Reconnecting to live updates…
ThreatFox IOCs for 2026-04-02
Severity: mediumType: malware
ThreatFox IOCs for 2026-04-02
AI Analysis
Technical Summary
This threat report from ThreatFox MISP Feed dated April 2, 2026, outlines a malware-related threat primarily involving OSINT, payload delivery, and network activity. The report lacks specific affected software versions or detailed indicators of compromise, which limits the ability to perform a deep technical analysis. The threat is tagged with 'type:osint' and 'tlp:white,' indicating open sharing of information. The absence of known exploits in the wild and no available patches suggest that this threat is either emerging or not actively exploited at scale. The technical details include a threat level of 2 and distribution rating of 3, indicating moderate dissemination potential but low immediate risk. The lack of CWEs and CVEs further implies no known vulnerabilities are directly exploited. The threat likely involves the use of OSINT techniques to facilitate payload delivery and network reconnaissance or exploitation. Given the nature of OSINT, attackers may be leveraging publicly available information to craft targeted attacks or deliver malicious payloads through network vectors. The absence of detailed IOCs or attack vectors necessitates reliance on general network security best practices and enhanced monitoring for unusual activity patterns. This threat appears to be in an early or informational stage rather than an active widespread campaign.
Potential Impact
The potential impact of this threat is currently limited due to the lack of known exploits and absence of detailed attack vectors. However, organizations utilizing OSINT tools or relying heavily on network-based payload delivery mechanisms could face risks if attackers leverage this threat to conduct reconnaissance or deliver malware payloads. The medium severity rating suggests a moderate risk of confidentiality, integrity, or availability compromise, primarily through network activity and payload delivery. Without patches or specific mitigations, organizations might experience targeted attacks that could lead to data breaches, unauthorized access, or service disruptions if the threat evolves. The lack of authentication or user interaction details implies that exploitation might require some level of attacker sophistication or network access. Overall, the threat could facilitate initial access or lateral movement within networks, impacting organizations' security posture if not addressed proactively.
Mitigation Recommendations
Given the limited technical details, mitigation should focus on strengthening network security and OSINT-related defenses. Organizations should implement advanced network monitoring and anomaly detection to identify unusual payload delivery or network activity patterns. Integrating threat intelligence feeds, including ThreatFox IOCs when available, into security information and event management (SIEM) systems can enhance detection capabilities. Employing strict network segmentation and access controls can limit the potential spread of payloads. Regularly updating and hardening OSINT tools and platforms reduces exposure to exploitation. Conducting employee training on recognizing social engineering or OSINT-based reconnaissance attempts can further reduce risk. Additionally, organizations should maintain up-to-date incident response plans to quickly address any suspicious activity. Since no patches are available, proactive threat hunting and continuous monitoring are critical to mitigating potential impacts.
Affected Countries
United States, United Kingdom, Germany, France, Canada, Australia, Japan, South Korea, Israel, Netherlands
Indicators of Compromise
- domain: mode14-node.coddlcaught.in.net
- domain: floridacambolashop.com
- file: 149.33.8.86
- hash: 443
- url: https://floridacambolashop.com/fc3411f3-e43a-51ab-a00d-f6cd430fa334/stock4
- domain: level-check.datacascade.in.net
- domain: solstice-line-drift.pro
- file: 38.54.56.84
- hash: 80
- file: 158.94.211.162
- hash: 80
- domain: finger.teamss.net
- domain: zone-portal.cyberlattice.in.net
- url: https://princeitltd.com/
- domain: ping-gate.signalvector.in.net
- url: https://salkunet.com/v1/user/py
- url: http://sfrclak.com:8000/6202033
- domain: sfrclak.com
- hash: 58401c195fe0a6204b42f5f90995ece5fab74ce7c69c67a24c61a057325af668
- hash: e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09
- hash: d26c41e162e2a578a85ed5695810c7891cf2ca03e92e85c8ecace955f860f646
- hash: 59336a964f110c25c112bcc5adca7090296b54ab33fa95c0744b94f8a0d80c0f
- hash: 92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645a
- hash: fcb81618bb15edfdedfb638b4c08a2af9cac9ecfa551af135a8402bf980375cf
- hash: ed8560c1ac7ceb6983ba995124d5917dc1a00288912387a6389296637d5f815c
- hash: db7f4c82c732e8b107492cae419740ab
- hash: 7658962ae060a222c0058cd4e979bfa1
