Reconnecting to live updates…

ThreatFox IOCs for 2026-04-01

Severity: mediumType: malware

AI Analysis

Technical Summary

This entry from the ThreatFox MISP feed dated April 1, 2026, provides Indicators of Compromise (IOCs) related to malware activities primarily involving OSINT sources. The data is categorized under network activity and payload delivery, suggesting the threat involves malicious payload distribution possibly detected through network monitoring. However, the report lacks specific technical details such as malware family names, attack vectors, affected software versions, or concrete indicators like hashes or IP addresses. No known exploits are reported in the wild, and no patches or mitigation strategies are linked, indicating this is an intelligence update rather than a report of an active exploit or vulnerability. The threat level is rated as medium, with a threatLevel score of 2 and distribution score of 3, implying moderate prevalence or detection frequency. The absence of CWE identifiers and exploit details limits the ability to assess the exact nature of the malware or its attack mechanisms. This information is valuable for security teams to update their detection rules and maintain situational awareness but does not indicate an immediate critical threat.

Potential Impact

Given the lack of detailed exploit information and no known active exploitation, the immediate impact on organizations worldwide is limited. However, the presence of malware-related IOCs in OSINT feeds suggests ongoing reconnaissance or low-level payload delivery campaigns that could lead to data breaches, system compromise, or network disruptions if leveraged effectively by threat actors. Organizations relying heavily on network monitoring and threat intelligence may benefit from integrating these IOCs to detect early signs of compromise. The medium severity rating reflects a moderate risk of impact on confidentiality, integrity, or availability if the malware payloads are successfully delivered and executed. Without patches or specific mitigations, organizations must rely on detection and response capabilities to limit potential damage. The threat could affect a broad range of sectors, especially those with high exposure to network-based attacks or those that utilize OSINT for threat detection.

Mitigation Recommendations

1. Integrate ThreatFox IOCs into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enhance detection capabilities. 2. Conduct regular network traffic analysis to identify unusual payload delivery patterns or suspicious network activity. 3. Maintain updated threat intelligence feeds and correlate with internal logs to detect early signs of compromise. 4. Employ network segmentation and strict access controls to limit the spread of potential malware payloads. 5. Train security teams to recognize and respond to indicators related to OSINT-sourced threats. 6. Since no patches are available, focus on proactive monitoring, incident response readiness, and rapid containment strategies. 7. Regularly update and test backup and recovery procedures to mitigate potential data loss from malware infections. 8. Collaborate with threat intelligence communities to share findings and improve collective defense.

Affected Countries

United States, Germany, United Kingdom, Australia, Canada, Japan, France, Netherlands, South Korea, Singapore

