%) | |
file91.84.99.78 | Unknown malware botnet C2 server (confidence level: 75%) | |
file91.84.99.148 | Unknown malware botnet C2 server (confidence level: 75%) | |
file91.84.99.190 | Unknown malware botnet C2 server (confidence level: 75%) | |
file5.35.38.118 | Unknown malware botnet C2 server (confidence level: 75%) | |
file5.35.37.101 | Unknown malware botnet C2 server (confidence level: 75%) | |
file5.35.37.76 | Unknown malware botnet C2 server (confidence level: 75%) | |
file89.110.114.39 | Unknown malware botnet C2 server (confidence level: 75%) | |
file194.164.34.65 | Unknown malware botnet C2 server (confidence level: 75%) | |
file89.110.79.21 | Unknown malware botnet C2 server (confidence level: 75%) | |
file212.34.147.146 | Unknown malware botnet C2 server (confidence level: 75%) | |
file173.212.194.210 | Unknown malware botnet C2 server (confidence level: 75%) | |
file173.212.246.200 | Unknown malware botnet C2 server (confidence level: 75%) | |
file128.199.19.192 | Unknown malware botnet C2 server (confidence level: 75%) | |
file85.217.170.136 | Unknown malware botnet C2 server (confidence level: 75%) | |
file103.138.96.157 | Unknown malware botnet C2 server (confidence level: 75%) | |
file12.202.180.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file194.59.30.128 | Remcos botnet C2 server (confidence level: 100%) | |
file147.185.221.31 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file81.159.116.2 | XWorm botnet C2 server (confidence level: 100%) | |
file103.215.77.17 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file193.24.211.242 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file176.65.144.108 | IClickFix payload delivery server (confidence level: 100%) | |
file143.47.53.106 | RatonRAT botnet C2 server (confidence level: 100%) | |
file69.5.189.12 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file193.233.19.233 | Quasar RAT botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash80 | Konni botnet C2 server (confidence level: 75%) | |
hash443 | Konni botnet C2 server (confidence level: 75%) | |
hashcf48286e6a82f62af6637738a0736e4bbc3eaf52620aa4493f49a5f731d251d4 | Konni payload (confidence level: 100%) | |
hasha91e743f20f236e1d052c42cc40ae9383f88151974782ec400915df3063dec4c | Konni payload (confidence level: 100%) | |
hash0da8d4281946ce2ef6765e68e99b00a37af731e73d8cedbf7486a012d0c7be5c | Konni payload (confidence level: 100%) | |
hash04a11791a61a8522af2817801860e6f93f487036d936f0287d28fa94b5837c53 | Unknown Stealer payload (confidence level: 90%) | |
hash337873c8d609b7be91635bae8875859c7a6b5729ca875f01946d5d681dd70dc3 | ValleyRAT payload (confidence level: 75%) | |
hash4a7ccc02e95280df9f89dabd6f62eb715163a2318409fbb887fecb16bc4e21c3 | ValleyRAT payload (confidence level: 75%) | |
hash434592e3ef8b2b8f549afa71d903d8b4ddb0b7f5849ea1280cfee6d980432b14 | ValleyRAT payload (confidence level: 75%) | |
hash27d8449808d99f3ef1fd3e0d1a66ae4c85f29543bb6bb13a07dba0cc266624eb | ValleyRAT payload (confidence level: 75%) | |
hash0026574a5ffe7131bdb6e8940bcf50415e3cf2ad01b84f0613c21516162618b5 | ValleyRAT payload (confidence level: 75%) | |
hasha4a8dfb2c339eb26a1b41ce520fa41b9fc4ab96272ee6604dc304720fd892b98 | ValleyRAT payload (confidence level: 75%) | |
hashbcdb291bbab81be66bbdae3c9a717e28c83e0db6e7125cefa4292b560b88db77 | ValleyRAT payload (confidence level: 75%) | |
hash16262 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash4443 | DarkVNC botnet C2 server (confidence level: 75%) | |
hash3333 | DarkVNC botnet C2 server (confidence level: 75%) | |
hash3333 | DarkVNC botnet C2 server (confidence level: 75%) | |
hash3333 | DarkVNC botnet C2 server (confidence level: 75%) | |
hash3333 | DarkVNC botnet C2 server (confidence level: 75%) | |
hash443 | DarkVNC botnet C2 server (confidence level: 75%) | |
hash443 | DarkVNC botnet C2 server (confidence level: 75%) | |
hash2005 | NjRAT botnet C2 server (confidence level: 100%) | |
hash49831 | RatonRAT botnet C2 server (confidence level: 100%) | |
hash418 | Tofsee botnet C2 server (confidence level: 75%) | |
hash418 | Tofsee botnet C2 server (confidence level: 75%) | |
hash418 | Tofsee botnet C2 server (confidence level: 75%) | |
hash418 | Tofsee botnet C2 server (confidence level: 75%) | |
hash418 | Tofsee botnet C2 server (confidence level: 75%) | |
hash418 | Tofsee botnet C2 server (confidence level: 75%) | |
hash418 | Tofsee botnet C2 server (confidence level: 75%) | |
hash15367 | Bashlite botnet C2 server (confidence level: 100%) | |
hasha8f67ecea56833ef2fcbdbdc941b8354 | Unknown malware payload (confidence level: 100%) | |
hashcf4840ae85d7acba4974d6dd55893d6c | Unknown malware payload (confidence level: 100%) | |
hash29145cc1b1400b4b60743a21b075bac7 | Unknown malware payload (confidence level: 100%) | |