- hash: 8db3b6a1d230e5e221702ef1f405585d
- hash: 7a9ddef00f69477b96252ca234fcbeeb
- hash: 9663665850cdd8fe12e30a671e5c4e6f
- hash: 90e8e227ba8bef0ea7e0212b5b1e0d4c
- hash: 07d889e2dadce6f3910dcbc253317d28ca61c766
- hash: b0e0f12f1be57dc67fa375e860cedd19553c464d
- hash: 59b0401f1aed66c6cb8bdc28a9dea7cf94c766d3
- hash: 13ab317c5dcab9af2d1bdb22118b9f09f8a4038e
- hash: 59faac136680104948e083b3b67a70af9bfa5d5e
- hash: dbd62d788ce8dcaa96116a73f70ee24813d59428
- file: 206.123.137.67
- hash: 4444
- file: 217.119.129.99
- hash: 80
- url: http://217.119.129.99/api/nte3yjdjnwu1njyznju2yta1n2y=
- file: 141.255.161.122
- hash: 8888
- file: 154.213.177.2
- hash: 8888
- file: 179.43.139.10
- hash: 8888
- file: 179.43.166.242
- hash: 8888
- file: 193.233.112.188
- hash: 8888
- file: 213.165.45.183
- hash: 8888
- file: 66.90.86.58
- hash: 8888
- file: 87.121.79.21
- hash: 8888
- file: 91.199.163.124
- hash: 8888
- file: 91.84.123.231
- hash: 8888
- file: 45.150.34.109
- hash: 80
- file: 45.59.124.203
- hash: 80
- file: 77.91.97.119
- hash: 80
- file: 88.99.64.42
- hash: 80
- file: 130.12.182.13
- hash: 80
- file: 86.54.24.43
- hash: 80
- file: 178.16.53.88
- hash: 80
- domain: acemyonlineclasses.com
- domain: malware.acemyonlineclasses.com
- domain: cakhiaaq.cc
- domain: malware.cakhiaaq.cc
- file: 147.185.221.17
- hash: 11977
- url: https://ibostonlimo.com/
- domain: gitpitch.com
- domain: malware.gitpitch.com
- domain: cakhiazke.cc
- domain: malware.cakhiazke.cc
- domain: kvhce4pcgf.localto.net
- file: 198.244.201.139
- hash: 3183
- url: https://gripsmonga.sbs:443/
- url: https://ssastatment.com:443/
- url: https://shopifycourses.store:443/
- url: https://ckrfinancialservic.cfd:443/
- url: https://rinvited.top:443/
- url: https://richmindaura.top:443/
- url: https://screenconnectsetup.ink:443/
- url: https://caudflare.com:443/
- url: https://lendmarkfinances.com:443/
- url: https://tryrecruite.com:443/
- file: 144.172.95.60
- hash: 443
- file: 144.172.95.126
- hash: 443
- file: 144.172.93.212
- hash: 443
- file: 144.172.94.116
- hash: 443
- file: 144.172.93.221
- hash: 443
- file: 144.172.94.178
- hash: 443
- file: 144.172.91.242
- hash: 443
- file: 144.172.88.210
- hash: 443
- url: https://desawisatasuli.com/
- url: https://www.cleberwilliam.com.br/
- url: https://idespeh.cyou
- domain: rzchi.duckdns.org
- domain: rainbowplacementservice.in.net
- domain: malware.paradiselost.org
- domain: 8xbet.com.de
- domain: animirowanie-washih-photo.ru.com
- domain: distantdrummer.us.com
- domain: mufg.uk.com
- domain: photography.za.com
- domain: u888mobi-vn4.site
- domain: malware.xoilaczzzu.tv
- domain: malware.xoilaczxj.tv
- domain: malware.xoilaczd.tv
- domain: malware.xoilacz.vip
- domain: malware.xoilac86al.tv
- domain: malware.xoilac365xp.tv
- domain: malware.xoilac365xb.tv
- domain: tarbagan.net
- domain: malware.tarbagan.net
- domain: malware.scribblediffusion.com
- domain: malware.infoholicresearch.com
- domain: 6999.fit
- file: 47.84.113.80
- hash: 6666
- url: http://185.225.73.149/apiget/evhgeo.lpmo
- url: http://65.109.161.133/blob/i9cxzx.39lc
- domain: marsalek.cy
- url: https://marsalek.cy/login
- url: https://marsalek.cy/static/
- url: https://marsalek.cy/paste?userid=
- url: https://marsalek.cy/psc?uid=
- domain: 1312services.ru
- url: https://1312services.ru
- domain: mineflayerapi.ru
- url: https://mineflayerapi.ru
- domain: acabstealer.ru
- url: https://acabstealer.ru
- domain: dieserbenni.ru
- url: http://dieserbenni.ru
- url: http://stealer.cy
- domain: newlumm.fun
- url: https://newlumm.fun
- domain: pentagon.cy
- url: http://pentagon.cy
- url: https://stealer.to
- domain: stealer.to
- file: 3.67.187.254
- hash: 80
- file: 3.69.25.17
- hash: 80
- url: https://djasdajnsdnjgjg.com/tasffff.js
- file: 172.247.189.182
- hash: 80
- url: https://spectrum-uae.com/wp-blog-footer.php?page=
- file: 8.156.90.109
- hash: 30005
- file: 43.143.242.10
- hash: 80
- file: 141.98.11.205
- hash: 443
- url: http://vm1318211.ssd1.had.yt
- file: 92.249.61.91
- hash: 1604
- domain: bsc-testnet-rpc.publicnode.com
- domain: sklogihex1.ddns.net
- file: 213.152.162.27
- hash: 5103
- url: https://pot.cargomanbd.com/
- url: https://pot.elythia.ru/
- url: https://mod.cargomanbd.com/
- url: https://mod.elythia.ru/
- url: https://rti.cargomanbd.com/
- url: https://rti.elythia.ru/
- url: https://hau.cargomanbd.com/
- url: https://hau.elythia.ru/
- url: https://ete.cargomanbd.com/
- url: https://ete.elythia.ru/
- url: https://178.104.112.117/
- url: https://178.104.128.255/
- url: https://31.57.201.119/
- url: https://ete.codetohaven.com/
- url: https://ete.skfilmsint.com/
- url: https://hau.skfilmsint.com/
- url: https://rti.skfilmsint.com/
- url: https://mod.skfilmsint.com/
- url: https://pot.skfilmsint.com/
- url: https://fog.skfilmsint.com/
- url: https://age.skfilmsint.com/
- url: https://top.skfilmsint.com/
- url: https://ps6.skfilmsint.com/