Indicators of Compromise

domain: bsmaopm.duckdns.org
file: 12.202.180.133
hash: 6757
domain: star-map.astrahaven.in.net
url: https://thebusinessaccelerator.com/
domain: synapse-net.neurobloom.in.net
domain: api.permanentothertheorist.com
domain: nerve-center.neurobloom.in.net
domain: bio-sensor.neurobloom.in.net
url: https://discord.com/api/webhooks/960954050583613549/yakgomn5eytrpchuopz87piks7wk2xpb5y3ozzqxaaho2vcbn99g7k9oqsapj9ji7btr
domain: mesh-proxy.cyberhaven.in.net
file: 49.51.134.147
hash: 10001
file: 50.39.155.159
hash: 54984
domain: secure-vault.cyberhaven.in.net
file: 217.69.2.135
hash: 5000
domain: enc-tunnel.cyberhaven.in.net
domain: range-extend.signalcrest.in.net
domain: precision-io.nanovector.in.net
url: https://bemqorli.top/logout/admin-worker.js
domain: maochikomajf.com
file: 150.241.65.94
hash: 4444
file: 150.241.65.94
hash: 3000
url: http://150.241.65.94/sc32
domain: volt-check.infocircuit.in.net
domain: board-mgr.infocircuit.in.net
domain: chip-set.infocircuit.in.net
domain: secure-key.cryptovault.in.net
domain: lock-box.cryptovault.in.net
domain: secret-api.cryptovault.in.net
domain: anon-auth.cryptovault.in.net
domain: hash-store.cryptovault.in.net
domain: enc-tunnel.cryptovault.in.net
domain: main-frame.logicmatrix.in.net
domain: rule-engine.logicmatrix.in.net
domain: truth-table.logicmatrix.in.net
domain: process-io.logicmatrix.in.net
domain: decision-svc.logicmatrix.in.net
domain: brain-base.logicmatrix.in.net
domain: global-net.technosphere.in.net
domain: urban-hub.technosphere.in.net
domain: eco-monitor.technosphere.in.net
domain: world-view.technosphere.in.net
domain: meta-layer.technosphere.in.net
domain: outer-shell.technosphere.in.net
domain: synapse-log.neurovector.in.net
file: 172.245.4.226
hash: 2404
domain: mihorror2005.redirectme.net
domain: nerve-center.neurovector.in.net
domain: anderdingus.aamothership.com
domain: impulse-api.neurovector.in.net
domain: thought-hub.neurovector.in.net
domain: brain-scan.neurovector.in.net
domain: mind-node.neurovector.in.net
domain: bit-stream.quantacircuit.in.net
domain: speed-test.quantacircuit.in.net
domain: packet-flow.quantacircuit.in.net
domain: qubit-sync.quantacircuit.in.net
file: 192.227.219.95
hash: 443
domain: fast-track.quantacircuit.in.net
domain: wwww.pqpicc.com
domain: light-logic.quantacircuit.in.net
domain: data-field.digisphere.in.net
domain: cloud-ring.digisphere.in.net
hash: 12a8b0903c176cb6478b4f0bfcf8a621025c37faf83941125c803ccc3e0913e6
hash: a4ccfa85bf0faf1caad12a410342ce977418f50a14094d045e2c9e861bd2f934
hash: 929e28c42c72fc0de845fa3e77a9aed790b74249cf0700026ee89b1db6eabe25
hash: abac8cd80711555a39d73e5aeab4919af37de95d057038778b737071dc35bb88
hash: 4b467906789b3abaeeaab4483efc9a8b6b6dda044520fdd07526e71cb160b614
file: 45.153.34.120
hash: 4444
domain: kitty-guard.buzz
domain: info-orbit.digisphere.in.net
domain: web-portal.digisphere.in.net
domain: static-cdn.digisphere.in.net
domain: point-edge.digisphere.in.net
domain: flight-path.aerovector.in.net
domain: air-traffic.aerovector.in.net
domain: sky-route.aerovector.in.net
domain: wing-span.aerovector.in.net
domain: alt-logic.aerovector.in.net
domain: pilot-svc.aerovector.in.net
domain: heavy-duty.mechaforge.in.net
domain: iron-works.mechaforge.in.net
domain: power-plant.mechaforge.in.net
domain: auto-build.mechaforge.in.net
domain: steel-core.mechaforge.in.net
domain: robot-api.mechaforge.in.net
domain: border-gate.fetterland.in.net
domain: area-scanner.fetterland.in.net
domain: land-mark.fetterland.in.net
domain: soil-monitor.fetterland.in.net
domain: fence-logic.fetterland.in.net
domain: site-connect.fetterland.in.net
domain: water-flow.needwatka.in.net
domain: soemyidcbiue.cn
file: 95.40.168.23
hash: 670
domain: fbmtingttk.cn
file: 43.198.45.195
hash: 8880
domain: liquid-api.needwatka.in.net
domain: well-point.needwatka.in.net
domain: pump-ctrl.needwatka.in.net
domain: hydro-svc.needwatka.in.net
file: 130.12.182.175
hash: 424
file: 46.151.182.245
hash: 424
file: 31.57.216.28
hash: 424
file: 204.76.203.165
hash: 424
file: 130.12.180.119
hash: 424
file: 31.57.216.27
hash: 424
file: 46.151.182.19
hash: 424
domain: source-log.needwatka.in.net
url: https://204.168.172.164
domain: spin-cycle.dervishpeel.in.net
domain: cyrsite.top
domain: swimrest.xyz
domain: layer-check.dervishpeel.in.net
domain: digitaloptionslznpz.za.com
domain: elevoji.za.com
domain: guide-school.za.com
domain: hitsed.ru.com
domain: shtnsn.za.com
domain: silverseeker.sa.com
url: https://204.168.220.27
file: 138.201.106.62
hash: 7004
domain: outer-shell.dervishpeel.in.net
file: 39.109.116.103
hash: 6666
url: http://e732a5ae.xyz/index.php
url: http://e732a5ae.top/index.php
file: 199.217.99.119
hash: 80
domain: core-wrap.dervishpeel.in.net
url: http://a2b5caf8.buzz/2/index.php
file: 217.60.248.91
hash: 80
domain: rotate-node.dervishpeel.in.net
domain: skin-proxy.dervishpeel.in.net
domain: spider-net.industtarant.in.net
domain: web-crawl.industtarant.in.net
domain: factory-io.industtarant.in.net
domain: heavy-link.industtarant.in.net
domain: venom-dev.industtarant.in.net
domain: silk-route.industtarant.in.net
domain: small-frame.cameoinfusion.in.net
domain: art-portal.cameoinfusion.in.net
domain: style-sync.cameoinfusion.in.net
domain: color-mix.cameoinfusion.in.net
domain: blend-master.cameoinfusion.in.net
url: http://fortlauderdalelemonlaw.com/curl/6e94eaa0bb819eb49d74473da0a4c4afb8df11080d512813d135ce1cc8dcf403
domain: video-drop.cameoinfusion.in.net
url: https://www.motip.com/uploads_motip/verification.html
domain: action-log.fighttrapper.in.net
hash: 5577857d4b69217b12f59c8fd58b8e8ce57645ff19097c00693733bca86abb63
domain: cage-match.fighttrapper.in.net
file: 110.43.68.89
hash: 10001
file: 52.81.200.103
hash: 10001
file: 151.59.152.232
hash: 8080
file: 2.143.111.26
hash: 6000
file: 110.36.65.23
hash: 57788
domain: catch-node.fighttrapper.in.net
file: 178.16.54.14
hash: 80
file: 45.155.250.126
hash: 80
domain: secure-hit.fighttrapper.in.net
domain: target-api.fighttrapper.in.net
domain: def-system.fighttrapper.in.net
domain: sound-check.lohsmacknon.in.net
domain: bass-boost.lohsmacknon.in.net
domain: echo-relay.lohsmacknon.in.net
domain: noise-gate.lohsmacknon.in.net
domain: audio-path.lohsmacknon.in.net
domain: wave-form.lohsmacknon.in.net
domain: qpo.smoothfacing.cfd
domain: foot.trxzidan.icu
domain: bio-record.maknothplacenta.in.net
domain: life-cycle.maknothplacenta.in.net
url: http://cz762927.tw1.ru/l1nc0in.php
domain: cell-logic.maknothplacenta.in.net
domain: organ-sync.maknothplacenta.in.net
domain: health-node.maknothplacenta.in.net
domain: root-source.maknothplacenta.in.net
domain: farm-logic.combinekabisia.in.net
file: 3.69.49.61
hash: 80
file: 159.75.76.236
hash: 443
file: 38.22.91.131
hash: 8080
domain: grain-store.combinekabisia.in.net
url: https://centegn.cyou
file: 5.180.24.16
hash: 80
url: http://5.180.24.16/api/upload-data
url: http://5.180.24.16/ws/client
domain: harvest-api.combinekabisia.in.net
file: 91.202.233.67
hash: 5555
domain: shlyapadulina.space
domain: field-scan.combinekabisia.in.net
file: 65.109.103.93
hash: 80
file: 212.162.150.121
hash: 80
url: http://65.109.103.93/api/upload-data
url: http://212.162.150.121/api/upload-data
url: http://65.109.103.93/ws/client
url: http://212.162.150.121/ws/client
domain: crop-trace.combinekabisia.in.net