hasha1cc7f562c5c09476849070b0fc928d1 | Unknown malware payload (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash996 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash997 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash80 | Amadey botnet C2 server (confidence level: 50%) | |
hash4000 | Loda botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | IClickFix payload delivery server (confidence level: 100%) | |
hash80 | ValleyRAT botnet C2 server (confidence level: 75%) | |
hash80 | IClickFix payload delivery server (confidence level: 100%) | |
hash8880 | ValleyRAT botnet C2 server (confidence level: 75%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
hash443 | ACR Stealer botnet C2 server (confidence level: 100%) | |
hash445 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
hash8972 | Remcos botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash1222 | XWorm botnet C2 server (confidence level: 100%) | |
hash38241 | Mirai botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash5555 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash5000 | Unknown Stealer botnet C2 server (confidence level: 75%) | |
hash443 | Unknown Stealer botnet C2 server (confidence level: 75%) | |
hash3389 | Unknown Stealer botnet C2 server (confidence level: 75%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9019 | XWorm botnet C2 server (confidence level: 100%) | |
hash56001 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash5050 | ValleyRAT botnet C2 server (confidence level: 75%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash8000 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash8000 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash8000 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash3000 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash5002 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash6745 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2021 | Remcos botnet C2 server (confidence level: 100%) | |
hash38645 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash4499 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | IClickFix payload delivery server (confidence level: 100%) | |
hash5895 | RatonRAT botnet C2 server (confidence level: 100%) | |
hash5222 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash1177 | Quasar RAT botnet C2 server (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://acn.miseguro.com.co/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://voge.pe/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttp://178.208.87.49/bot/regex | LaplasClipper botnet C2 (confidence level: 100%) | |
urlhttp://158.94.210.91/g8hrs4f4vh/index.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttp://5.10.217.60 | Stealc botnet C2 (confidence level: 100%) | |
urlhttps://l3cdnns.beer/api/css.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://exdanteam.beer/api/css.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://losfiros.com | IClickFix payload delivery URL (confidence level: 100%) | |
urlhttp://151.240.151.158/tta.txt | IClickFix payload delivery URL (confidence level: 100%) | |
urlhttp://158.94.210.91/g8hrs4f4vh/login.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttps://vesifolf.com | IClickFix payload delivery URL (confidence level: 100%) | |
urlhttp://167.148.195.30/ffa.txt | IClickFix payload delivery URL (confidence level: 100%) | |
urlhttp://cch-travel.com/verify.msi | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://ndigitals.in/vcapcha.ps1 | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://ndigitals.in/reportv.php | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://ndigitals.in/verifya.ps1 | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://ndigitals.in/notepad.b64 | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://ndigitals.in/report.php | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://zebec-io.lat/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://jup.ag-rewards.lat/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://sahara.lat/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://dapang.sbs/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://the7wanderers.sbs/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://hughraccoon.run/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://oneofmillion.life/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://lucialabs.lat/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://paradex.life/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://momochanonsol.lol/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://realbet.lat/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://zebec-io.network/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://natocowards.lat/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://secgov.lol/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://zebecio.lat/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://ugor.world/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://ndigitals.in/version.txt | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://ndigitals.in/myupdaterapp-1.4.7.b64 | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://ndigitals.in/report-proeval.php | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://www.teamserviceeditore.it/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://ndigitals.in/protectversion.txt | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://ndigitals.in/folderlister_1.4.11.b64 | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://ndigitals.in/payloadvbs.b64 | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://zcredit.eu/ge/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://dfopetroleum.com/bins/binas.txt | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://dfopetroleum.com/bins/rwbhgsqs.msi | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://age.cargomanbd.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://age.elythia.ru/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://fog.cargomanbd.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://fog.elythia.ru/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://95.217.125.52/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://216.203.20.183/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://31.57.201.163/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://151.247.22.246/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://hanzelka-cze.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://xartelvu.top/logout/route-sessionstore.php | SmartApeSG payload delivery URL (confidence level: 100%) | |
urlhttps://xartelvu.top/logout/signup-sandbox.js | SmartApeSG payload delivery URL (confidence level: 100%) | |
urlhttps://nivraxod.com/opo/call | SmartApeSG payload delivery URL (confidence level: 100%) | |
urlhttps://hanzelka-cze.com/downloads/food.txt | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://hanzelka-cze.com/downloads/inform.txt | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://hanzelka-cze.com/downloads/burst.exe | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttp://158.94.209.253 | Stealc botnet C2 (confidence level: 75%) | |
urlhttps://65.108.55.35 | Vidar botnet C2 (confidence level: 75%) | |
urlhttp://8.216.26.169:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://bemqorli.top/logout/route-sessionstore.php | SmartApeSG payload delivery URL (confidence level: 100%) | |
urlhttps://bemqorli.top/logout/signup-sandbox.js | SmartApeSG payload delivery URL (confidence level: 100%) | |
urlhttps://bankopenhours.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://cgfuryclaud.shop/api/css.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://diddyparty.click/cf.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://diddyparty.click/api/index.php | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://diddyparty.click/log.php | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://djasdajnsdnjgjg.com/sdkfgi.js | IClickFix payload delivery URL (confidence level: 100%) | |
urlhttps://abulrob.com/wp-blog-footer.php?page= | IClickFix payload delivery URL (confidence level: 100%) | |
urlhttps://asiaverses.com | IClickFix payload delivery URL (confidence level: 100%) | |
urlhttp://176.65.144.108/i88.txt | IClickFix payload delivery URL (confidence level: 100%) | |
urlhttps://krylox.club/112.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://krylox.club/verify.php | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://krylox.club/send_tg.php | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://audipoint.cz | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://audipoint.cz/downloads/kontakt.txt | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://audipoint.cz/downloads/info.txt | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://audipoint.cz/downloads/burst.exe | Unknown malware payload delivery URL (confidence level: 100%) |
Threat ID: 69cc61e8e6bfc5ba1d50ebb2
Added to database: 4/1/2026, 12:08:08 AM
Last enriched: 4/1/2026, 12:23:19 AM
Last updated: 4/1/2026, 4:49:49 AM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Sort by
Loading community insights…
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
PRO
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Please log in to the Console to use AI analysis features.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Breach by OffSeqOFFSEQFRIENDS — 25% OFF
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
OffSeq TrainingCredly Certified
Lead Pen Test Professional
Technical5-day eLearningPECB Accredited