- url: https://ps4.skfilmsint.com/
- url: https://hau.codetohaven.com/
- url: https://rti.codetohaven.com/
- url: https://mod.codetohaven.com/
- url: https://pot.codetohaven.com/
- url: https://fog.codetohaven.com/
- url: https://age.codetohaven.com/
- url: https://top.codetohaven.com/
- domain: ete.skfilmsint.com
- domain: hau.skfilmsint.com
- domain: rti.skfilmsint.com
- domain: mod.skfilmsint.com
- domain: pot.skfilmsint.com
- domain: fog.skfilmsint.com
- domain: age.skfilmsint.com
- domain: top.skfilmsint.com
- domain: ps6.skfilmsint.com
- domain: ps4.skfilmsint.com
- domain: ete.elythia.ru
- domain: hau.cargomanbd.com
- domain: hau.elythia.ru
- domain: rti.cargomanbd.com
- domain: rti.elythia.ru
- domain: mod.cargomanbd.com
- domain: mod.elythia.ru
- domain: pot.cargomanbd.com
- domain: pot.elythia.ru
- domain: ete.codetohaven.com
- domain: hau.codetohaven.com
- domain: rti.codetohaven.com
- domain: mod.codetohaven.com
- domain: pot.codetohaven.com
- domain: fog.codetohaven.com
- domain: age.codetohaven.com
- domain: top.codetohaven.com
- file: 178.104.112.117
- hash: 443
- file: 178.104.128.255
- hash: 443
- file: 31.57.201.119
- hash: 443
- file: 204.168.220.27
- hash: 443
- url: https://49.12.207.147/
- file: 49.12.207.147
- hash: 443
- url: https://31.57.201.169
- url: https://menstruation.foundation/
- domain: bus3qryk9y.localto.net
- domain: au88.fans
- domain: bgb.uk.com
- domain: hindisamachar.in.net
- domain: lifestory.it.com
- domain: allahuskibidiuser-48862.portmap.host
- domain: hubet88.name
- domain: www.ael1.com
- domain: jae888.com
- domain: cckd6h3fsb6976au8o.jp.net
- domain: xn--cckd6h3fsb6976au8o.jp.net
- domain: names-again.at.playit.gg
- file: 45.32.78.243
- hash: 443
- domain: goodgoodmoon.bond
- url: https://goodgoodmoon.bond/cf.js
- url: https://goodgoodmoon.bond/api/index.php
- url: https://goodgoodmoon.bond/log.php
- url: https://t.me/ziurosdz
- url: https://qamderil.com/rspack
- url: https://sasndfsdfghjasd.run/api/userjs/optimizer
- url: https://api.telegram.org/bot8217230214:aagoumtbdck2-cnngjuo3exkcs54muh7-7e/
- domain: mask3dup-57114.portmap.host
- domain: idespeh.cyou
- domain: surprql.cyou
- domain: lwkafdjadfnjasdfnjasdfn.lmzvzxsdlkf.workers.dev
- url: https://lwkafdjadfnjasdfnjasdfn.lmzvzxsdlkf.workers.dev/get/ooqm-9
- domain: callnrwise.com
- domain: hwsrv-1320779.hostwindsdns.com
- url: https://storage.googleapis.com/nodedownload/nodeserver-setup-full_t1.msi
- file: 3.126.37.18
- hash: 14297
- domain: skynet2.ydns.eu
- domain: lol42647-45750.portmap.host
- file: 154.84.154.20
- hash: 2027
- domain: olowo.gleeze.com
- domain: backup2026.ddnsgeek.com
- domain: www.genaralclassproject.com
- domain: www.genaralclassprojectbackup1.com
- domain: www.genaralclassprojectbackup2.com
- domain: www.genaralclassprojectbackup3.com
- file: 84.49.143.95
- hash: 6769
- file: 45.83.41.64
- hash: 4782
- domain: 1odhwfyicv.localto.net
- domain: superform.sbs
- url: https://superform.sbs
- domain: basedfoundation.sbs
- url: https://basedfoundation.sbs
- domain: aliencz.ddns.net
- domain: bratiyanetworkforever.sbs
- url: https://bratiyanetworkforever.sbs
- domain: fishparty.run
- url: https://fishparty.run
- domain: nosebudcoin.lat
- url: https://nosebudcoin.lat
- domain: feeliq.lat
- url: https://feeliq.lat
- url: https://rex.cargomanbd.com/
- url: https://rex.elythia.ru/
- domain: rex.cargomanbd.com
- domain: rex.elythia.ru
- file: 149.12.67.90
- hash: 6379
- file: 38.111.162.208
- hash: 139
- file: 77.91.96.127
- hash: 443
- domain: us-west.israel-finance.com
- url: https://neiwteamcdn.beer/api/css.js
- domain: neiwteamcdn.beer
- url: https://www.web-conseil.fr/
- url: https://harrogatestays.co.uk/
- domain: caribbeandelights.uk.com
- domain: designerconsigner.de.com
- domain: ditamimaxixogi.za.com
- domain: egyptnow.us.com
- domain: gemwin.it.com
- domain: im24xy0.uk.com
- domain: qcn.uk.com
- file: 146.158.123.140
- hash: 2083
- domain: static.fierceatfifty.com
- domain: shift-ctrl.infodynamics.in.net
- domain: content.mvpstrat.com
- file: 103.79.79.21
- hash: 8899
- hash: fff1f89c0e5a57690011c03d8bdfd32591511a0bcfe6b089d16a5897d3de60c8
- hash: c60ad26439ffce79808749b500c35f3a2e71bc3057156c7161964c3f13a24330
- file: 13.234.60.207
- hash: 20778
- file: 89.163.135.20
- hash: 6503
- url: https://t.me/fzebfy
- url: https://resbotai.com/down/jake.txt
- url: https://resbotai.com/down/nice.txt
- file: 3.110.2.74
- hash: 20778
- file: 3.111.136.193
- hash: 20778
- domain: cxtsee09ky.localto.net
- file: 188.132.188.214
- hash: 2596
- file: 83.142.209.230
- hash: 8808
- file: 83.142.209.230
- hash: 6606
- file: 83.142.209.230
- hash: 7707
- domain: zhivachkapro.com
- url: https://zhivachkapro.com/googletagmanager.js
- url: https://inwpvofviekq.hubabubanobot52.com
- domain: hubabubanobot52.com
- domain: dakatawebstick.com
- url: http://dakatawebstick.com/3c736f7304ddeadb.js
- url: https://fqkrgdkjckyb.hubabubanobot52.com