domain: yuosryb6o.ddns.net
domain: yuosryb6o.duckdns.org
domain: yield-hub.combinekabisia.in.net
domain: high-note.brillwhistleb.in.net
domain: tune-api.brillwhistleb.in.net
domain: signal-box.brillwhistleb.in.net
domain: alert-svc.brillwhistleb.in.net
domain: wind-flow.brillwhistleb.in.net
domain: loud-cloud.brillwhistleb.in.net
file: 185.38.142.5
hash: 5003
domain: soft-glob.driveaway.in.net
domain: wzovragk.driveaway.in.net
domain: nppw50at.driveaway.in.net
file: 45.221.118.180
hash: 111
file: 152.136.43.210
hash: 8083
file: 43.230.161.81
hash: 443
file: 104.168.149.226
hash: 443
file: 103.40.253.162
hash: 443
file: 113.45.65.232
hash: 443
file: 161.97.139.204
hash: 3333
file: 5.226.191.169
hash: 4433
file: 46.225.174.26
hash: 3333
file: 108.162.67.124
hash: 443
file: 141.95.160.129
hash: 3333
file: 5.129.194.137
hash: 3333
file: 139.59.106.165
hash: 8443
file: 178.104.45.253
hash: 8080
file: 54.157.76.50
hash: 443
file: 189.56.104.221
hash: 8443
file: 147.45.45.79
hash: 31337
file: 77.90.185.69
hash: 31337
file: 165.245.130.101
hash: 31337
file: 164.92.67.70
hash: 443
file: 192.227.239.42
hash: 8443
domain: compilpow.driveaway.in.net
file: 144.172.88.60
hash: 4443
file: 89.169.54.130
hash: 7443
url: https://docviews43.dynv6.net/
url: https://docviews24.dynv6.net/
url: https://elecviews55.dynv6.net/
url: https://docviews59.dynv6.net/
url: https://elecviews87.dynv6.net/
url: https://docviews5.dynv6.net/
url: https://search20s.dynv6.net/
url: https://docviews40.dynv6.net/
url: https://docviews65.dynv6.net/
url: https://docviews35.dynv6.net/
url: https://join39s.dynv6.net/
url: http://docviews56.dynv6.net/
url: https://nids58.dynv6.net/
url: https://docviews8.dynv6.net/
url: https://elecviews49.dynv6.net/
url: https://note4.dns.army/
url: https://edocview7.dynv6.net/
url: https://elecviews40.dynv6.net/
url: https://docviews71.dynv6.net/
url: https://nids19.dynv6.net/
url: https://elecviews39.dynv6.net/
url: https://77.91.97.162/g93kdwj3s/index.php
url: https://taozi.win/
url: https://der04.top/
url: https://api.telegram.org/bot8271047137:aaeexdi10mt9iueumeprigosff1itlciw-0/
url: https://api.telegram.org/bot8565137147:aae7jjjsdr6xpvh7pt_ahuej8udtf-issyw/
domain: v2.xoilacvi.co
domain: v3.xoilacvi.co
domain: choru5-hinge.driveaway.in.net
domain: brighterlib.click
domain: kxep42pp.driveaway.in.net
domain: wild-mount.vivatwoman.in.net
url: https://wexlunto.top/session/version-header.js
domain: wexlunto.top
url: https://wexlunto.top/session/realm-response.php
url: https://wexlunto.top/session/login-stylesheet.js
url: https://pelgiron.com/v1/user/py
url: https://t.me/xerkoper
domain: solcresten2.vivatwoman.in.net
domain: 6jamieya.vivatwoman.in.net
domain: iopv.net
url: https://iopv.net/init
domain: lumnexen7.vivatwoman.in.net
url: https://iopv.net/register
url: https://willowbrooktownhouse.com/
domain: norvenix2.vivatwoman.in.net
domain: neo-d3v.vivatwoman.in.net
domain: ballieballerson.com
domain: qobavx3.barondecont.in.net
domain: calmion.barondecont.in.net
domain: crirn4-point.barondecont.in.net
domain: lotusstudiopr.us.com
domain: proveritas.eu.com
domain: greek.gb.net
domain: charlotte.eu.com
domain: skk.uk.com
domain: mahjongtiles.it.com
domain: aiscore.it.com
domain: h4rb-loop.barondecont.in.net
url: https://tirqavem.top/session/realm-response.php
domain: tirqavem.top
url: https://tirqavem.top/session/login-stylesheet.js
url: http://202.56.160.190:80/hrqr
domain: sprucethorn.barondecont.in.net
domain: lo98.barondecont.in.net
url: https://srmvcas.org/
domain: dynfluxal.demolishtunis.in.net
domain: talforgeal2.demolishtunis.in.net
domain: binaryassay.demolishtunis.in.net
domain: m15t7-sync.demolishtunis.in.net
domain: jjczes4.demolishtunis.in.net
file: 138.124.5.193
hash: 8080
domain: 9sis.demolishtunis.in.net
url: https://fptinternet.info/
domain: relay-chain.movementsheptun.in.net
domain: fvbtyoj.movementsheptun.in.net
domain: arn3i.movementsheptun.in.net
domain: sp4rk3-trace.movementsheptun.in.net
domain: hfx03k.movementsheptun.in.net
domain: d3pl-lab.movementsheptun.in.net
domain: lumline0al.sewdarken.in.net
domain: finalvault.sewdarken.in.net
domain: nbjc.sewdarken.in.net
domain: creditchickens.xyz
domain: geo-d4ta.sewdarken.in.net
domain: 9lftebnr.sewdarken.in.net
domain: js-slide.gcforkcg.com
domain: 5hsg8.sewdarken.in.net
domain: dr1v5-frame.dropaway.in.net
url: https://ostrowskistyl.pl/2026/03/28/leovegas-wikipedia/
domain: threaopti.dropaway.in.net
domain: vrr80sq.dropaway.in.net
domain: qnde.dropaway.in.net
domain: ijnjw.dropaway.in.net
domain: datarea.dropaway.in.net
domain: 7kutx52w.glassterrible.in.net
domain: proto-voy4.glassterrible.in.net
domain: stajestetice.top
domain: matri-insp.glassterrible.in.net
domain: secure-spool.glassterrible.in.net
file: 93.152.217.97
hash: 443
url: https://events.ms709.com/run/xyar5gfi
domain: solstice-line-drift.pro
domain: zwjk9ew.glassterrible.in.net
domain: storagefreig.glassterrible.in.net
domain: foredeliv.coddlcaught.in.net
domain: 24zog.coddlcaught.in.net
domain: shie1d-leaf.coddlcaught.in.net
domain: snapshotgeyser.coddlcaught.in.net
domain: cast-spar.coddlcaught.in.net
domain: dqkgif.granulatetouch.in.net
domain: hyper-14b.granulatetouch.in.net
domain: rnonito-watch.granulatetouch.in.net
domain: wildcircuit.granulatetouch.in.net
domain: daem-gate.granulatetouch.in.net
domain: dlnhov4.granulatetouch.in.net
domain: info-point.infovector.in.net
domain: path-finder.infovector.in.net
domain: data-relay.infovector.in.net
domain: merengagoi.bond
url: https://merengagoi.bond/cf.js
url: https://merengagoi.bond/log.php
url: https://merengagoi.bond/api/index.php
domain: route-api.infovector.in.net
domain: route-api.infovector.in.net
domain: trace-sync.infovector.in.net
domain: vector-node.infovector.in.net
domain: flow-drop.datacascade.in.net
domain: cdnst.duckdns.org
domain: stream-view.datacascade.in.net
domain: bulk-logic.datacascade.in.net
domain: tier-access.datacascade.in.net
domain: pool-manager.datacascade.in.net
domain: imya.gb.net
file: 114.207.112.13
hash: 2007
domain: mesh-gate.cyberlattice.in.net
file: 154.36.188.162
hash: 6666
domain: pbucz.sa.com
domain: powercare.in.net
domain: grid-secure.cyberlattice.in.net
domain: shield-base.cyberlattice.in.net
domain: net-fiber.cyberlattice.in.net
domain: link-vault.cyberlattice.in.net
domain: micro-bit.nanostream.in.net
domain: rapid-io.nanostream.in.net
domain: small-packet.nanostream.in.net
domain: fast-track.nanostream.in.net
domain: pulse-svc.nanostream.in.net
domain: drift-core.nanostream.in.net
domain: render-job.pixelengine.in.net
domain: image-proc.pixelengine.in.net
domain: color-map.pixelengine.in.net
domain: frame-buffer.pixelengine.in.net
domain: draw-logic.pixelengine.in.net
domain: raster-api.pixelengine.in.net
domain: beam-target.signalvector.in.net
domain: radio-freq.signalvector.in.net
domain: tower-sync.signalvector.in.net
domain: wave-form.signalvector.in.net
domain: range-extend.signalvector.in.net
domain: force-field.infodynamics.in.net
domain: lh6tecuu.apexharvestor.digital
domain: ui2rn7ei.apexharvestor.digital
url: https://greekcs.cyou
domain: e70839572.duckdns.org
domain: e70839572bk.duckdns.org
domain: fr0ippml.covenantventure.digital
domain: q55at0cm.apexharvestor.digital
domain: t7bs6h40.apexharvestor.digital
file: 109.241.233.244
hash: 4782