- url: https://fugeapmveypu.hubabubanobot52.com
- url: https://ljfjewiueuof.hubabubanobot52.com
- url: https://qpjeqksengxb.hubabubanobot52.com
- url: https://pegvtsprywuz.hubabubanobot52.com
- url: https://ngpqdnibgnfv.hubabubanobot52.com
- url: https://lurkrtkwmxeg.hubabubanobot52.com
- url: https://rjvlvovjritp.hubabubanobot52.com
- url: https://rmrikuuifyzi.hubabubanobot52.com
- domain: ashpaltlonpro.com
- url: http://ashpaltlonpro.com/3c736f7304ddeadb.js
- url: https://hubabubanobot52.com/googletagmanager.js?v=9.0
- url: https://myddjdpuvuqa.hubabubanobot52.com
- url: https://shlyapadulina.space/login
- url: https://shlyapadulina.space/d/command?tqed6794e02213bc6af8ca454e9618ecd170596443d4582a&b=wp
- url: http://ca340844.tw1.ru/l1nc0in.php
- domain: limbo100x.ru
- url: https://limbo100x.ru
- file: 83.142.209.230
- hash: 5552
- domain: she55.ddnsking.com
- file: 217.154.6.255
- hash: 7004
- domain: onetimeinvitation.com
- url: https://onetimeinvitation.com/downloads/invitation.vbs
- url: https://onetimeinvitation.com/downloads/anydesk.exe
- url: http://64.89.161.131/bin/screenconnect.clientsetup.msi?e=access&y=guest
- file: 64.89.161.131
- hash: 80
ThreatFox IOCs for 2026-04-02
0
MediumPublished: Thu Apr 02 2026 (04/02/2026, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2026-04-02
AI-Powered Analysis
Machine-generated threat intelligence
AILast updated: 04/03/2026, 00:23:19 UTC
Technical Analysis
This threat report from ThreatFox MISP Feed dated April 2, 2026, outlines a malware-related threat primarily involving OSINT, payload delivery, and network activity. The report lacks specific affected software versions or detailed indicators of compromise, which limits the ability to perform a deep technical analysis. The threat is tagged with 'type:osint' and 'tlp:white,' indicating open sharing of information. The absence of known exploits in the wild and no available patches suggest that this threat is either emerging or not actively exploited at scale. The technical details include a threat level of 2 and distribution rating of 3, indicating moderate dissemination potential but low immediate risk. The lack of CWEs and CVEs further implies no known vulnerabilities are directly exploited. The threat likely involves the use of OSINT techniques to facilitate payload delivery and network reconnaissance or exploitation. Given the nature of OSINT, attackers may be leveraging publicly available information to craft targeted attacks or deliver malicious payloads through network vectors. The absence of detailed IOCs or attack vectors necessitates reliance on general network security best practices and enhanced monitoring for unusual activity patterns. This threat appears to be in an early or informational stage rather than an active widespread campaign.
Potential Impact
The potential impact of this threat is currently limited due to the lack of known exploits and absence of detailed attack vectors. However, organizations utilizing OSINT tools or relying heavily on network-based payload delivery mechanisms could face risks if attackers leverage this threat to conduct reconnaissance or deliver malware payloads. The medium severity rating suggests a moderate risk of confidentiality, integrity, or availability compromise, primarily through network activity and payload delivery. Without patches or specific mitigations, organizations might experience targeted attacks that could lead to data breaches, unauthorized access, or service disruptions if the threat evolves. The lack of authentication or user interaction details implies that exploitation might require some level of attacker sophistication or network access. Overall, the threat could facilitate initial access or lateral movement within networks, impacting organizations' security posture if not addressed proactively.
Mitigation Recommendations
Given the limited technical details, mitigation should focus on strengthening network security and OSINT-related defenses. Organizations should implement advanced network monitoring and anomaly detection to identify unusual payload delivery or network activity patterns. Integrating threat intelligence feeds, including ThreatFox IOCs when available, into security information and event management (SIEM) systems can enhance detection capabilities. Employing strict network segmentation and access controls can limit the potential spread of payloads. Regularly updating and hardening OSINT tools and platforms reduces exposure to exploitation. Conducting employee training on recognizing social engineering or OSINT-based reconnaissance attempts can further reduce risk. Additionally, organizations should maintain up-to-date incident response plans to quickly address any suspicious activity. Since no patches are available, proactive threat hunting and continuous monitoring are critical to mitigating potential impacts.
Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- e4a7eb91-9429-4038-8197-0187cabc3a01
- Original Timestamp
- 1775174589
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domainmode14-node.coddlcaught.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainfloridacambolashop.com | DeerStealer payload delivery domain (confidence level: 75%) | |
domainlevel-check.datacascade.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsolstice-line-drift.pro | DeerStealer payload delivery domain (confidence level: 75%) | |
domainfinger.teamss.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainzone-portal.cyberlattice.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainping-gate.signalvector.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domainsfrclak.com | ContagiousDrop payload delivery domain (confidence level: 100%) | |
domainacemyonlineclasses.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainmalware.acemyonlineclasses.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaincakhiaaq.cc | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainmalware.cakhiaaq.cc | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaingitpitch.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainmalware.gitpitch.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaincakhiazke.cc | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainmalware.cakhiazke.cc | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainkvhce4pcgf.localto.net | XWorm botnet C2 domain (confidence level: 100%) | |
domainrzchi.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainrainbowplacementservice.in.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainmalware.paradiselost.org | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domain8xbet.com.de | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainanimirowanie-washih-photo.ru.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaindistantdrummer.us.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainmufg.uk.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainphotography.za.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainu888mobi-vn4.site | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainmalware.xoilaczzzu.tv | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainmalware.xoilaczxj.tv | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainmalware.xoilaczd.tv | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainmalware.xoilacz.vip | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainmalware.xoilac86al.tv | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainmalware.xoilac365xp.tv | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainmalware.xoilac365xb.tv | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaintarbagan.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainmalware.tarbagan.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainmalware.scribblediffusion.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainmalware.infoholicresearch.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domain6999.fit | ValleyRAT botnet C2 domain (confidence level: 100%) | |
domainmarsalek.cy | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domain1312services.ru | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainmineflayerapi.ru | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainacabstealer.ru | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domaindieserbenni.ru | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainnewlumm.fun | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainpentagon.cy | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainstealer.to | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainbsc-testnet-rpc.publicnode.com | Unknown Loader credit card skimming domain (confidence level: 100%) | |
domainsklogihex1.ddns.net | AsyncRAT botnet C2 domain (confidence level: 75%) | |
domainete.skfilmsint.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainhau.skfilmsint.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainrti.skfilmsint.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainmod.skfilmsint.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainpot.skfilmsint.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainfog.skfilmsint.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainage.skfilmsint.com | Vidar botnet C2 domain (confidence level: 100%) | |
domaintop.skfilmsint.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainps6.skfilmsint.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainps4.skfilmsint.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainete.elythia.ru | Vidar botnet C2 domain (confidence level: 100%) | |
domainhau.cargomanbd.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainhau.elythia.ru | Vidar botnet C2 domain (confidence level: 100%) | |
domainrti.cargomanbd.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainrti.elythia.ru | Vidar botnet C2 domain (confidence level: 100%) | |
domainmod.cargomanbd.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainmod.elythia.ru | Vidar botnet C2 domain (confidence level: 100%) | |
domainpot.cargomanbd.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainpot.elythia.ru | Vidar botnet C2 domain (confidence level: 100%) | |
domainete.codetohaven.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainhau.codetohaven.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainrti.codetohaven.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainmod.codetohaven.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainpot.codetohaven.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainfog.codetohaven.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainage.codetohaven.com | Vidar botnet C2 domain (confidence level: 100%) | |
domaintop.codetohaven.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainbus3qryk9y.localto.net | Quasar RAT botnet C2 domain (confidence level: 75%) | |
domainau88.fans | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainbgb.uk.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainhindisamachar.in.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainlifestory.it.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainallahuskibidiuser-48862.portmap.host | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainhubet88.name | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainwww.ael1.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainjae888.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaincckd6h3fsb6976au8o.jp.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainxn--cckd6h3fsb6976au8o.jp.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainnames-again.at.playit.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaingoodgoodmoon.bond | Unknown malware payload delivery domain (confidence level: 100%) | |
domainmask3dup-57114.portmap.host | XenoRAT botnet C2 domain (confidence level: 50%) | |
domainidespeh.cyou | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainsurprql.cyou | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainlwkafdjadfnjasdfnjasdfn.lmzvzxsdlkf.workers.dev | Unknown malware payload delivery domain (confidence level: 100%) | |
domaincallnrwise.com | Unknown RAT botnet C2 domain (confidence level: 50%) | |
domainhwsrv-1320779.hostwindsdns.com | Unknown RAT botnet C2 domain (confidence level: 50%) | |
domainskynet2.ydns.eu | XWorm botnet C2 domain (confidence level: 100%) | |
domainlol42647-45750.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainolowo.gleeze.com | Remcos botnet C2 domain (confidence level: 100%) | |
domainbackup2026.ddnsgeek.com | Remcos botnet C2 domain (confidence level: 100%) | |
domainwww.genaralclassproject.com | Remcos botnet C2 domain (confidence level: 100%) | |
domainwww.genaralclassprojectbackup1.com | Remcos botnet C2 domain (confidence level: 100%) | |