ThreatFox IOCs for 2026-04-01

Severity: medium

Type: malware

ThreatFox IOCs for 2026-04-01

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

United States, Germany, United Kingdom, Australia, Canada, Japan, France, Netherlands, South Korea, Singapore

Indicators of Compromise

domain: bsmaopm.duckdns.org
file: 12.202.180.133
hash: 6757
domain: star-map.astrahaven.in.net
url: https://thebusinessaccelerator.com/
domain: synapse-net.neurobloom.in.net
domain: api.permanentothertheorist.com
domain: nerve-center.neurobloom.in.net
domain: bio-sensor.neurobloom.in.net
url: https://discord.com/api/webhooks/960954050583613549/yakgomn5eytrpchuopz87piks7wk2xpb5y3ozzqxaaho2vcbn99g7k9oqsapj9ji7btr
domain: mesh-proxy.cyberhaven.in.net
file: 49.51.134.147
hash: 10001
file: 50.39.155.159
hash: 54984
domain: secure-vault.cyberhaven.in.net
file: 217.69.2.135
hash: 5000
domain: enc-tunnel.cyberhaven.in.net
domain: range-extend.signalcrest.in.net
domain: precision-io.nanovector.in.net
url: https://bemqorli.top/logout/admin-worker.js
domain: maochikomajf.com
file: 150.241.65.94
hash: 4444
file: 150.241.65.94
hash: 3000
url: http://150.241.65.94/sc32
domain: volt-check.infocircuit.in.net
domain: board-mgr.infocircuit.in.net
domain: chip-set.infocircuit.in.net
domain: secure-key.cryptovault.in.net
domain: lock-box.cryptovault.in.net
domain: secret-api.cryptovault.in.net
domain: anon-auth.cryptovault.in.net
domain: hash-store.cryptovault.in.net
domain: enc-tunnel.cryptovault.in.net
domain: main-frame.logicmatrix.in.net
domain: rule-engine.logicmatrix.in.net
domain: truth-table.logicmatrix.in.net
domain: process-io.logicmatrix.in.net
domain: decision-svc.logicmatrix.in.net
domain: brain-base.logicmatrix.in.net
domain: global-net.technosphere.in.net
domain: urban-hub.technosphere.in.net
domain: eco-monitor.technosphere.in.net
domain: world-view.technosphere.in.net
domain: meta-layer.technosphere.in.net
domain: outer-shell.technosphere.in.net
domain: synapse-log.neurovector.in.net
file: 172.245.4.226
hash: 2404
domain: mihorror2005.redirectme.net
domain: nerve-center.neurovector.in.net
domain: anderdingus.aamothership.com
domain: impulse-api.neurovector.in.net
domain: thought-hub.neurovector.in.net
domain: brain-scan.neurovector.in.net
domain: mind-node.neurovector.in.net
domain: bit-stream.quantacircuit.in.net
domain: speed-test.quantacircuit.in.net
domain: packet-flow.quantacircuit.in.net
domain: qubit-sync.quantacircuit.in.net
file: 192.227.219.95
hash: 443
domain: fast-track.quantacircuit.in.net
domain: wwww.pqpicc.com
domain: light-logic.quantacircuit.in.net
domain: data-field.digisphere.in.net
domain: cloud-ring.digisphere.in.net
hash: 12a8b0903c176cb6478b4f0bfcf8a621025c37faf83941125c803ccc3e0913e6
hash: a4ccfa85bf0faf1caad12a410342ce977418f50a14094d045e2c9e861bd2f934
hash: 929e28c42c72fc0de845fa3e77a9aed790b74249cf0700026ee89b1db6eabe25
hash: abac8cd80711555a39d73e5aeab4919af37de95d057038778b737071dc35bb88
hash: 4b467906789b3abaeeaab4483efc9a8b6b6dda044520fdd07526e71cb160b614
file: 45.153.34.120
hash: 4444
domain: kitty-guard.buzz
domain: info-orbit.digisphere.in.net
domain: web-portal.digisphere.in.net
domain: static-cdn.digisphere.in.net
domain: point-edge.digisphere.in.net
domain: flight-path.aerovector.in.net
domain: air-traffic.aerovector.in.net
domain: sky-route.aerovector.in.net
domain: wing-span.aerovector.in.net
domain: alt-logic.aerovector.in.net
domain: pilot-svc.aerovector.in.net
domain: heavy-duty.mechaforge.in.net
domain: iron-works.mechaforge.in.net
domain: power-plant.mechaforge.in.net
domain: auto-build.mechaforge.in.net
domain: steel-core.mechaforge.in.net
domain: robot-api.mechaforge.in.net
domain: border-gate.fetterland.in.net
domain: area-scanner.fetterland.in.net
domain: land-mark.fetterland.in.net
domain: soil-monitor.fetterland.in.net
domain: fence-logic.fetterland.in.net
domain: site-connect.fetterland.in.net
domain: water-flow.needwatka.in.net
domain: soemyidcbiue.cn
file: 95.40.168.23
hash: 670
domain: fbmtingttk.cn
file: 43.198.45.195
hash: 8880
domain: liquid-api.needwatka.in.net
domain: well-point.needwatka.in.net
domain: pump-ctrl.needwatka.in.net
domain: hydro-svc.needwatka.in.net
file: 130.12.182.175
hash: 424
file: 46.151.182.245
hash: 424
file: 31.57.216.28
hash: 424
file: 204.76.203.165
hash: 424
file: 130.12.180.119
hash: 424
file: 31.57.216.27
hash: 424
file: 46.151.182.19
hash: 424
domain: source-log.needwatka.in.net
url: https://204.168.172.164
domain: spin-cycle.dervishpeel.in.net
domain: cyrsite.top
domain: swimrest.xyz
domain: layer-check.dervishpeel.in.net
domain: digitaloptionslznpz.za.com
domain: elevoji.za.com
domain: guide-school.za.com
domain: hitsed.ru.com
domain: shtnsn.za.com
domain: silverseeker.sa.com
url: https://204.168.220.27
file: 138.201.106.62
hash: 7004
domain: outer-shell.dervishpeel.in.net
file: 39.109.116.103
hash: 6666
url: http://e732a5ae.xyz/index.php
url: http://e732a5ae.top/index.php
file: 199.217.99.119
hash: 80
domain: core-wrap.dervishpeel.in.net
url: http://a2b5caf8.buzz/2/index.php
file: 217.60.248.91
hash: 80
domain: rotate-node.dervishpeel.in.net
domain: skin-proxy.dervishpeel.in.net
domain: spider-net.industtarant.in.net
domain: web-crawl.industtarant.in.net
domain: factory-io.industtarant.in.net
domain: heavy-link.industtarant.in.net
domain: venom-dev.industtarant.in.net
domain: silk-route.industtarant.in.net
domain: small-frame.cameoinfusion.in.net
domain: art-portal.cameoinfusion.in.net
domain: style-sync.cameoinfusion.in.net
domain: color-mix.cameoinfusion.in.net
domain: blend-master.cameoinfusion.in.net
url: http://fortlauderdalelemonlaw.com/curl/6e94eaa0bb819eb49d74473da0a4c4afb8df11080d512813d135ce1cc8dcf403
domain: video-drop.cameoinfusion.in.net
url: https://www.motip.com/uploads_motip/verification.html
domain: action-log.fighttrapper.in.net
hash: 5577857d4b69217b12f59c8fd58b8e8ce57645ff19097c00693733bca86abb63
domain: cage-match.fighttrapper.in.net
file: 110.43.68.89
hash: 10001
file: 52.81.200.103
hash: 10001
file: 151.59.152.232
hash: 8080
file: 2.143.111.26
hash: 6000
file: 110.36.65.23
hash: 57788
domain: catch-node.fighttrapper.in.net
file: 178.16.54.14
hash: 80
file: 45.155.250.126
hash: 80
domain: secure-hit.fighttrapper.in.net
domain: target-api.fighttrapper.in.net
domain: def-system.fighttrapper.in.net
domain: sound-check.lohsmacknon.in.net
domain: bass-boost.lohsmacknon.in.net
domain: echo-relay.lohsmacknon.in.net
domain: noise-gate.lohsmacknon.in.net
domain: audio-path.lohsmacknon.in.net
domain: wave-form.lohsmacknon.in.net
domain: qpo.smoothfacing.cfd
domain: foot.trxzidan.icu
domain: bio-record.maknothplacenta.in.net
domain: life-cycle.maknothplacenta.in.net
url: http://cz762927.tw1.ru/l1nc0in.php
domain: cell-logic.maknothplacenta.in.net
domain: organ-sync.maknothplacenta.in.net
domain: health-node.maknothplacenta.in.net
domain: root-source.maknothplacenta.in.net
domain: farm-logic.combinekabisia.in.net
file: 3.69.49.61
hash: 80
file: 159.75.76.236
hash: 443
file: 38.22.91.131
hash: 8080
domain: grain-store.combinekabisia.in.net
url: https://centegn.cyou
file: 5.180.24.16
hash: 80
url: http://5.180.24.16/api/upload-data
url: http://5.180.24.16/ws/client
domain: harvest-api.combinekabisia.in.net
file: 91.202.233.67
hash: 5555
domain: shlyapadulina.space
domain: field-scan.combinekabisia.in.net
file: 65.109.103.93
hash: 80
file: 212.162.150.121
hash: 80
url: http://65.109.103.93/api/upload-data
url: http://212.162.150.121/api/upload-data