domainwww.genaralclassprojectbackup2.com | Remcos botnet C2 domain (confidence level: 100%) | |
domainwww.genaralclassprojectbackup3.com | Remcos botnet C2 domain (confidence level: 100%) | |
domain1odhwfyicv.localto.net | NjRAT botnet C2 domain (confidence level: 100%) | |
domainsuperform.sbs | Unknown malware payload delivery domain (confidence level: 100%) | |
domainbasedfoundation.sbs | Unknown malware payload delivery domain (confidence level: 100%) | |
domainaliencz.ddns.net | CyberGate botnet C2 domain (confidence level: 100%) | |
domainbratiyanetworkforever.sbs | Unknown malware payload delivery domain (confidence level: 100%) | |
domainfishparty.run | Unknown malware payload delivery domain (confidence level: 100%) | |
domainnosebudcoin.lat | Unknown malware payload delivery domain (confidence level: 100%) | |
domainfeeliq.lat | Unknown malware payload delivery domain (confidence level: 100%) | |
domainrex.cargomanbd.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainrex.elythia.ru | Vidar botnet C2 domain (confidence level: 100%) | |
domainus-west.israel-finance.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainneiwteamcdn.beer | Unknown malware payload delivery domain (confidence level: 100%) | |
domaincaribbeandelights.uk.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaindesignerconsigner.de.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainditamimaxixogi.za.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainegyptnow.us.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaingemwin.it.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainim24xy0.uk.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainqcn.uk.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainstatic.fierceatfifty.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainshift-ctrl.infodynamics.in.net | ClearFake payload delivery domain (confidence level: 100%) | |
domaincontent.mvpstrat.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domaincxtsee09ky.localto.net | XWorm botnet C2 domain (confidence level: 100%) | |
domainzhivachkapro.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainhubabubanobot52.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domaindakatawebstick.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainashpaltlonpro.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainlimbo100x.ru | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domainshe55.ddnsking.com | XWorm botnet C2 domain (confidence level: 100%) | |
domainonetimeinvitation.com | Unknown malware payload delivery domain (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file149.33.8.86 | DeerStealer payload delivery server (confidence level: 75%) | |
file38.54.56.84 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file158.94.211.162 | Stealc botnet C2 server (confidence level: 100%) | |
file206.123.137.67 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file217.119.129.99 | SmartLoader botnet C2 server (confidence level: 75%) | |
file141.255.161.122 | HijackLoader botnet C2 server (confidence level: 75%) | |
file154.213.177.2 | HijackLoader botnet C2 server (confidence level: 75%) | |
file179.43.139.10 | HijackLoader botnet C2 server (confidence level: 75%) | |
file179.43.166.242 | HijackLoader botnet C2 server (confidence level: 75%) | |
file193.233.112.188 | HijackLoader botnet C2 server (confidence level: 75%) | |
file213.165.45.183 | HijackLoader botnet C2 server (confidence level: 75%) | |
file66.90.86.58 | HijackLoader botnet C2 server (confidence level: 75%) | |
file87.121.79.21 | HijackLoader botnet C2 server (confidence level: 75%) | |
file91.199.163.124 | HijackLoader botnet C2 server (confidence level: 75%) | |
file91.84.123.231 | HijackLoader botnet C2 server (confidence level: 75%) | |
file45.150.34.109 | Stealc botnet C2 server (confidence level: 75%) | |
file45.59.124.203 | Stealc botnet C2 server (confidence level: 75%) | |
file77.91.97.119 | Stealc botnet C2 server (confidence level: 75%) | |
file88.99.64.42 | Stealc botnet C2 server (confidence level: 75%) | |
file130.12.182.13 | Stealc botnet C2 server (confidence level: 75%) | |
file86.54.24.43 | Stealc botnet C2 server (confidence level: 75%) | |
file178.16.53.88 | Stealc botnet C2 server (confidence level: 75%) | |
file147.185.221.17 | XWorm botnet C2 server (confidence level: 100%) | |
file198.244.201.139 | RatonRAT botnet C2 server (confidence level: 100%) | |
file144.172.95.60 | Unknown RAT botnet C2 server (confidence level: 75%) | |
file144.172.95.126 | Unknown RAT botnet C2 server (confidence level: 75%) | |
file144.172.93.212 | Unknown RAT botnet C2 server (confidence level: 75%) | |
file144.172.94.116 | Unknown RAT botnet C2 server (confidence level: 75%) | |
file144.172.93.221 | Unknown RAT botnet C2 server (confidence level: 75%) | |
file144.172.94.178 | Unknown RAT botnet C2 server (confidence level: 75%) | |
file144.172.91.242 | Unknown RAT botnet C2 server (confidence level: 75%) | |
file144.172.88.210 | Unknown RAT botnet C2 server (confidence level: 75%) | |
file47.84.113.80 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file3.67.187.254 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file3.69.25.17 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file172.247.189.182 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.156.90.109 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.143.242.10 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file141.98.11.205 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file92.249.61.91 | Quasar RAT botnet C2 server (confidence level: 75%) | |
file213.152.162.27 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file178.104.112.117 | Vidar botnet C2 server (confidence level: 100%) | |
file178.104.128.255 | Vidar botnet C2 server (confidence level: 100%) | |
file31.57.201.119 | Vidar botnet C2 server (confidence level: 100%) | |
file204.168.220.27 | Vidar botnet C2 server (confidence level: 100%) | |
file49.12.207.147 | Vidar botnet C2 server (confidence level: 100%) | |
file45.32.78.243 | SystemBC botnet C2 server (confidence level: 100%) | |
file3.126.37.18 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file154.84.154.20 | Remcos botnet C2 server (confidence level: 100%) | |
file84.49.143.95 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file45.83.41.64 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file149.12.67.90 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
file38.111.162.208 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
file77.91.96.127 | ACR Stealer botnet C2 server (confidence level: 100%) | |
file146.158.123.140 | XWorm botnet C2 server (confidence level: 100%) | |
file103.79.79.21 | Tsunami botnet C2 server (confidence level: 100%) | |
file13.234.60.207 | NjRAT botnet C2 server (confidence level: 100%) | |
file89.163.135.20 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file3.110.2.74 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.111.136.193 | NjRAT botnet C2 server (confidence level: 100%) | |
file188.132.188.214 | SpyNote botnet C2 server (confidence level: 100%) | |
file83.142.209.230 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file83.142.209.230 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file83.142.209.230 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file83.142.209.230 | NjRAT botnet C2 server (confidence level: 100%) | |
file217.154.6.255 | XWorm botnet C2 server (confidence level: 100%) | |
file64.89.161.131 | Unknown malware payload delivery server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash443 | DeerStealer payload delivery server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Stealc botnet C2 server (confidence level: 100%) | |
hash58401c195fe0a6204b42f5f90995ece5fab74ce7c69c67a24c61a057325af668 | ContagiousDrop payload (confidence level: 100%) | |