url: http://65.109.103.93/ws/client
url: http://212.162.150.121/ws/client
domain: crop-trace.combinekabisia.in.net
domain: yuosryb6o.ddns.net
domain: yuosryb6o.duckdns.org
domain: yield-hub.combinekabisia.in.net
domain: high-note.brillwhistleb.in.net
domain: tune-api.brillwhistleb.in.net
domain: signal-box.brillwhistleb.in.net
domain: alert-svc.brillwhistleb.in.net
domain: wind-flow.brillwhistleb.in.net
domain: loud-cloud.brillwhistleb.in.net
file: 185.38.142.5
hash: 5003
domain: soft-glob.driveaway.in.net
domain: wzovragk.driveaway.in.net
domain: nppw50at.driveaway.in.net
file: 45.221.118.180
hash: 111
file: 152.136.43.210
hash: 8083
file: 43.230.161.81
hash: 443
file: 104.168.149.226
hash: 443
file: 103.40.253.162
hash: 443
file: 113.45.65.232
hash: 443
file: 161.97.139.204
hash: 3333
file: 5.226.191.169
hash: 4433
file: 46.225.174.26
hash: 3333
file: 108.162.67.124
hash: 443
file: 141.95.160.129
hash: 3333
file: 5.129.194.137
hash: 3333
file: 139.59.106.165
hash: 8443
file: 178.104.45.253
hash: 8080
file: 54.157.76.50
hash: 443
file: 189.56.104.221
hash: 8443
file: 147.45.45.79
hash: 31337
file: 77.90.185.69
hash: 31337
file: 165.245.130.101
hash: 31337
file: 164.92.67.70
hash: 443
file: 192.227.239.42
hash: 8443
domain: compilpow.driveaway.in.net
file: 144.172.88.60
hash: 4443
file: 89.169.54.130
hash: 7443
url: https://docviews43.dynv6.net/
url: https://docviews24.dynv6.net/
url: https://elecviews55.dynv6.net/
url: https://docviews59.dynv6.net/
url: https://elecviews87.dynv6.net/
url: https://docviews5.dynv6.net/
url: https://search20s.dynv6.net/
url: https://docviews40.dynv6.net/
url: https://docviews65.dynv6.net/
url: https://docviews35.dynv6.net/
url: https://join39s.dynv6.net/
url: http://docviews56.dynv6.net/
url: https://nids58.dynv6.net/
url: https://docviews8.dynv6.net/
url: https://elecviews49.dynv6.net/
url: https://note4.dns.army/
url: https://edocview7.dynv6.net/
url: https://elecviews40.dynv6.net/
url: https://docviews71.dynv6.net/
url: https://nids19.dynv6.net/
url: https://elecviews39.dynv6.net/
url: https://77.91.97.162/g93kdwj3s/index.php
url: https://taozi.win/
url: https://der04.top/
url: https://api.telegram.org/bot8271047137:aaeexdi10mt9iueumeprigosff1itlciw-0/
url: https://api.telegram.org/bot8565137147:aae7jjjsdr6xpvh7pt_ahuej8udtf-issyw/
domain: v2.xoilacvi.co
domain: v3.xoilacvi.co
domain: choru5-hinge.driveaway.in.net
domain: brighterlib.click
domain: kxep42pp.driveaway.in.net
domain: wild-mount.vivatwoman.in.net
url: https://wexlunto.top/session/version-header.js
domain: wexlunto.top
url: https://wexlunto.top/session/realm-response.php
url: https://wexlunto.top/session/login-stylesheet.js
url: https://pelgiron.com/v1/user/py
url: https://t.me/xerkoper
domain: solcresten2.vivatwoman.in.net
domain: 6jamieya.vivatwoman.in.net
domain: iopv.net
url: https://iopv.net/init
domain: lumnexen7.vivatwoman.in.net
url: https://iopv.net/register
url: https://willowbrooktownhouse.com/
domain: norvenix2.vivatwoman.in.net
domain: neo-d3v.vivatwoman.in.net
domain: ballieballerson.com
domain: qobavx3.barondecont.in.net
domain: calmion.barondecont.in.net
domain: crirn4-point.barondecont.in.net
domain: lotusstudiopr.us.com
domain: proveritas.eu.com
domain: greek.gb.net
domain: charlotte.eu.com
domain: skk.uk.com
domain: mahjongtiles.it.com
domain: aiscore.it.com
domain: h4rb-loop.barondecont.in.net
url: https://tirqavem.top/session/realm-response.php
domain: tirqavem.top
url: https://tirqavem.top/session/login-stylesheet.js
url: http://202.56.160.190:80/hrqr
domain: sprucethorn.barondecont.in.net
domain: lo98.barondecont.in.net
url: https://srmvcas.org/
domain: dynfluxal.demolishtunis.in.net
domain: talforgeal2.demolishtunis.in.net
domain: binaryassay.demolishtunis.in.net
domain: m15t7-sync.demolishtunis.in.net
domain: jjczes4.demolishtunis.in.net
file: 138.124.5.193
hash: 8080
domain: 9sis.demolishtunis.in.net
url: https://fptinternet.info/
domain: relay-chain.movementsheptun.in.net
domain: fvbtyoj.movementsheptun.in.net
domain: arn3i.movementsheptun.in.net
domain: sp4rk3-trace.movementsheptun.in.net
domain: hfx03k.movementsheptun.in.net
domain: d3pl-lab.movementsheptun.in.net
domain: lumline0al.sewdarken.in.net
domain: finalvault.sewdarken.in.net
domain: nbjc.sewdarken.in.net
domain: creditchickens.xyz
domain: geo-d4ta.sewdarken.in.net
domain: 9lftebnr.sewdarken.in.net
domain: js-slide.gcforkcg.com
domain: 5hsg8.sewdarken.in.net
domain: dr1v5-frame.dropaway.in.net
url: https://ostrowskistyl.pl/2026/03/28/leovegas-wikipedia/
domain: threaopti.dropaway.in.net
domain: vrr80sq.dropaway.in.net
domain: qnde.dropaway.in.net
domain: ijnjw.dropaway.in.net
domain: datarea.dropaway.in.net
domain: 7kutx52w.glassterrible.in.net
domain: proto-voy4.glassterrible.in.net
domain: stajestetice.top
domain: matri-insp.glassterrible.in.net
domain: secure-spool.glassterrible.in.net
file: 93.152.217.97
hash: 443
url: https://events.ms709.com/run/xyar5gfi
domain: solstice-line-drift.pro
domain: zwjk9ew.glassterrible.in.net
domain: storagefreig.glassterrible.in.net
domain: foredeliv.coddlcaught.in.net
domain: 24zog.coddlcaught.in.net
domain: shie1d-leaf.coddlcaught.in.net
domain: snapshotgeyser.coddlcaught.in.net
domain: cast-spar.coddlcaught.in.net
domain: dqkgif.granulatetouch.in.net
domain: hyper-14b.granulatetouch.in.net
domain: rnonito-watch.granulatetouch.in.net
domain: wildcircuit.granulatetouch.in.net
domain: daem-gate.granulatetouch.in.net
domain: dlnhov4.granulatetouch.in.net
domain: info-point.infovector.in.net
domain: path-finder.infovector.in.net
domain: data-relay.infovector.in.net
domain: merengagoi.bond
url: https://merengagoi.bond/cf.js
url: https://merengagoi.bond/log.php
url: https://merengagoi.bond/api/index.php
domain: route-api.infovector.in.net
domain: route-api.infovector.in.net
domain: trace-sync.infovector.in.net
domain: vector-node.infovector.in.net
domain: flow-drop.datacascade.in.net
domain: cdnst.duckdns.org
domain: stream-view.datacascade.in.net
domain: bulk-logic.datacascade.in.net
domain: tier-access.datacascade.in.net
domain: pool-manager.datacascade.in.net
domain: imya.gb.net
file: 114.207.112.13
hash: 2007
domain: mesh-gate.cyberlattice.in.net
file: 154.36.188.162
hash: 6666
domain: pbucz.sa.com
domain: powercare.in.net
domain: grid-secure.cyberlattice.in.net
domain: shield-base.cyberlattice.in.net
domain: net-fiber.cyberlattice.in.net
domain: link-vault.cyberlattice.in.net
domain: micro-bit.nanostream.in.net
domain: rapid-io.nanostream.in.net
domain: small-packet.nanostream.in.net
domain: fast-track.nanostream.in.net
domain: pulse-svc.nanostream.in.net
domain: drift-core.nanostream.in.net
domain: render-job.pixelengine.in.net
domain: image-proc.pixelengine.in.net
domain: color-map.pixelengine.in.net
domain: frame-buffer.pixelengine.in.net
domain: draw-logic.pixelengine.in.net
domain: raster-api.pixelengine.in.net
domain: beam-target.signalvector.in.net
domain: radio-freq.signalvector.in.net
domain: tower-sync.signalvector.in.net
domain: wave-form.signalvector.in.net
domain: range-extend.signalvector.in.net
domain: force-field.infodynamics.in.net
domain: lh6tecuu.apexharvestor.digital
domain: ui2rn7ei.apexharvestor.digital
url: https://greekcs.cyou
domain: e70839572.duckdns.org
domain: e70839572bk.duckdns.org
domain: fr0ippml.covenantventure.digital
domain: q55at0cm.apexharvestor.digital
domain: t7bs6h40.apexharvestor.digital
file: 109.241.233.244
hash: 4782

Source: ThreatFox MISP Feed

Published: Wed Apr 01 2026

ThreatFox IOCs for 2026-04-01

Medium

Malwaretype:osint tlp:white

Published: Wed Apr 01 2026 (04/01/2026, 00:00:00 UTC)

Source: ThreatFox MISP Feed

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2026-04-01

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 04/02/2026, 00:24:58 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: efc5811f-b6c7-4139-baa5-188bef2805ba
Original Timestamp: 1775088187

Indicators of Compromise

Domain

Value	Description	Copy
domainbsmaopm.duckdns.org	PureRAT botnet C2 domain (confidence level: 100%)
domainstar-map.astrahaven.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsynapse-net.neurobloom.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainapi.permanentothertheorist.com	ClearFake payload delivery domain (confidence level: 50%)
domainnerve-center.neurobloom.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbio-sensor.neurobloom.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainmesh-proxy.cyberhaven.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsecure-vault.cyberhaven.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainenc-tunnel.cyberhaven.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainrange-extend.signalcrest.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainprecision-io.nanovector.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainmaochikomajf.com	IClickFix payload delivery domain (confidence level: 50%)
domainvolt-check.infocircuit.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainboard-mgr.infocircuit.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainchip-set.infocircuit.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsecure-key.cryptovault.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainlock-box.cryptovault.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsecret-api.cryptovault.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainanon-auth.cryptovault.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainhash-store.cryptovault.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainenc-tunnel.cryptovault.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainmain-frame.logicmatrix.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainrule-engine.logicmatrix.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaintruth-table.logicmatrix.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainprocess-io.logicmatrix.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindecision-svc.logicmatrix.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbrain-base.logicmatrix.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainglobal-net.technosphere.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainurban-hub.technosphere.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaineco-monitor.technosphere.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainworld-view.technosphere.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainmeta-layer.technosphere.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainouter-shell.technosphere.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsynapse-log.neurovector.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainmihorror2005.redirectme.net	Quasar RAT botnet C2 domain (confidence level: 100%)
domainnerve-center.neurovector.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainanderdingus.aamothership.com	XWorm botnet C2 domain (confidence level: 100%)
domainimpulse-api.neurovector.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainthought-hub.neurovector.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbrain-scan.neurovector.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainmind-node.neurovector.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbit-stream.quantacircuit.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainspeed-test.quantacircuit.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainpacket-flow.quantacircuit.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainqubit-sync.quantacircuit.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainfast-track.quantacircuit.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainwwww.pqpicc.com	Remcos botnet C2 domain (confidence level: 75%)
domainlight-logic.quantacircuit.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindata-field.digisphere.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincloud-ring.digisphere.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainkitty-guard.buzz	AdaptixC2 botnet C2 domain (confidence level: 100%)
domaininfo-orbit.digisphere.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainweb-portal.digisphere.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainstatic-cdn.digisphere.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainpoint-edge.digisphere.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainflight-path.aerovector.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainair-traffic.aerovector.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsky-route.aerovector.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainwing-span.aerovector.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainalt-logic.aerovector.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainpilot-svc.aerovector.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainheavy-duty.mechaforge.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainiron-works.mechaforge.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainpower-plant.mechaforge.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainauto-build.mechaforge.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsteel-core.mechaforge.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainrobot-api.mechaforge.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainborder-gate.fetterland.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainarea-scanner.fetterland.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainland-mark.fetterland.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsoil-monitor.fetterland.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainfence-logic.fetterland.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsite-connect.fetterland.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainwater-flow.needwatka.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsoemyidcbiue.cn	ValleyRAT botnet C2 domain (confidence level: 100%)
domainfbmtingttk.cn	ValleyRAT botnet C2 domain (confidence level: 100%)
domainliquid-api.needwatka.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainwell-point.needwatka.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainpump-ctrl.needwatka.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainhydro-svc.needwatka.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsource-log.needwatka.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainspin-cycle.dervishpeel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincyrsite.top	Unknown RAT botnet C2 domain (confidence level: 100%)
domainswimrest.xyz	Unknown Loader botnet C2 domain (confidence level: 100%)
domainlayer-check.dervishpeel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindigitaloptionslznpz.za.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainelevoji.za.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainguide-school.za.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainhitsed.ru.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainshtnsn.za.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainsilverseeker.sa.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainouter-shell.dervishpeel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincore-wrap.dervishpeel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainrotate-node.dervishpeel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainskin-proxy.dervishpeel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainspider-net.industtarant.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainweb-crawl.industtarant.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainfactory-io.industtarant.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainheavy-link.industtarant.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainvenom-dev.industtarant.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsilk-route.industtarant.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsmall-frame.cameoinfusion.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainart-portal.cameoinfusion.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainstyle-sync.cameoinfusion.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincolor-mix.cameoinfusion.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainblend-master.cameoinfusion.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainvideo-drop.cameoinfusion.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainaction-log.fighttrapper.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincage-match.fighttrapper.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincatch-node.fighttrapper.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsecure-hit.fighttrapper.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaintarget-api.fighttrapper.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindef-system.fighttrapper.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsound-check.lohsmacknon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbass-boost.lohsmacknon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainecho-relay.lohsmacknon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainnoise-gate.lohsmacknon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainaudio-path.lohsmacknon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainwave-form.lohsmacknon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainqpo.smoothfacing.cfd	ACR Stealer botnet C2 domain (confidence level: 100%)
domainfoot.trxzidan.icu	ACR Stealer botnet C2 domain (confidence level: 100%)
domainbio-record.maknothplacenta.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainlife-cycle.maknothplacenta.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincell-logic.maknothplacenta.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainorgan-sync.maknothplacenta.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainhealth-node.maknothplacenta.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainroot-source.maknothplacenta.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainfarm-logic.combinekabisia.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaingrain-store.combinekabisia.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainharvest-api.combinekabisia.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainshlyapadulina.space	Unknown Stealer payload delivery domain (confidence level: 100%)
domainfield-scan.combinekabisia.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincrop-trace.combinekabisia.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainyuosryb6o.ddns.net	Remcos botnet C2 domain (confidence level: 75%)
domainyuosryb6o.duckdns.org	Remcos botnet C2 domain (confidence level: 75%)
domainyield-hub.combinekabisia.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainhigh-note.brillwhistleb.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaintune-api.brillwhistleb.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsignal-box.brillwhistleb.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainalert-svc.brillwhistleb.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainwind-flow.brillwhistleb.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainloud-cloud.brillwhistleb.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsoft-glob.driveaway.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainwzovragk.driveaway.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainnppw50at.driveaway.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincompilpow.driveaway.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainv2.xoilacvi.co	DCRat botnet C2 domain (confidence level: 50%)
domainv3.xoilacvi.co	DCRat botnet C2 domain (confidence level: 50%)
domainchoru5-hinge.driveaway.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbrighterlib.click	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainkxep42pp.driveaway.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainwild-mount.vivatwoman.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainwexlunto.top	SmartApeSG payload delivery domain (confidence level: 100%)
domainsolcresten2.vivatwoman.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain6jamieya.vivatwoman.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainiopv.net	Unknown malware payload delivery domain (confidence level: 100%)
domainlumnexen7.vivatwoman.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainnorvenix2.vivatwoman.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainneo-d3v.vivatwoman.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainballieballerson.com	Unknown malware payload delivery domain (confidence level: 100%)
domainqobavx3.barondecont.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincalmion.barondecont.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincrirn4-point.barondecont.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainlotusstudiopr.us.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainproveritas.eu.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domaingreek.gb.net	Quasar RAT botnet C2 domain (confidence level: 100%)
domaincharlotte.eu.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainskk.uk.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainmahjongtiles.it.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainaiscore.it.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainh4rb-loop.barondecont.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaintirqavem.top	SmartApeSG payload delivery domain (confidence level: 100%)
domainsprucethorn.barondecont.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainlo98.barondecont.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindynfluxal.demolishtunis.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaintalforgeal2.demolishtunis.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbinaryassay.demolishtunis.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainm15t7-sync.demolishtunis.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainjjczes4.demolishtunis.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain9sis.demolishtunis.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainrelay-chain.movementsheptun.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainfvbtyoj.movementsheptun.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainarn3i.movementsheptun.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsp4rk3-trace.movementsheptun.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainhfx03k.movementsheptun.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaind3pl-lab.movementsheptun.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainlumline0al.sewdarken.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainfinalvault.sewdarken.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainnbjc.sewdarken.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincreditchickens.xyz	Unknown Loader botnet C2 domain (confidence level: 100%)
domaingeo-d4ta.sewdarken.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain9lftebnr.sewdarken.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainjs-slide.gcforkcg.com	FAKEUPDATES botnet C2 domain (confidence level: 100%)
domain5hsg8.sewdarken.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindr1v5-frame.dropaway.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainthreaopti.dropaway.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainvrr80sq.dropaway.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainqnde.dropaway.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainijnjw.dropaway.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindatarea.dropaway.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain7kutx52w.glassterrible.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainproto-voy4.glassterrible.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainstajestetice.top	Unknown RAT payload delivery domain (confidence level: 100%)
domainmatri-insp.glassterrible.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsecure-spool.glassterrible.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsolstice-line-drift.pro	DeerStealer botnet C2 domain (confidence level: 100%)
domainzwjk9ew.glassterrible.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainstoragefreig.glassterrible.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainforedeliv.coddlcaught.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain24zog.coddlcaught.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainshie1d-leaf.coddlcaught.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsnapshotgeyser.coddlcaught.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincast-spar.coddlcaught.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindqkgif.granulatetouch.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainhyper-14b.granulatetouch.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainrnonito-watch.granulatetouch.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainwildcircuit.granulatetouch.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindaem-gate.granulatetouch.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindlnhov4.granulatetouch.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaininfo-point.infovector.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainpath-finder.infovector.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindata-relay.infovector.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainmerengagoi.bond	Unknown malware payload delivery domain (confidence level: 100%)
domainroute-api.infovector.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainroute-api.infovector.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaintrace-sync.infovector.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainvector-node.infovector.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainflow-drop.datacascade.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincdnst.duckdns.org	XWorm botnet C2 domain (confidence level: 75%)
domainstream-view.datacascade.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbulk-logic.datacascade.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaintier-access.datacascade.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainpool-manager.datacascade.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainimya.gb.net	Quasar RAT botnet C2 domain (confidence level: 100%)
domainmesh-gate.cyberlattice.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainpbucz.sa.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainpowercare.in.net	Quasar RAT botnet C2 domain (confidence level: 100%)
domaingrid-secure.cyberlattice.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainshield-base.cyberlattice.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainnet-fiber.cyberlattice.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainlink-vault.cyberlattice.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainmicro-bit.nanostream.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainrapid-io.nanostream.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsmall-packet.nanostream.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainfast-track.nanostream.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainpulse-svc.nanostream.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindrift-core.nanostream.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainrender-job.pixelengine.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainimage-proc.pixelengine.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincolor-map.pixelengine.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainframe-buffer.pixelengine.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindraw-logic.pixelengine.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainraster-api.pixelengine.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbeam-target.signalvector.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainradio-freq.signalvector.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaintower-sync.signalvector.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainwave-form.signalvector.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainrange-extend.signalvector.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainforce-field.infodynamics.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainlh6tecuu.apexharvestor.digital	ClearFake payload delivery domain (confidence level: 100%)
domainui2rn7ei.apexharvestor.digital	ClearFake payload delivery domain (confidence level: 100%)
domaine70839572.duckdns.org	Remcos botnet C2 domain (confidence level: 100%)
domaine70839572bk.duckdns.org	Remcos botnet C2 domain (confidence level: 100%)
domainfr0ippml.covenantventure.digital	ClearFake payload delivery domain (confidence level: 100%)
domainq55at0cm.apexharvestor.digital	ClearFake payload delivery domain (confidence level: 100%)
domaint7bs6h40.apexharvestor.digital	ClearFake payload delivery domain (confidence level: 100%)