hashe10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09 | ContagiousDrop payload (confidence level: 100%) | |
hashd26c41e162e2a578a85ed5695810c7891cf2ca03e92e85c8ecace955f860f646 | ContagiousDrop payload (confidence level: 100%) | |
hash59336a964f110c25c112bcc5adca7090296b54ab33fa95c0744b94f8a0d80c0f | ContagiousDrop payload (confidence level: 100%) | |
hash92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645a | ContagiousDrop payload (confidence level: 100%) | |
hashfcb81618bb15edfdedfb638b4c08a2af9cac9ecfa551af135a8402bf980375cf | ContagiousDrop payload (confidence level: 100%) | |
hashed8560c1ac7ceb6983ba995124d5917dc1a00288912387a6389296637d5f815c | ContagiousDrop payload (confidence level: 100%) | |
hashdb7f4c82c732e8b107492cae419740ab | ContagiousDrop payload (confidence level: 100%) | |
hash7658962ae060a222c0058cd4e979bfa1 | ContagiousDrop payload (confidence level: 100%) | |
hash8db3b6a1d230e5e221702ef1f405585d | ContagiousDrop payload (confidence level: 100%) | |
hash7a9ddef00f69477b96252ca234fcbeeb | ContagiousDrop payload (confidence level: 100%) | |
hash9663665850cdd8fe12e30a671e5c4e6f | ContagiousDrop payload (confidence level: 100%) | |
hash90e8e227ba8bef0ea7e0212b5b1e0d4c | ContagiousDrop payload (confidence level: 100%) | |
hash07d889e2dadce6f3910dcbc253317d28ca61c766 | ContagiousDrop payload (confidence level: 100%) | |
hashb0e0f12f1be57dc67fa375e860cedd19553c464d | ContagiousDrop payload (confidence level: 100%) | |
hash59b0401f1aed66c6cb8bdc28a9dea7cf94c766d3 | ContagiousDrop payload (confidence level: 100%) | |
hash13ab317c5dcab9af2d1bdb22118b9f09f8a4038e | ContagiousDrop payload (confidence level: 100%) | |
hash59faac136680104948e083b3b67a70af9bfa5d5e | ContagiousDrop payload (confidence level: 100%) | |
hashdbd62d788ce8dcaa96116a73f70ee24813d59428 | ContagiousDrop payload (confidence level: 100%) | |
hash4444 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | SmartLoader botnet C2 server (confidence level: 75%) | |
hash8888 | HijackLoader botnet C2 server (confidence level: 75%) | |
hash8888 | HijackLoader botnet C2 server (confidence level: 75%) | |
hash8888 | HijackLoader botnet C2 server (confidence level: 75%) | |
hash8888 | HijackLoader botnet C2 server (confidence level: 75%) | |
hash8888 | HijackLoader botnet C2 server (confidence level: 75%) | |
hash8888 | HijackLoader botnet C2 server (confidence level: 75%) | |
hash8888 | HijackLoader botnet C2 server (confidence level: 75%) | |
hash8888 | HijackLoader botnet C2 server (confidence level: 75%) | |
hash8888 | HijackLoader botnet C2 server (confidence level: 75%) | |
hash8888 | HijackLoader botnet C2 server (confidence level: 75%) | |
hash80 | Stealc botnet C2 server (confidence level: 75%) | |
hash80 | Stealc botnet C2 server (confidence level: 75%) | |
hash80 | Stealc botnet C2 server (confidence level: 75%) | |
hash80 | Stealc botnet C2 server (confidence level: 75%) | |
hash80 | Stealc botnet C2 server (confidence level: 75%) | |
hash80 | Stealc botnet C2 server (confidence level: 75%) | |
hash80 | Stealc botnet C2 server (confidence level: 75%) | |
hash11977 | XWorm botnet C2 server (confidence level: 100%) | |
hash3183 | RatonRAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown RAT botnet C2 server (confidence level: 75%) | |
hash443 | Unknown RAT botnet C2 server (confidence level: 75%) | |
hash443 | Unknown RAT botnet C2 server (confidence level: 75%) | |
hash443 | Unknown RAT botnet C2 server (confidence level: 75%) | |
hash443 | Unknown RAT botnet C2 server (confidence level: 75%) | |
hash443 | Unknown RAT botnet C2 server (confidence level: 75%) | |
hash443 | Unknown RAT botnet C2 server (confidence level: 75%) | |
hash443 | Unknown RAT botnet C2 server (confidence level: 75%) | |
hash6666 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash30005 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1604 | Quasar RAT botnet C2 server (confidence level: 75%) | |
hash5103 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | SystemBC botnet C2 server (confidence level: 100%) | |
hash14297 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash2027 | Remcos botnet C2 server (confidence level: 100%) | |
hash6769 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash6379 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
hash139 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
hash443 | ACR Stealer botnet C2 server (confidence level: 100%) | |
hash2083 | XWorm botnet C2 server (confidence level: 100%) | |
hash8899 | Tsunami botnet C2 server (confidence level: 100%) | |
hashfff1f89c0e5a57690011c03d8bdfd32591511a0bcfe6b089d16a5897d3de60c8 | Tsunami payload (confidence level: 100%) | |
hashc60ad26439ffce79808749b500c35f3a2e71bc3057156c7161964c3f13a24330 | Tsunami payload (confidence level: 100%) | |
hash20778 | NjRAT botnet C2 server (confidence level: 100%) | |
hash6503 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash20778 | NjRAT botnet C2 server (confidence level: 100%) | |
hash20778 | NjRAT botnet C2 server (confidence level: 100%) | |
hash2596 | SpyNote botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash5552 | NjRAT botnet C2 server (confidence level: 100%) | |
hash7004 | XWorm botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware payload delivery server (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://floridacambolashop.com/fc3411f3-e43a-51ab-a00d-f6cd430fa334/stock4 | DeerStealer payload delivery URL (confidence level: 75%) | |
urlhttps://princeitltd.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://salkunet.com/v1/user/py | SmartApeSG payload delivery URL (confidence level: 100%) | |
urlhttp://sfrclak.com:8000/6202033 | ContagiousDrop payload delivery URL (confidence level: 100%) | |
urlhttp://217.119.129.99/api/nte3yjdjnwu1njyznju2yta1n2y= | SmartLoader botnet C2 (confidence level: 75%) | |
urlhttps://ibostonlimo.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://gripsmonga.sbs:443/ | Unknown RAT payload delivery URL (confidence level: 75%) | |
urlhttps://ssastatment.com:443/ | Unknown RAT payload delivery URL (confidence level: 75%) | |
urlhttps://shopifycourses.store:443/ | Unknown RAT payload delivery URL (confidence level: 75%) | |
urlhttps://ckrfinancialservic.cfd:443/ | Unknown RAT payload delivery URL (confidence level: 75%) | |
urlhttps://rinvited.top:443/ | Unknown RAT payload delivery URL (confidence level: 75%) | |
urlhttps://richmindaura.top:443/ | Unknown RAT payload delivery URL (confidence level: 75%) | |
urlhttps://screenconnectsetup.ink:443/ | Unknown RAT payload delivery URL (confidence level: 75%) | |
urlhttps://caudflare.com:443/ | Unknown RAT payload delivery URL (confidence level: 75%) | |
urlhttps://lendmarkfinances.com:443/ | Unknown RAT payload delivery URL (confidence level: 75%) | |
urlhttps://tryrecruite.com:443/ | Unknown RAT payload delivery URL (confidence level: 75%) | |
urlhttps://desawisatasuli.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://www.cleberwilliam.com.br/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://idespeh.cyou | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://185.225.73.149/apiget/evhgeo.lpmo | Rhadamanthys botnet C2 (confidence level: 100%) | |
urlhttp://65.109.161.133/blob/i9cxzx.39lc | Rhadamanthys botnet C2 (confidence level: 100%) | |
urlhttps://marsalek.cy/login | Unknown Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://marsalek.cy/static/ | Unknown Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://marsalek.cy/paste?userid= | Unknown Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://marsalek.cy/psc?uid= | Unknown Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://1312services.ru | Unknown Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://mineflayerapi.ru | Unknown Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://acabstealer.ru | Unknown Stealer payload delivery URL (confidence level: 100%) | |