File

Value	Description	Copy
file12.202.180.133	PureRAT botnet C2 server (confidence level: 100%)
file49.51.134.147	Xtreme RAT botnet C2 server (confidence level: 100%)
file50.39.155.159	Nanocore RAT botnet C2 server (confidence level: 100%)
file217.69.2.135	GlassWorm botnet C2 server (confidence level: 100%)
file150.241.65.94	Unknown malware botnet C2 server (confidence level: 100%)
file150.241.65.94	Unknown malware botnet C2 server (confidence level: 100%)
file172.245.4.226	Remcos botnet C2 server (confidence level: 100%)
file192.227.219.95	Remcos botnet C2 server (confidence level: 100%)
file45.153.34.120	AdaptixC2 botnet C2 server (confidence level: 100%)
file95.40.168.23	ValleyRAT botnet C2 server (confidence level: 75%)
file43.198.45.195	ValleyRAT botnet C2 server (confidence level: 75%)
file130.12.182.175	Tofsee botnet C2 server (confidence level: 75%)
file46.151.182.245	Tofsee botnet C2 server (confidence level: 75%)
file31.57.216.28	Tofsee botnet C2 server (confidence level: 75%)
file204.76.203.165	Tofsee botnet C2 server (confidence level: 75%)
file130.12.180.119	Tofsee botnet C2 server (confidence level: 75%)
file31.57.216.27	Tofsee botnet C2 server (confidence level: 75%)
file46.151.182.19	Tofsee botnet C2 server (confidence level: 75%)
file138.201.106.62	XWorm botnet C2 server (confidence level: 100%)
file39.109.116.103	ValleyRAT botnet C2 server (confidence level: 100%)
file199.217.99.119	Unknown RAT botnet C2 server (confidence level: 75%)
file217.60.248.91	Unknown RAT botnet C2 server (confidence level: 75%)
file110.43.68.89	Xtreme RAT botnet C2 server (confidence level: 100%)
file52.81.200.103	Xtreme RAT botnet C2 server (confidence level: 100%)
file151.59.152.232	SectopRAT botnet C2 server (confidence level: 100%)
file2.143.111.26	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file110.36.65.23	Mozi botnet C2 server (confidence level: 100%)
file178.16.54.14	Socks5 Systemz botnet C2 server (confidence level: 100%)
file45.155.250.126	Socks5 Systemz botnet C2 server (confidence level: 100%)
file3.69.49.61	Cobalt Strike botnet C2 server (confidence level: 100%)
file159.75.76.236	Cobalt Strike botnet C2 server (confidence level: 100%)
file38.22.91.131	Cobalt Strike botnet C2 server (confidence level: 100%)
file5.180.24.16	Unknown malware botnet C2 server (confidence level: 75%)
file91.202.233.67	Unknown malware botnet C2 server (confidence level: 75%)
file65.109.103.93	Unknown malware botnet C2 server (confidence level: 75%)
file212.162.150.121	Unknown malware botnet C2 server (confidence level: 75%)
file185.38.142.5	STRRAT botnet C2 server (confidence level: 100%)
file45.221.118.180	Cobalt Strike botnet C2 server (confidence level: 50%)
file152.136.43.210	Cobalt Strike botnet C2 server (confidence level: 50%)
file43.230.161.81	Cobalt Strike botnet C2 server (confidence level: 50%)
file104.168.149.226	Cobalt Strike botnet C2 server (confidence level: 50%)
file103.40.253.162	Unknown malware botnet C2 server (confidence level: 50%)
file113.45.65.232	Unknown malware botnet C2 server (confidence level: 50%)
file161.97.139.204	Unknown malware botnet C2 server (confidence level: 50%)
file5.226.191.169	Unknown malware botnet C2 server (confidence level: 50%)
file46.225.174.26	Unknown malware botnet C2 server (confidence level: 50%)
file108.162.67.124	Unknown malware botnet C2 server (confidence level: 50%)
file141.95.160.129	Unknown malware botnet C2 server (confidence level: 50%)
file5.129.194.137	Unknown malware botnet C2 server (confidence level: 50%)
file139.59.106.165	Unknown malware botnet C2 server (confidence level: 50%)
file178.104.45.253	Unknown malware botnet C2 server (confidence level: 50%)
file54.157.76.50	Unknown malware botnet C2 server (confidence level: 50%)
file189.56.104.221	Unknown malware botnet C2 server (confidence level: 50%)
file147.45.45.79	Sliver botnet C2 server (confidence level: 50%)
file77.90.185.69	Sliver botnet C2 server (confidence level: 50%)
file165.245.130.101	Sliver botnet C2 server (confidence level: 50%)
file164.92.67.70	Havoc botnet C2 server (confidence level: 50%)
file192.227.239.42	AdaptixC2 botnet C2 server (confidence level: 50%)
file144.172.88.60	Unknown malware botnet C2 server (confidence level: 50%)
file89.169.54.130	Unknown malware botnet C2 server (confidence level: 50%)
file138.124.5.193	Amnesia RAT botnet C2 server (confidence level: 50%)
file93.152.217.97	Unknown malware botnet C2 server (confidence level: 75%)
file114.207.112.13	XWorm botnet C2 server (confidence level: 100%)
file154.36.188.162	ValleyRAT botnet C2 server (confidence level: 100%)
file109.241.233.244	Quasar RAT botnet C2 server (confidence level: 100%)

Hash

Value	Description	Copy
hash6757	PureRAT botnet C2 server (confidence level: 100%)
hash10001	Xtreme RAT botnet C2 server (confidence level: 100%)
hash54984	Nanocore RAT botnet C2 server (confidence level: 100%)
hash5000	GlassWorm botnet C2 server (confidence level: 100%)
hash4444	Unknown malware botnet C2 server (confidence level: 100%)
hash3000	Unknown malware botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash443	Remcos botnet C2 server (confidence level: 100%)
hash12a8b0903c176cb6478b4f0bfcf8a621025c37faf83941125c803ccc3e0913e6	AdaptixC2 payload (confidence level: 100%)
hasha4ccfa85bf0faf1caad12a410342ce977418f50a14094d045e2c9e861bd2f934	AdaptixC2 payload (confidence level: 100%)
hash929e28c42c72fc0de845fa3e77a9aed790b74249cf0700026ee89b1db6eabe25	AdaptixC2 payload (confidence level: 100%)
hashabac8cd80711555a39d73e5aeab4919af37de95d057038778b737071dc35bb88	AdaptixC2 payload (confidence level: 100%)
hash4b467906789b3abaeeaab4483efc9a8b6b6dda044520fdd07526e71cb160b614	AdaptixC2 payload (confidence level: 100%)
hash4444	AdaptixC2 botnet C2 server (confidence level: 100%)
hash670	ValleyRAT botnet C2 server (confidence level: 75%)
hash8880	ValleyRAT botnet C2 server (confidence level: 75%)
hash424	Tofsee botnet C2 server (confidence level: 75%)
hash424	Tofsee botnet C2 server (confidence level: 75%)
hash424	Tofsee botnet C2 server (confidence level: 75%)
hash424	Tofsee botnet C2 server (confidence level: 75%)
hash424	Tofsee botnet C2 server (confidence level: 75%)
hash424	Tofsee botnet C2 server (confidence level: 75%)
hash424	Tofsee botnet C2 server (confidence level: 75%)
hash7004	XWorm botnet C2 server (confidence level: 100%)
hash6666	ValleyRAT botnet C2 server (confidence level: 100%)
hash80	Unknown RAT botnet C2 server (confidence level: 75%)
hash80	Unknown RAT botnet C2 server (confidence level: 75%)
hash5577857d4b69217b12f59c8fd58b8e8ce57645ff19097c00693733bca86abb63	Unknown malware payload (confidence level: 100%)
hash10001	Xtreme RAT botnet C2 server (confidence level: 100%)
hash10001	Xtreme RAT botnet C2 server (confidence level: 100%)
hash8080	SectopRAT botnet C2 server (confidence level: 100%)
hash6000	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash57788	Mozi botnet C2 server (confidence level: 100%)
hash80	Socks5 Systemz botnet C2 server (confidence level: 100%)
hash80	Socks5 Systemz botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 75%)
hash5555	Unknown malware botnet C2 server (confidence level: 75%)
hash80	Unknown malware botnet C2 server (confidence level: 75%)
hash80	Unknown malware botnet C2 server (confidence level: 75%)
hash5003	STRRAT botnet C2 server (confidence level: 100%)
hash111	Cobalt Strike botnet C2 server (confidence level: 50%)
hash8083	Cobalt Strike botnet C2 server (confidence level: 50%)
hash443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash443	Unknown malware botnet C2 server (confidence level: 50%)
hash443	Unknown malware botnet C2 server (confidence level: 50%)
hash3333	Unknown malware botnet C2 server (confidence level: 50%)
hash4433	Unknown malware botnet C2 server (confidence level: 50%)
hash3333	Unknown malware botnet C2 server (confidence level: 50%)
hash443	Unknown malware botnet C2 server (confidence level: 50%)
hash3333	Unknown malware botnet C2 server (confidence level: 50%)
hash3333	Unknown malware botnet C2 server (confidence level: 50%)
hash8443	Unknown malware botnet C2 server (confidence level: 50%)
hash8080	Unknown malware botnet C2 server (confidence level: 50%)
hash443	Unknown malware botnet C2 server (confidence level: 50%)
hash8443	Unknown malware botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash443	Havoc botnet C2 server (confidence level: 50%)
hash8443	AdaptixC2 botnet C2 server (confidence level: 50%)
hash4443	Unknown malware botnet C2 server (confidence level: 50%)
hash7443	Unknown malware botnet C2 server (confidence level: 50%)
hash8080	Amnesia RAT botnet C2 server (confidence level: 50%)
hash443	Unknown malware botnet C2 server (confidence level: 75%)
hash2007	XWorm botnet C2 server (confidence level: 100%)
hash6666	ValleyRAT botnet C2 server (confidence level: 100%)
hash4782	Quasar RAT botnet C2 server (confidence level: 100%)