urlhttp://dieserbenni.ru | Unknown Stealer payload delivery URL (confidence level: 100%) | |
urlhttp://stealer.cy | Unknown Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://newlumm.fun | Unknown Stealer payload delivery URL (confidence level: 100%) | |
urlhttp://pentagon.cy | Unknown Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://stealer.to | Unknown Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://djasdajnsdnjgjg.com/tasffff.js | IClickFix payload delivery URL (confidence level: 100%) | |
urlhttps://spectrum-uae.com/wp-blog-footer.php?page= | IClickFix payload delivery URL (confidence level: 100%) | |
urlhttp://vm1318211.ssd1.had.yt | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://pot.cargomanbd.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://pot.elythia.ru/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://mod.cargomanbd.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://mod.elythia.ru/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://rti.cargomanbd.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://rti.elythia.ru/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://hau.cargomanbd.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://hau.elythia.ru/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://ete.cargomanbd.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://ete.elythia.ru/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://178.104.112.117/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://178.104.128.255/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://31.57.201.119/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://ete.codetohaven.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://ete.skfilmsint.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://hau.skfilmsint.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://rti.skfilmsint.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://mod.skfilmsint.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://pot.skfilmsint.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://fog.skfilmsint.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://age.skfilmsint.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://top.skfilmsint.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://ps6.skfilmsint.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://ps4.skfilmsint.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://hau.codetohaven.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://rti.codetohaven.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://mod.codetohaven.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://pot.codetohaven.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://fog.codetohaven.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://age.codetohaven.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://top.codetohaven.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://49.12.207.147/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://31.57.201.169 | Vidar botnet C2 (confidence level: 75%) | |
urlhttps://menstruation.foundation/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://goodgoodmoon.bond/cf.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://goodgoodmoon.bond/api/index.php | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://goodgoodmoon.bond/log.php | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://t.me/ziurosdz | Vidar botnet C2 (confidence level: 75%) | |
urlhttps://qamderil.com/rspack | SmartApeSG payload delivery URL (confidence level: 100%) | |
urlhttps://sasndfsdfghjasd.run/api/userjs/optimizer | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://api.telegram.org/bot8217230214:aagoumtbdck2-cnngjuo3exkcs54muh7-7e/ | Agent Tesla botnet C2 (confidence level: 50%) | |
urlhttps://lwkafdjadfnjasdfnjasdfn.lmzvzxsdlkf.workers.dev/get/ooqm-9 | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://storage.googleapis.com/nodedownload/nodeserver-setup-full_t1.msi | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://superform.sbs | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://basedfoundation.sbs | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://bratiyanetworkforever.sbs | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://fishparty.run | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://nosebudcoin.lat | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://feeliq.lat | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://rex.cargomanbd.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://rex.elythia.ru/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://neiwteamcdn.beer/api/css.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://www.web-conseil.fr/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://harrogatestays.co.uk/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://t.me/fzebfy | Vidar botnet C2 (confidence level: 75%) | |
urlhttps://resbotai.com/down/jake.txt | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://resbotai.com/down/nice.txt | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://zhivachkapro.com/googletagmanager.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://inwpvofviekq.hubabubanobot52.com | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttp://dakatawebstick.com/3c736f7304ddeadb.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://fqkrgdkjckyb.hubabubanobot52.com | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://fugeapmveypu.hubabubanobot52.com | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://ljfjewiueuof.hubabubanobot52.com | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://qpjeqksengxb.hubabubanobot52.com | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://pegvtsprywuz.hubabubanobot52.com | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://ngpqdnibgnfv.hubabubanobot52.com | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://lurkrtkwmxeg.hubabubanobot52.com | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://rjvlvovjritp.hubabubanobot52.com | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://rmrikuuifyzi.hubabubanobot52.com | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttp://ashpaltlonpro.com/3c736f7304ddeadb.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://hubabubanobot52.com/googletagmanager.js?v=9.0 | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://myddjdpuvuqa.hubabubanobot52.com | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://shlyapadulina.space/login | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://shlyapadulina.space/d/command?tqed6794e02213bc6af8ca454e9618ecd170596443d4582a&b=wp | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttp://ca340844.tw1.ru/l1nc0in.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://limbo100x.ru | Unknown Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://onetimeinvitation.com/downloads/invitation.vbs | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://onetimeinvitation.com/downloads/anydesk.exe | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttp://64.89.161.131/bin/screenconnect.clientsetup.msi?e=access&y=guest | Unknown malware payload delivery URL (confidence level: 100%) |
Threat ID: 69cf04e8e6bfc5ba1d090aeb
Added to database: 4/3/2026, 12:08:08 AM
Last enriched: 4/3/2026, 12:23:19 AM
Last updated: 4/3/2026, 6:45:04 AM
Views: 9
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Sort by
Loading community insights…
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
PRO
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Please log in to the Console to use AI analysis features.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Breach by OffSeqOFFSEQFRIENDS — 25% OFF
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
OffSeq TrainingCredly Certified
Lead Pen Test Professional
Technical5-day eLearningPECB Accredited