Url

Value	Description	Copy
urlhttps://thebusinessaccelerator.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://discord.com/api/webhooks/960954050583613549/yakgomn5eytrpchuopz87piks7wk2xpb5y3ozzqxaaho2vcbn99g7k9oqsapj9ji7btr	Unknown malware botnet C2 (confidence level: 100%)
urlhttps://bemqorli.top/logout/admin-worker.js	SmartApeSG payload delivery URL (confidence level: 100%)
urlhttp://150.241.65.94/sc32	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://204.168.172.164	Vidar botnet C2 (confidence level: 75%)
urlhttps://204.168.220.27	Vidar botnet C2 (confidence level: 75%)
urlhttp://e732a5ae.xyz/index.php	Unknown RAT botnet C2 (confidence level: 100%)
urlhttp://e732a5ae.top/index.php	Unknown RAT botnet C2 (confidence level: 100%)
urlhttp://a2b5caf8.buzz/2/index.php	Unknown RAT botnet C2 (confidence level: 100%)
urlhttp://fortlauderdalelemonlaw.com/curl/6e94eaa0bb819eb49d74473da0a4c4afb8df11080d512813d135ce1cc8dcf403	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://www.motip.com/uploads_motip/verification.html	Unknown malware payload delivery URL (confidence level: 90%)
urlhttp://cz762927.tw1.ru/l1nc0in.php	DCRat botnet C2 (confidence level: 100%)
urlhttps://centegn.cyou	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttp://5.180.24.16/api/upload-data	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://5.180.24.16/ws/client	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://65.109.103.93/api/upload-data	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://212.162.150.121/api/upload-data	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://65.109.103.93/ws/client	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://212.162.150.121/ws/client	Unknown malware botnet C2 (confidence level: 100%)
urlhttps://docviews43.dynv6.net/	Kimsuky botnet C2 (confidence level: 50%)
urlhttps://docviews24.dynv6.net/	Kimsuky botnet C2 (confidence level: 50%)
urlhttps://elecviews55.dynv6.net/	Kimsuky botnet C2 (confidence level: 50%)
urlhttps://docviews59.dynv6.net/	Kimsuky botnet C2 (confidence level: 50%)
urlhttps://elecviews87.dynv6.net/	Kimsuky botnet C2 (confidence level: 50%)
urlhttps://docviews5.dynv6.net/	Kimsuky botnet C2 (confidence level: 50%)
urlhttps://search20s.dynv6.net/	Kimsuky botnet C2 (confidence level: 50%)
urlhttps://docviews40.dynv6.net/	Kimsuky botnet C2 (confidence level: 50%)
urlhttps://docviews65.dynv6.net/	Kimsuky botnet C2 (confidence level: 50%)
urlhttps://docviews35.dynv6.net/	Kimsuky botnet C2 (confidence level: 50%)
urlhttps://join39s.dynv6.net/	Kimsuky botnet C2 (confidence level: 50%)
urlhttp://docviews56.dynv6.net/	Kimsuky botnet C2 (confidence level: 50%)
urlhttps://nids58.dynv6.net/	Kimsuky botnet C2 (confidence level: 50%)
urlhttps://docviews8.dynv6.net/	Kimsuky botnet C2 (confidence level: 50%)
urlhttps://elecviews49.dynv6.net/	Kimsuky botnet C2 (confidence level: 50%)
urlhttps://note4.dns.army/	Kimsuky botnet C2 (confidence level: 50%)
urlhttps://edocview7.dynv6.net/	Kimsuky botnet C2 (confidence level: 50%)
urlhttps://elecviews40.dynv6.net/	Kimsuky botnet C2 (confidence level: 50%)
urlhttps://docviews71.dynv6.net/	Kimsuky botnet C2 (confidence level: 50%)
urlhttps://nids19.dynv6.net/	Kimsuky botnet C2 (confidence level: 50%)
urlhttps://elecviews39.dynv6.net/	Kimsuky botnet C2 (confidence level: 50%)
urlhttps://77.91.97.162/g93kdwj3s/index.php	Amadey botnet C2 (confidence level: 50%)
urlhttps://taozi.win/	SpyNote botnet C2 (confidence level: 50%)
urlhttps://der04.top/	SpyNote botnet C2 (confidence level: 50%)
urlhttps://api.telegram.org/bot8271047137:aaeexdi10mt9iueumeprigosff1itlciw-0/	Agent Tesla botnet C2 (confidence level: 50%)
urlhttps://api.telegram.org/bot8565137147:aae7jjjsdr6xpvh7pt_ahuej8udtf-issyw/	Agent Tesla botnet C2 (confidence level: 50%)
urlhttps://wexlunto.top/session/version-header.js	SmartApeSG payload delivery URL (confidence level: 100%)
urlhttps://wexlunto.top/session/realm-response.php	SmartApeSG payload delivery URL (confidence level: 100%)
urlhttps://wexlunto.top/session/login-stylesheet.js	SmartApeSG payload delivery URL (confidence level: 100%)
urlhttps://pelgiron.com/v1/user/py	SmartApeSG payload delivery URL (confidence level: 100%)
urlhttps://t.me/xerkoper	Vidar botnet C2 (confidence level: 75%)
urlhttps://iopv.net/init	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://iopv.net/register	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://willowbrooktownhouse.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://tirqavem.top/session/realm-response.php	SmartApeSG payload delivery URL (confidence level: 100%)
urlhttps://tirqavem.top/session/login-stylesheet.js	SmartApeSG payload delivery URL (confidence level: 100%)
urlhttp://202.56.160.190:80/hrqr	Cobalt Strike botnet C2 (confidence level: 75%)
urlhttps://srmvcas.org/	Unknown Stealer payload delivery URL (confidence level: 100%)
urlhttps://fptinternet.info/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://ostrowskistyl.pl/2026/03/28/leovegas-wikipedia/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://events.ms709.com/run/xyar5gfi	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://merengagoi.bond/cf.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://merengagoi.bond/log.php	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://merengagoi.bond/api/index.php	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://greekcs.cyou	Lumma Stealer botnet C2 (confidence level: 75%)

Threat ID: 69cdb368e6bfc5ba1d0f530e

Added to database: 4/2/2026, 12:08:08 AM

Last enriched: 4/2/2026, 12:24:58 AM

Last updated: 4/6/2026, 10:39:36 AM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited

View courses

ThreatFox IOCs for 2026-04-01

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

ThreatFox IOCs for 2026-04-01

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

Domain

File

Hash

Url

Community Reviews

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility

ThreatFox IOCs for 2026-04-01

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

ThreatFox IOCs for 2026-04-01

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

Domain

File

Hash

Url

Community Reviews

Related Threats

ThreatFox IOCs for 2026-04-05

Maltrail IOC for 2026-04-05

ThreatFox IOCs for 2026-04-04

Maltrail IOC for 2026-04-04

ThreatFox IOCs for 2026-04-03

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility