Reconnecting to live updates…

ThreatFox IOCs for 2026-04-12

Severity: mediumType: malware

AI Analysis

Technical Summary

The ThreatFox IOCs published on 2026-04-12 pertain to malware-related network activity and payload delivery. The data is sourced from the ThreatFox MISP feed and classified under OSINT. There are no specific affected product versions or known exploits in the wild. Patch status is false, indicating no fix is available. The threat level and analysis scores are low to moderate, with distribution rated higher, suggesting some spread but limited technical analysis. No technical indicators are provided.

Potential Impact

The threat involves malware-related network activity and payload delivery, which could potentially lead to compromise if exploited. However, no known exploits in the wild or specific affected versions are identified, limiting immediate impact. The medium severity suggests moderate risk but no confirmed active exploitation or widespread impact at this time.

Mitigation Recommendations

No patch is available for this threat. Since it is not a cloud service, remediation depends on detection and response capabilities. Organizations should monitor for related IOCs from ThreatFox feeds and apply standard network security controls to detect and block suspicious payload delivery and network activity. No vendor advisory indicates specific mitigation steps or fixes.

Indicators of Compromise

file: 134.122.62.220
hash: 25001
file: 146.190.237.152
hash: 25001
file: 209.38.109.16
hash: 25001
domain: poxzxin.cyou
file: 142.93.129.148
hash: 25001
domain: peer1-link.zeq9lora.in.net
domain: 2hqc55jr.amb1ing-farm.digital
domain: f13hwmuq.amb1ing-farm.digital
domain: seed2-node.zeq9lora.in.net
domain: hash3-list.zeq9lora.in.net
domain: salt4-byte.zeq9lora.in.net
domain: ping5-test.zeq9lora.in.net
domain: hop6-route.zeq9lora.in.net
domain: zone1-dns.travexon.in.net
domain: rec2-record.travexon.in.net
domain: ttl3-limit.travexon.in.net
domain: soa4-start.travexon.in.net
domain: ptr5-rev.travexon.in.net
domain: txt6-info.travexon.in.net
domain: raw1-blob.bryo2maxil.in.net
domain: file2-obj.bryo2maxil.in.net
domain: dir3-index.bryo2maxil.in.net
domain: tmp4-path.bryo2maxil.in.net
domain: bin5-exec.bryo2maxil.in.net
file: 172.233.48.232
hash: 25001
file: 172.233.33.137
hash: 25001
domain: lib6-share.bryo2maxil.in.net
file: 172.233.54.223
hash: 25001
domain: dom1-tree.norxelium.in.net
file: 172.233.54.228
hash: 25001
domain: css2-rule.norxelium.in.net
file: 172.235.182.208
hash: 25001
file: 172.233.54.211
hash: 25001
domain: tag3-attr.norxelium.in.net
file: 172.233.54.53
hash: 25001
domain: soste15oct.duckdns.org
domain: js4-script.norxelium.in.net
domain: serdyuk2-50934.portmap.host
file: 172.235.182.49
hash: 25001
domain: img5-asset.norxelium.in.net
domain: font6-face.norxelium.in.net
domain: cron1-task.qul7vexar.in.net
file: 172.235.182.216
hash: 25001
domain: job2-run.qul7vexar.in.net
file: 172.235.163.88
hash: 25001
domain: pid3-check.qul7vexar.in.net
domain: top4-load.qul7vexar.in.net
file: 101.35.95.103
hash: 443
domain: stat5-info.qul7vexar.in.net
domain: bash6-cmd.qul7vexar.in.net
domain: flow1-point.zorvelixan.in.net
domain: api2-delta.zorvelixan.in.net
domain: node3-alpha.zorvelixan.in.net
domain: sync4-meta.zorvelixan.in.net
domain: web5-relay.zorvelixan.in.net
domain: gate6-post.zorvelixan.in.net
domain: site1-proxy.plu8moran.in.net
domain: data2-fast.plu8moran.in.net
domain: app3-frame.plu8moran.in.net
domain: soft4-base.plu8moran.in.net
domain: hub5-local.plu8moran.in.net
domain: port6-send.plu8moran.in.net
domain: link1-host.draxolin.in.net
domain: peer2-join.draxolin.in.net
domain: srv3-ready.draxolin.in.net
domain: main4-path.draxolin.in.net
domain: unit5-mesh.draxolin.in.net
domain: gate6-root.draxolin.in.net
domain: work1-area.veq4tralis.in.net
domain: api2-stage.veq4tralis.in.net
domain: node3-view.veq4tralis.in.net
domain: call4-back.veq4tralis.in.net
domain: svc5-task.veq4tralis.in.net
url: https://kurdishstudies.net/
domain: way6-gate.veq4tralis.in.net
domain: step1-item.krynexor.in.net
domain: list2-load.krynexor.in.net
file: 209.38.32.147
hash: 25001
domain: node3-core.krynexor.in.net
file: 169.136.125.98
hash: 25001
file: 174.138.13.65
hash: 25001
file: 178.128.245.197
hash: 25001
domain: api4-sync.krynexor.in.net
domain: svc5-rule.krynexor.in.net
file: 104.21.29.56
hash: 443
file: 104.21.77.227
hash: 443
file: 172.67.212.35
hash: 443
file: 172.67.171.98
hash: 443
file: 202.168.105.153
hash: 25001
file: 220.200.249.48
hash: 25001
domain: hub6-main.krynexor.in.net
domain: ama.jp.net
domain: drmartensoutlet.us.com
domain: auth1-user.sox9liven.in.net
domain: api2-cert.sox9liven.in.net
domain: node3-pack.sox9liven.in.net
domain: blob4-data.sox9liven.in.net
domain: ahaya.it.com
domain: shee5kmm.3utilities.com
domain: kurkupa-robux.ru
domain: deathtoall-38456.portmap.host
domain: deathtoall-43710.portmap.host
domain: svc5-edge.sox9liven.in.net
file: 119.45.27.209
hash: 55443
file: 47.104.248.7
hash: 8884
domain: ideavault.in.net
file: 151.59.38.225
hash: 8080
file: 8.218.5.176
hash: 8443
domain: gate6-link.sox9liven.in.net
domain: file1-swap.travemox.in.net
domain: api2-port.travemox.in.net
domain: node3-link.travemox.in.net
domain: db4-cache.travemox.in.net
domain: svc5-scan.travemox.in.net
domain: hub6-pipe.travemox.in.net
domain: base1-site.bri2xalon.in.net
url: https://136.243.203.97
domain: app2-root.bri2xalon.in.net
domain: newworld-helloworld.icu
domain: node3-flag.bri2xalon.in.net
file: 3.79.25.207
hash: 80
file: 156.239.47.94
hash: 81
file: 47.119.178.247
hash: 8086
domain: box4-file.bri2xalon.in.net
file: 115.190.244.119
hash: 2095
domain: svc5-info.bri2xalon.in.net
domain: gate6-map.bri2xalon.in.net
domain: read1-data.norqelix.in.net
file: 172.81.183.187
hash: 443
domain: primetrace.cfd
url: https://primetrace.cfd/t.js?site=
url: https://primetrace.cfd/t.188cfd3975db.js
domain: api2-jump.norqelix.in.net
url: https://primetrace.cfd/ext-b.8ec365dfbab5.js
url: https://primetrace.cfd/ext.4ac6dedda6a5.js
domain: shadowlink.cyou
url: https://shadowlink.cyou/t.js?site=
url: https://shadowlink.cyou/t.188cfd3975db.js
domain: node3-push.norqelix.in.net
url: https://shadowlink.cyou/ext-b.8ec365dfbab5.js
url: https://shadowlink.cyou/ext.4ac6dedda6a5.js
domain: ceramicskick.digital
url: https://ceramicskick.digital/script.sh
domain: folkunwary.digital
url: https://folkunwary.digital/script.sh
domain: mumbleplaything.digital
url: https://mumbleplaything.digital/script.sh
domain: scoldingspoiled.digital
url: https://scoldingspoiled.digital/script.sh
domain: map4-base.norqelix.in.net
domain: unlessdiscolor.icu
url: https://unlessdiscolor.icu/script.sh
domain: uniquelyblimp.icu
url: https://uniquelyblimp.icu/script.sh
domain: disallowreconfirm.digital
url: https://disallowreconfirm.digital/script.sh
domain: enslaveculprit.digital
url: https://enslaveculprit.digital/script.sh
file: 178.16.55.226
hash: 9443
file: 178.63.172.17
hash: 443
file: 13.202.120.94
hash: 443
file: 91.84.111.104
hash: 8443
file: 34.95.166.68
hash: 8443
file: 94.156.119.219
hash: 443
file: 18.230.228.148
hash: 443
file: 78.128.114.22
hash: 4433
file: 155.117.20.166
hash: 443
file: 157.230.20.98
hash: 8081
file: 23.95.75.178
hash: 8443
domain: managingdeceptive.digital
url: https://managingdeceptive.digital/script.sh
domain: goalharvest.digital
domain: svc5-flow.norqelix.in.net
url: https://goalharvest.digital/script.sh
domain: cauterizespray.icu
url: https://cauterizespray.icu/script.sh
domain: pencilduring.icu
url: https://pencilduring.icu/script.sh
domain: hub6-area.norqelix.in.net
domain: mymeetingnow.com
url: https://mymeetingnow.com
url: https://mymeetingnow.com/microsoft-store.html
domain: test1-run.quv7maren.in.net
url: https://mymeetingnow.com/metro/download.php
domain: mymeetgooogle.com
url: https://mymeetgooogle.com
url: https://mymeetgooogle.com/microsoft-store.html
url: https://mymeetgooogle.com/metro/download.php
domain: api2-call.quv7maren.in.net
domain: node3-soft.quv7maren.in.net
domain: vault4-key.quv7maren.in.net
domain: svc5-relay.quv7maren.in.net
domain: gate6-main.quv7maren.in.net
file: 188.137.233.71
hash: 9000
domain: ma1n.quv7maren.in.net
domain: a1ea.norqelix.in.net
domain: b0x.bri2xalon.in.net
domain: fi1e.bri2xalon.in.net
domain: node3.travemox.in.net
domain: f0rmate.para5itrecal.in.net
domain: 1ink.sox9liven.in.net
domain: serlith5ex.xeltronix.in.net
domain: ktvkmgqc.xeltronix.in.net
domain: toke-plate.xeltronix.in.net
domain: 77vlmbv.xeltronix.in.net
domain: enclin.xeltronix.in.net
domain: nf59jdtk.xeltronix.in.net
domain: zendra6a.pra7vexal.in.net
url: http://144.31.57.65/api/nte3yjdjnwu1njyznju2yta1n2y=
file: 144.31.57.65
hash: 80
domain: f1x8-point.pra7vexal.in.net
domain: kel-valear.pra7vexal.in.net
domain: timbecor.pra7vexal.in.net
domain: anccompi.pra7vexal.in.net
domain: sub-runvv.pra7vexal.in.net
domain: jymbrdt.drumoxel.in.net
domain: dyndra8al.drumoxel.in.net
domain: dawnbold.drumoxel.in.net
domain: scalelabel.drumoxel.in.net
domain: meta-cornp.drumoxel.in.net
domain: outletarray.drumoxel.in.net
domain: glypipeli.vo3xiran.in.net
domain: cmomy7g.vo3xiran.in.net
domain: mogen.vo3xiran.in.net
domain: neura-vector.vo3xiran.in.net
domain: pulse1-phase.vo3xiran.in.net
url: http://103.75.117.209:8888/supershell/login/
file: 103.75.117.209
hash: 8888
domain: dosb0zd.vo3xiran.in.net
domain: rn1no-hold.klinavor.in.net
domain: dynspireis.klinavor.in.net
domain: 5xhr.klinavor.in.net
domain: mhkugefu.klinavor.in.net
url: https://www.simontait.com.au/
domain: sparrowultra.klinavor.in.net
file: 172.235.171.157
hash: 25001
domain: summ4-field.klinavor.in.net
file: 172.235.171.52
hash: 25001
file: 172.235.171.107
hash: 25001
domain: sapcha.zeq8morin.in.net
file: 172.235.171.236
hash: 25001
domain: deepoutl.zeq8morin.in.net
file: 172.235.171.208
hash: 25001
domain: irfy5j.zeq8morin.in.net
file: 172.233.50.161
hash: 25001
domain: sdasrfj.zeq8morin.in.net
file: 172.235.171.201
hash: 25001
domain: pjrlyy.zeq8morin.in.net
file: 172.235.171.169
hash: 25001
domain: letteneed.zeq8morin.in.net
file: 172.235.171.143
hash: 25001
domain: rur414-line.travixon.in.net
file: 48.222.9.8
hash: 3000
domain: tricrestum.travixon.in.net
domain: sketcult.travixon.in.net
domain: n0hi.travixon.in.net
domain: f0res-frame.travixon.in.net
domain: neo-f0x.travixon.in.net
domain: basi-sand.bry5laxon.in.net
file: 45.90.98.215
hash: 5173
domain: sol-draon.bry5laxon.in.net
domain: app.xai533k.com
file: 45.152.149.50
hash: 56001
domain: app.cc-coins.xyz
domain: chat.cc-coins.xyz
domain: 1433.ydns.eu
domain: hzh.0xox0xox0.com
file: 103.118.255.239
hash: 8888
file: 103.118.255.239
hash: 14993
domain: 5ap-pulse.bry5laxon.in.net
domain: lakestlucia.com
domain: cliff-hinge.bry5laxon.in.net
url: http://check.nid-log.com/api/bootservice.php
domain: freightrap.bry5laxon.in.net
domain: printscar.bry5laxon.in.net
domain: gr1m-forge.norxevin.in.net
file: 45.138.16.142
hash: 443
domain: regretsquirrel.xyz
domain: hoyjyxdc.norxevin.in.net
url: https://136.243.116.58
file: 45.83.28.4
hash: 443
file: 45.141.215.100
hash: 443
domain: dockbrok.norxevin.in.net
file: 164.92.157.113
hash: 25001
domain: imag-media.norxevin.in.net
file: 164.92.222.166
hash: 25001
domain: merdraex.norxevin.in.net
domain: ridg31-drive.norxevin.in.net
domain: test-dummy-validation.invalid
url: https://fundsf.com/fish_ws/status
url: https://fundsf.com/socket.io/?eio=4&transport=polling
url: https://fundsf.com/jwiynfdy/
url: wss://fundsf.com/api/gateway/fish_ws
file: 38.97.254.221
hash: 443
domain: fundsf.com
domain: sound3-gate.qul2marox.in.net
domain: primescan.live
url: https://primescan.live/t.js?site=
url: https://primescan.live/t.188cfd3975db.js
url: https://primescan.live/ext-b.8ec365dfbab5.js
url: https://auto-it.com/
url: https://primescan.live/ext.4ac6dedda6a5.js
domain: shadowmetric.buzz
url: https://shadowmetric.buzz/t.js?site=
url: https://shadowmetric.buzz/t.188cfd3975db.js
url: https://shadowmetric.buzz/ext-b.8ec365dfbab5.js
domain: cddvp.qul2marox.in.net
url: https://shadowmetric.buzz/ext.4ac6dedda6a5.js
domain: t3st1-track.qul2marox.in.net
domain: yjcyrpx.qul2marox.in.net
domain: colorpastur.qul2marox.in.net
domain: pquyrk.qul2marox.in.net
domain: opticsswi.con9uerbunker.in.net
domain: reso1-cast.con9uerbunker.in.net
domain: v1al-sheet.con9uerbunker.in.net
domain: exposmot.con9uerbunker.in.net
domain: b4y-signal.con9uerbunker.in.net
domain: royalemb.con9uerbunker.in.net
domain: clinicfjord.recogniz-rural.in.net
domain: vk05p.recogniz-rural.in.net
domain: lyav76.recogniz-rural.in.net
domain: macrosummit.recogniz-rural.in.net
domain: pale-prime.recogniz-rural.in.net
domain: nkhpvbun.recogniz-rural.in.net
domain: cell4-stream.2rmpitoutstand.in.net
domain: atomicatom.2rmpitoutstand.in.net
domain: southspring.2rmpitoutstand.in.net
domain: blwaa.2rmpitoutstand.in.net
domain: abncti.2rmpitoutstand.in.net
domain: 5ummi5-mark.2rmpitoutstand.in.net
domain: xoilacztl.tv
domain: malware.xoilacztl.tv
domain: xlvi.livebytexscore.com
domain: malware.xlvi.livebytexscore.com
domain: xltv.livebytexscore.com
domain: malware.xltv.livebytexscore.com
domain: xl365.livebytexscore.com
domain: malware.xl365.livebytexscore.com
domain: jjk.uk.com
domain: soco.livebytexscore.com
domain: malware.soco.livebytexscore.com
domain: malware.seetexaseclipse.com
domain: rondoavenueinc.org
domain: malware.rondoavenueinc.org
domain: bjam.in.net
domain: malware.livebytexscore.com
domain: jurasudfoot.com
domain: malware.jurasudfoot.com
domain: 54asharp-reviews.sa.com
domain: explorethemed.com
domain: malware.explorethemed.com
domain: ck.livebytexscore.com
domain: malware.ck.livebytexscore.com
domain: cakhiaan.cc
domain: malware.cakhiaan.cc
domain: 91p.livebytexscore.com
domain: malware.91p.livebytexscore.com
domain: xoilaczzzw.tv
domain: malware.xoilaczzzw.tv
domain: ybdfinds.com
domain: malware.ybdfinds.com
domain: xoilacztf.tv
domain: malware.xoilacztf.tv
domain: xoilacxyy.tv
domain: malware.xoilacxyy.tv
domain: xoilacxyu.tv
domain: malware.xoilacxyu.tv
domain: xoilacxyq.tv
domain: malware.xoilacxyq.tv
domain: xoilacxyp.tv
domain: malware.xoilacxyp.tv
domain: 7mcn.casa
domain: xoilacvvw.cc
domain: malware.xoilacvvw.cc
file: 217.63.243.49
hash: 5555
domain: xoilactvlinkc.com
domain: malware.xoilactvlinkc.com
file: 23.248.233.106
hash: 5222
file: 23.248.233.106
hash: 22352
file: 134.122.128.16
hash: 10801
file: 27.124.34.8
hash: 10801
file: 38.181.2.53
hash: 1151
domain: gazawar.in.net
url: https://179.43.162.23:8509/c29db42cd4cdbbd4077/favicon.png
domain: izdmpn.far-guess.in.net
domain: kvtk.far-guess.in.net
domain: olxx.far-guess.in.net
domain: vitalpure.far-guess.in.net
domain: review-spr.far-guess.in.net
domain: snow-cache.far-guess.in.net
domain: ht1eqo.suicideva1ny.in.net
domain: dynvenis5.suicideva1ny.in.net
domain: switchfresh.suicideva1ny.in.net
file: 147.124.213.101
hash: 1985
domain: coral5-index.suicideva1ny.in.net
domain: 41uml3.suicideva1ny.in.net
domain: 1kuz.suicideva1ny.in.net
domain: labellively.cytolo-gyywniak.in.net
domain: 96rcki34.cytolo-gyywniak.in.net
domain: 5ybzh.cytolo-gyywniak.in.net
domain: arklinea.cytolo-gyywniak.in.net
domain: normarkix.cytolo-gyywniak.in.net
domain: compute-comp.cytolo-gyywniak.in.net
domain: sap-alp.charlotte5tereoph.in.net
domain: sermarken6.charlotte5tereoph.in.net
domain: systemott.charlotte5tereoph.in.net
domain: jnza.charlotte5tereoph.in.net
domain: vub10.charlotte5tereoph.in.net
domain: c4p1-route.charlotte5tereoph.in.net
domain: jznccuuc.paragonbloomera.digital
domain: m9thskmy.paragonbloomera.digital
domain: nmno.cash-guys.in.net
domain: publiccrawl.cash-guys.in.net
domain: 68df0.cash-guys.in.net
domain: moon0-logic.cash-guys.in.net
domain: fl0w-graph.cash-guys.in.net
domain: apbc9a.cash-guys.in.net
domain: zenspireix9.disas5embsilence.in.net
domain: merspireos7.disas5embsilence.in.net
domain: agibny9n.disas5embsilence.in.net
domain: han9l.disas5embsilence.in.net
domain: zl0dsl.disas5embsilence.in.net
domain: genelight.disas5embsilence.in.net
domain: odau.clean-sorted.in.net
domain: lwzqvms.clean-sorted.in.net
domain: lum-lineos.clean-sorted.in.net
domain: opt1c-mesh.clean-sorted.in.net
domain: bkumfd.clean-sorted.in.net
domain: arknexal2.clean-sorted.in.net
domain: gf11j.decembha1ifa.in.net
domain: repairsales.decembha1ifa.in.net
domain: 9rmc.decembha1ifa.in.net
domain: harves3-spark.decembha1ifa.in.net
domain: trivenet8.decembha1ifa.in.net
domain: winterdeliv.decembha1ifa.in.net
domain: lvk5wwb.glasso-greconstruct.in.net
domain: lumtidea9.glasso-greconstruct.in.net
domain: exte-lab.glasso-greconstruct.in.net
domain: fiercepale.glasso-greconstruct.in.net
domain: scre-wes.glasso-greconstruct.in.net
domain: needlsdk.glasso-greconstruct.in.net
domain: xjmzl07n.habe7dpermanent.in.net
domain: tal-crestal.habe7dpermanent.in.net
domain: deal-mars.habe7dpermanent.in.net
domain: arkcrest5or.habe7dpermanent.in.net
domain: quormarkal8.habe7dpermanent.in.net
domain: dzokbx.habe7dpermanent.in.net
domain: cipherdepo.conferen-cesman.in.net
domain: fresh-crest.conferen-cesman.in.net

ThreatFox IOCs for 2026-04-12

Severity: medium

Type: malware

ThreatFox IOCs for 2026-04-12

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

file: 134.122.62.220
hash: 25001
file: 146.190.237.152
hash: 25001
file: 209.38.109.16
hash: 25001
domain: poxzxin.cyou
file: 142.93.129.148
hash: 25001
domain: peer1-link.zeq9lora.in.net
domain: 2hqc55jr.amb1ing-farm.digital
domain: f13hwmuq.amb1ing-farm.digital
domain: seed2-node.zeq9lora.in.net
domain: hash3-list.zeq9lora.in.net
domain: salt4-byte.zeq9lora.in.net
domain: ping5-test.zeq9lora.in.net
domain: hop6-route.zeq9lora.in.net
domain: zone1-dns.travexon.in.net
domain: rec2-record.travexon.in.net
domain: ttl3-limit.travexon.in.net
domain: soa4-start.travexon.in.net
domain: ptr5-rev.travexon.in.net
domain: txt6-info.travexon.in.net
domain: raw1-blob.bryo2maxil.in.net
domain: file2-obj.bryo2maxil.in.net
domain: dir3-index.bryo2maxil.in.net
domain: tmp4-path.bryo2maxil.in.net
domain: bin5-exec.bryo2maxil.in.net
file: 172.233.48.232
hash: 25001
file: 172.233.33.137
hash: 25001
domain: lib6-share.bryo2maxil.in.net
file: 172.233.54.223
hash: 25001
domain: dom1-tree.norxelium.in.net
file: 172.233.54.228
hash: 25001
domain: css2-rule.norxelium.in.net
file: 172.235.182.208
hash: 25001
file: 172.233.54.211
hash: 25001
domain: tag3-attr.norxelium.in.net
file: 172.233.54.53
hash: 25001
domain: soste15oct.duckdns.org
domain: js4-script.norxelium.in.net
domain: serdyuk2-50934.portmap.host
file: 172.235.182.49
hash: 25001
domain: img5-asset.norxelium.in.net
domain: font6-face.norxelium.in.net
domain: cron1-task.qul7vexar.in.net
file: 172.235.182.216
hash: 25001
domain: job2-run.qul7vexar.in.net
file: 172.235.163.88
hash: 25001
domain: pid3-check.qul7vexar.in.net
domain: top4-load.qul7vexar.in.net
file: 101.35.95.103
hash: 443
domain: stat5-info.qul7vexar.in.net
domain: bash6-cmd.qul7vexar.in.net
domain: flow1-point.zorvelixan.in.net
domain: api2-delta.zorvelixan.in.net
domain: node3-alpha.zorvelixan.in.net
domain: sync4-meta.zorvelixan.in.net
domain: web5-relay.zorvelixan.in.net
domain: gate6-post.zorvelixan.in.net
domain: site1-proxy.plu8moran.in.net
domain: data2-fast.plu8moran.in.net
domain: app3-frame.plu8moran.in.net
domain: soft4-base.plu8moran.in.net
domain: hub5-local.plu8moran.in.net
domain: port6-send.plu8moran.in.net
domain: link1-host.draxolin.in.net
domain: peer2-join.draxolin.in.net
domain: srv3-ready.draxolin.in.net
domain: main4-path.draxolin.in.net
domain: unit5-mesh.draxolin.in.net
domain: gate6-root.draxolin.in.net
domain: work1-area.veq4tralis.in.net
domain: api2-stage.veq4tralis.in.net
domain: node3-view.veq4tralis.in.net
domain: call4-back.veq4tralis.in.net
domain: svc5-task.veq4tralis.in.net
url: https://kurdishstudies.net/
domain: way6-gate.veq4tralis.in.net
domain: step1-item.krynexor.in.net
domain: list2-load.krynexor.in.net
file: 209.38.32.147
hash: 25001
domain: node3-core.krynexor.in.net
file: 169.136.125.98
hash: 25001
file: 174.138.13.65
hash: 25001
file: 178.128.245.197
hash: 25001
domain: api4-sync.krynexor.in.net
domain: svc5-rule.krynexor.in.net
file: 104.21.29.56
hash: 443
file: 104.21.77.227
hash: 443
file: 172.67.212.35
hash: 443
file: 172.67.171.98
hash: 443
file: 202.168.105.153
hash: 25001
file: 220.200.249.48
hash: 25001
domain: hub6-main.krynexor.in.net
domain: ama.jp.net
domain: drmartensoutlet.us.com
domain: auth1-user.sox9liven.in.net
domain: api2-cert.sox9liven.in.net
domain: node3-pack.sox9liven.in.net
domain: blob4-data.sox9liven.in.net
domain: ahaya.it.com
domain: shee5kmm.3utilities.com
domain: kurkupa-robux.ru
domain: deathtoall-38456.portmap.host
domain: deathtoall-43710.portmap.host
domain: svc5-edge.sox9liven.in.net
file: 119.45.27.209
hash: 55443
file: 47.104.248.7
hash: 8884
domain: ideavault.in.net
file: 151.59.38.225
hash: 8080
file: 8.218.5.176
hash: 8443
domain: gate6-link.sox9liven.in.net
domain: file1-swap.travemox.in.net
domain: api2-port.travemox.in.net
domain: node3-link.travemox.in.net
domain: db4-cache.travemox.in.net
domain: svc5-scan.travemox.in.net
domain: hub6-pipe.travemox.in.net
domain: base1-site.bri2xalon.in.net
url: https://136.243.203.97
domain: app2-root.bri2xalon.in.net
domain: newworld-helloworld.icu
domain: node3-flag.bri2xalon.in.net
file: 3.79.25.207
hash: 80
file: 156.239.47.94
hash: 81
file: 47.119.178.247
hash: 8086
domain: box4-file.bri2xalon.in.net
file: 115.190.244.119
hash: 2095
domain: svc5-info.bri2xalon.in.net
domain: gate6-map.bri2xalon.in.net
domain: read1-data.norqelix.in.net
file: 172.81.183.187
hash: 443
domain: primetrace.cfd
url: https://primetrace.cfd/t.js?site=
url: https://primetrace.cfd/t.188cfd3975db.js
domain: api2-jump.norqelix.in.net
url: https://primetrace.cfd/ext-b.8ec365dfbab5.js
url: https://primetrace.cfd/ext.4ac6dedda6a5.js
domain: shadowlink.cyou
url: https://shadowlink.cyou/t.js?site=
url: https://shadowlink.cyou/t.188cfd3975db.js
domain: node3-push.norqelix.in.net
url: https://shadowlink.cyou/ext-b.8ec365dfbab5.js
url: https://shadowlink.cyou/ext.4ac6dedda6a5.js
domain: ceramicskick.digital
url: https://ceramicskick.digital/script.sh
domain: folkunwary.digital
url: https://folkunwary.digital/script.sh
domain: mumbleplaything.digital
url: https://mumbleplaything.digital/script.sh
domain: scoldingspoiled.digital
url: https://scoldingspoiled.digital/script.sh
domain: map4-base.norqelix.in.net
domain: unlessdiscolor.icu
url: https://unlessdiscolor.icu/script.sh
domain: uniquelyblimp.icu
url: https://uniquelyblimp.icu/script.sh
domain: disallowreconfirm.digital
url: https://disallowreconfirm.digital/script.sh
domain: enslaveculprit.digital
url: https://enslaveculprit.digital/script.sh
file: 178.16.55.226
hash: 9443
file: 178.63.172.17
hash: 443
file: 13.202.120.94
hash: 443
file: 91.84.111.104
hash: 8443
file: 34.95.166.68
hash: 8443
file: 94.156.119.219
hash: 443
file: 18.230.228.148
hash: 443
file: 78.128.114.22
hash: 4433
file: 155.117.20.166
hash: 443
file: 157.230.20.98
hash: 8081
file: 23.95.75.178
hash: 8443
domain: managingdeceptive.digital
url: https://managingdeceptive.digital/script.sh
domain: goalharvest.digital
domain: svc5-flow.norqelix.in.net
url: https://goalharvest.digital/script.sh
domain: cauterizespray.icu
url: https://cauterizespray.icu/script.sh
domain: pencilduring.icu
url: https://pencilduring.icu/script.sh
domain: hub6-area.norqelix.in.net
domain: mymeetingnow.com
url: https://mymeetingnow.com
url: https://mymeetingnow.com/microsoft-store.html
domain: test1-run.quv7maren.in.net
url: https://mymeetingnow.com/metro/download.php
domain: mymeetgooogle.com
url: https://mymeetgooogle.com
url: https://mymeetgooogle.com/microsoft-store.html
url: https://mymeetgooogle.com/metro/download.php
domain: api2-call.quv7maren.in.net
domain: node3-soft.quv7maren.in.net
domain: vault4-key.quv7maren.in.net
domain: svc5-relay.quv7maren.in.net
domain: gate6-main.quv7maren.in.net
file: 188.137.233.71
hash: 9000
domain: ma1n.quv7maren.in.net
domain: a1ea.norqelix.in.net
domain: b0x.bri2xalon.in.net
domain: fi1e.bri2xalon.in.net
domain: node3.travemox.in.net
domain: f0rmate.para5itrecal.in.net
domain: 1ink.sox9liven.in.net
domain: serlith5ex.xeltronix.in.net
domain: ktvkmgqc.xeltronix.in.net
domain: toke-plate.xeltronix.in.net
domain: 77vlmbv.xeltronix.in.net
domain: enclin.xeltronix.in.net
domain: nf59jdtk.xeltronix.in.net
domain: zendra6a.pra7vexal.in.net
url: http://144.31.57.65/api/nte3yjdjnwu1njyznju2yta1n2y=
file: 144.31.57.65
hash: 80
domain: f1x8-point.pra7vexal.in.net
domain: kel-valear.pra7vexal.in.net
domain: timbecor.pra7vexal.in.net
domain: anccompi.pra7vexal.in.net
domain: sub-runvv.pra7vexal.in.net
domain: jymbrdt.drumoxel.in.net
domain: dyndra8al.drumoxel.in.net
domain: dawnbold.drumoxel.in.net
domain: scalelabel.drumoxel.in.net
domain: meta-cornp.drumoxel.in.net
domain: outletarray.drumoxel.in.net
domain: glypipeli.vo3xiran.in.net
domain: cmomy7g.vo3xiran.in.net
domain: mogen.vo3xiran.in.net
domain: neura-vector.vo3xiran.in.net
domain: pulse1-phase.vo3xiran.in.net
url: http://103.75.117.209:8888/supershell/login/
file: 103.75.117.209
hash: 8888
domain: dosb0zd.vo3xiran.in.net
domain: rn1no-hold.klinavor.in.net
domain: dynspireis.klinavor.in.net
domain: 5xhr.klinavor.in.net
domain: mhkugefu.klinavor.in.net
url: https://www.simontait.com.au/
domain: sparrowultra.klinavor.in.net
file: 172.235.171.157
hash: 25001
domain: summ4-field.klinavor.in.net
file: 172.235.171.52
hash: 25001
file: 172.235.171.107
hash: 25001
domain: sapcha.zeq8morin.in.net
file: 172.235.171.236
hash: 25001
domain: deepoutl.zeq8morin.in.net
file: 172.235.171.208
hash: 25001
domain: irfy5j.zeq8morin.in.net
file: 172.233.50.161
hash: 25001
domain: sdasrfj.zeq8morin.in.net
file: 172.235.171.201
hash: 25001
domain: pjrlyy.zeq8morin.in.net
file: 172.235.171.169
hash: 25001
domain: letteneed.zeq8morin.in.net
file: 172.235.171.143
hash: 25001
domain: rur414-line.travixon.in.net
file: 48.222.9.8
hash: 3000
domain: tricrestum.travixon.in.net
domain: sketcult.travixon.in.net
domain: n0hi.travixon.in.net
domain: f0res-frame.travixon.in.net
domain: neo-f0x.travixon.in.net
domain: basi-sand.bry5laxon.in.net
file: 45.90.98.215
hash: 5173
domain: sol-draon.bry5laxon.in.net
domain: app.xai533k.com
file: 45.152.149.50
hash: 56001
domain: app.cc-coins.xyz
domain: chat.cc-coins.xyz
domain: 1433.ydns.eu
domain: hzh.0xox0xox0.com
file: 103.118.255.239
hash: 8888
file: 103.118.255.239
hash: 14993
domain: 5ap-pulse.bry5laxon.in.net
domain: lakestlucia.com
domain: cliff-hinge.bry5laxon.in.net
url: http://check.nid-log.com/api/bootservice.php
domain: freightrap.bry5laxon.in.net
domain: printscar.bry5laxon.in.net
domain: gr1m-forge.norxevin.in.net
file: 45.138.16.142
hash: 443
domain: regretsquirrel.xyz
domain: hoyjyxdc.norxevin.in.net
url: https://136.243.116.58
file: 45.83.28.4
hash: 443
file: 45.141.215.100
hash: 443
domain: dockbrok.norxevin.in.net
file: 164.92.157.113
hash: 25001
domain: imag-media.norxevin.in.net
file: 164.92.222.166
hash: 25001
domain: merdraex.norxevin.in.net
domain: ridg31-drive.norxevin.in.net
domain: test-dummy-validation.invalid
url: https://fundsf.com/fish_ws/status
url: https://fundsf.com/socket.io/?eio=4&transport=polling
url: https://fundsf.com/jwiynfdy/
url: wss://fundsf.com/api/gateway/fish_ws
file: 38.97.254.221
hash: 443
domain: fundsf.com
domain: sound3-gate.qul2marox.in.net
domain: primescan.live
url: https://primescan.live/t.js?site=
url: https://primescan.live/t.188cfd3975db.js
url: https://primescan.live/ext-b.8ec365dfbab5.js
url: https://auto-it.com/
url: https://primescan.live/ext.4ac6dedda6a5.js
domain: shadowmetric.buzz
url: https://shadowmetric.buzz/t.js?site=
url: https://shadowmetric.buzz/t.188cfd3975db.js
url: https://shadowmetric.buzz/ext-b.8ec365dfbab5.js
domain: cddvp.qul2marox.in.net
url: https://shadowmetric.buzz/ext.4ac6dedda6a5.js
domain: t3st1-track.qul2marox.in.net
domain: yjcyrpx.qul2marox.in.net
domain: colorpastur.qul2marox.in.net
domain: pquyrk.qul2marox.in.net
domain: opticsswi.con9uerbunker.in.net
domain: reso1-cast.con9uerbunker.in.net
domain: v1al-sheet.con9uerbunker.in.net
domain: exposmot.con9uerbunker.in.net
domain: b4y-signal.con9uerbunker.in.net
domain: royalemb.con9uerbunker.in.net
domain: clinicfjord.recogniz-rural.in.net
domain: vk05p.recogniz-rural.in.net
domain: lyav76.recogniz-rural.in.net
domain: macrosummit.recogniz-rural.in.net
domain: pale-prime.recogniz-rural.in.net
domain: nkhpvbun.recogniz-rural.in.net
domain: cell4-stream.2rmpitoutstand.in.net
domain: atomicatom.2rmpitoutstand.in.net
domain: southspring.2rmpitoutstand.in.net
domain: blwaa.2rmpitoutstand.in.net
domain: abncti.2rmpitoutstand.in.net
domain: 5ummi5-mark.2rmpitoutstand.in.net
domain: xoilacztl.tv
domain: malware.xoilacztl.tv
domain: xlvi.livebytexscore.com
domain: malware.xlvi.livebytexscore.com
domain: xltv.livebytexscore.com
domain: malware.xltv.livebytexscore.com
domain: xl365.livebytexscore.com
domain: malware.xl365.livebytexscore.com
domain: jjk.uk.com
domain: soco.livebytexscore.com
domain: malware.soco.livebytexscore.com
domain: malware.seetexaseclipse.com
domain: rondoavenueinc.org
domain: malware.rondoavenueinc.org
domain: bjam.in.net
domain: malware.livebytexscore.com
domain: jurasudfoot.com
domain: malware.jurasudfoot.com
domain: 54asharp-reviews.sa.com
domain: explorethemed.com
domain: malware.explorethemed.com
domain: ck.livebytexscore.com
domain: malware.ck.livebytexscore.com
domain: cakhiaan.cc
domain: malware.cakhiaan.cc
domain: 91p.livebytexscore.com
domain: malware.91p.livebytexscore.com
domain: xoilaczzzw.tv
domain: malware.xoilaczzzw.tv
domain: ybdfinds.com
domain: malware.ybdfinds.com
domain: xoilacztf.tv
domain: malware.xoilacztf.tv
domain: xoilacxyy.tv
domain: malware.xoilacxyy.tv
domain: xoilacxyu.tv
domain: malware.xoilacxyu.tv
domain: xoilacxyq.tv
domain: malware.xoilacxyq.tv
domain: xoilacxyp.tv
domain: malware.xoilacxyp.tv
domain: 7mcn.casa
domain: xoilacvvw.cc
domain: malware.xoilacvvw.cc
file: 217.63.243.49
hash: 5555
domain: xoilactvlinkc.com
domain: malware.xoilactvlinkc.com
file: 23.248.233.106
hash: 5222
file: 23.248.233.106
hash: 22352
file: 134.122.128.16
hash: 10801
file: 27.124.34.8
hash: 10801
file: 38.181.2.53
hash: 1151
domain: gazawar.in.net
url: https://179.43.162.23:8509/c29db42cd4cdbbd4077/favicon.png
domain: izdmpn.far-guess.in.net
domain: kvtk.far-guess.in.net
domain: olxx.far-guess.in.net
domain: vitalpure.far-guess.in.net
domain: review-spr.far-guess.in.net
domain: snow-cache.far-guess.in.net
domain: ht1eqo.suicideva1ny.in.net
domain: dynvenis5.suicideva1ny.in.net
domain: switchfresh.suicideva1ny.in.net
file: 147.124.213.101
hash: 1985
domain: coral5-index.suicideva1ny.in.net
domain: 41uml3.suicideva1ny.in.net
domain: 1kuz.suicideva1ny.in.net
domain: labellively.cytolo-gyywniak.in.net
domain: 96rcki34.cytolo-gyywniak.in.net
domain: 5ybzh.cytolo-gyywniak.in.net
domain: arklinea.cytolo-gyywniak.in.net
domain: normarkix.cytolo-gyywniak.in.net
domain: compute-comp.cytolo-gyywniak.in.net
domain: sap-alp.charlotte5tereoph.in.net
domain: sermarken6.charlotte5tereoph.in.net
domain: systemott.charlotte5tereoph.in.net
domain: jnza.charlotte5tereoph.in.net
domain: vub10.charlotte5tereoph.in.net
domain: c4p1-route.charlotte5tereoph.in.net
domain: jznccuuc.paragonbloomera.digital
domain: m9thskmy.paragonbloomera.digital
domain: nmno.cash-guys.in.net
domain: publiccrawl.cash-guys.in.net
domain: 68df0.cash-guys.in.net
domain: moon0-logic.cash-guys.in.net
domain: fl0w-graph.cash-guys.in.net
domain: apbc9a.cash-guys.in.net
domain: zenspireix9.disas5embsilence.in.net
domain: merspireos7.disas5embsilence.in.net
domain: agibny9n.disas5embsilence.in.net
domain: han9l.disas5embsilence.in.net
domain: zl0dsl.disas5embsilence.in.net
domain: genelight.disas5embsilence.in.net
domain: odau.clean-sorted.in.net
domain: lwzqvms.clean-sorted.in.net
domain: lum-lineos.clean-sorted.in.net
domain: opt1c-mesh.clean-sorted.in.net
domain: bkumfd.clean-sorted.in.net
domain: arknexal2.clean-sorted.in.net
domain: gf11j.decembha1ifa.in.net
domain: repairsales.decembha1ifa.in.net
domain: 9rmc.decembha1ifa.in.net
domain: harves3-spark.decembha1ifa.in.net
domain: trivenet8.decembha1ifa.in.net
domain: winterdeliv.decembha1ifa.in.net
domain: lvk5wwb.glasso-greconstruct.in.net
domain: lumtidea9.glasso-greconstruct.in.net
domain: exte-lab.glasso-greconstruct.in.net
domain: fiercepale.glasso-greconstruct.in.net
domain: scre-wes.glasso-greconstruct.in.net
domain: needlsdk.glasso-greconstruct.in.net
domain: xjmzl07n.habe7dpermanent.in.net
domain: tal-crestal.habe7dpermanent.in.net
domain: deal-mars.habe7dpermanent.in.net
domain: arkcrest5or.habe7dpermanent.in.net
domain: quormarkal8.habe7dpermanent.in.net
domain: dzokbx.habe7dpermanent.in.net
domain: cipherdepo.conferen-cesman.in.net
domain: fresh-crest.conferen-cesman.in.net

Source: ThreatFox MISP Feed

Published: Sun Apr 12 2026

ThreatFox IOCs for 2026-04-12

Medium

Malwaretype:osint tlp:white

Published: Sun Apr 12 2026 (04/12/2026, 00:00:00 UTC)

Source: ThreatFox MISP Feed

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2026-04-12

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 04/13/2026, 00:16:52 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: 82109987-4b63-43ab-b7bc-7ec4419f99d3
Original Timestamp: 1776038588

Indicators of Compromise

File

Value	Description	Copy
file134.122.62.220	Kimwolf botnet C2 server (confidence level: 100%)
file146.190.237.152	Kimwolf botnet C2 server (confidence level: 100%)
file209.38.109.16	Kimwolf botnet C2 server (confidence level: 100%)
file142.93.129.148	Kimwolf botnet C2 server (confidence level: 100%)
file172.233.48.232	Kimwolf botnet C2 server (confidence level: 100%)
file172.233.33.137	Kimwolf botnet C2 server (confidence level: 100%)
file172.233.54.223	Kimwolf botnet C2 server (confidence level: 100%)
file172.233.54.228	Kimwolf botnet C2 server (confidence level: 100%)
file172.235.182.208	Kimwolf botnet C2 server (confidence level: 100%)
file172.233.54.211	Kimwolf botnet C2 server (confidence level: 100%)
file172.233.54.53	Kimwolf botnet C2 server (confidence level: 100%)
file172.235.182.49	Kimwolf botnet C2 server (confidence level: 100%)
file172.235.182.216	Kimwolf botnet C2 server (confidence level: 100%)
file172.235.163.88	Kimwolf botnet C2 server (confidence level: 100%)
file101.35.95.103	Cobalt Strike botnet C2 server (confidence level: 90%)
file209.38.32.147	Kimwolf botnet C2 server (confidence level: 100%)
file169.136.125.98	Kimwolf botnet C2 server (confidence level: 100%)
file174.138.13.65	Kimwolf botnet C2 server (confidence level: 50%)
file178.128.245.197	Kimwolf botnet C2 server (confidence level: 100%)
file104.21.29.56	Nanocore RAT botnet C2 server (confidence level: 100%)
file104.21.77.227	Nanocore RAT botnet C2 server (confidence level: 100%)
file172.67.212.35	Nanocore RAT botnet C2 server (confidence level: 100%)
file172.67.171.98	Nanocore RAT botnet C2 server (confidence level: 100%)
file202.168.105.153	Kimwolf botnet C2 server (confidence level: 100%)
file220.200.249.48	Kimwolf botnet C2 server (confidence level: 100%)
file119.45.27.209	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.104.248.7	Cobalt Strike botnet C2 server (confidence level: 100%)
file151.59.38.225	SectopRAT botnet C2 server (confidence level: 100%)
file8.218.5.176	GobRAT botnet C2 server (confidence level: 100%)
file3.79.25.207	Cobalt Strike botnet C2 server (confidence level: 100%)
file156.239.47.94	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.119.178.247	Cobalt Strike botnet C2 server (confidence level: 100%)
file115.190.244.119	Cobalt Strike botnet C2 server (confidence level: 100%)
file172.81.183.187	Unknown malware botnet C2 server (confidence level: 100%)
file178.16.55.226	brute_ratel botnet C2 server (confidence level: 50%)
file178.63.172.17	brute_ratel botnet C2 server (confidence level: 50%)
file13.202.120.94	brute_ratel botnet C2 server (confidence level: 50%)
file91.84.111.104	brute_ratel botnet C2 server (confidence level: 50%)
file34.95.166.68	brute_ratel botnet C2 server (confidence level: 50%)
file94.156.119.219	brute_ratel botnet C2 server (confidence level: 50%)
file18.230.228.148	brute_ratel botnet C2 server (confidence level: 50%)
file78.128.114.22	brute_ratel botnet C2 server (confidence level: 50%)
file155.117.20.166	brute_ratel botnet C2 server (confidence level: 50%)
file157.230.20.98	brute_ratel botnet C2 server (confidence level: 50%)
file23.95.75.178	brute_ratel botnet C2 server (confidence level: 50%)
file188.137.233.71	SectopRAT botnet C2 server (confidence level: 100%)
file144.31.57.65	SmartLoader botnet C2 server (confidence level: 75%)
file103.75.117.209	Unknown malware botnet C2 server (confidence level: 100%)
file172.235.171.157	Kimwolf botnet C2 server (confidence level: 100%)
file172.235.171.52	Kimwolf botnet C2 server (confidence level: 100%)
file172.235.171.107	Kimwolf botnet C2 server (confidence level: 100%)
file172.235.171.236	Kimwolf botnet C2 server (confidence level: 100%)
file172.235.171.208	Kimwolf botnet C2 server (confidence level: 100%)
file172.233.50.161	Kimwolf botnet C2 server (confidence level: 100%)
file172.235.171.201	Kimwolf botnet C2 server (confidence level: 100%)
file172.235.171.169	Kimwolf botnet C2 server (confidence level: 100%)
file172.235.171.143	Kimwolf botnet C2 server (confidence level: 100%)
file48.222.9.8	Unknown malware botnet C2 server (confidence level: 100%)
file45.90.98.215	Unknown malware botnet C2 server (confidence level: 75%)
file45.152.149.50	PureRAT botnet C2 server (confidence level: 75%)
file103.118.255.239	Unknown malware botnet C2 server (confidence level: 75%)
file103.118.255.239	Unknown malware botnet C2 server (confidence level: 75%)
file45.138.16.142	Unknown RAT botnet C2 server (confidence level: 75%)
file45.83.28.4	Unknown RAT botnet C2 server (confidence level: 75%)
file45.141.215.100	Unknown RAT botnet C2 server (confidence level: 75%)
file164.92.157.113	Kimwolf botnet C2 server (confidence level: 100%)
file164.92.222.166	Kimwolf botnet C2 server (confidence level: 100%)
file38.97.254.221	magecart payload delivery server (confidence level: 90%)
file217.63.243.49	Quasar RAT botnet C2 server (confidence level: 100%)
file23.248.233.106	ValleyRAT botnet C2 server (confidence level: 100%)
file23.248.233.106	ValleyRAT botnet C2 server (confidence level: 100%)
file134.122.128.16	ValleyRAT botnet C2 server (confidence level: 100%)
file27.124.34.8	ValleyRAT botnet C2 server (confidence level: 100%)
file38.181.2.53	SpyNote botnet C2 server (confidence level: 100%)
file147.124.213.101	XWorm botnet C2 server (confidence level: 75%)

Hash

Value	Description	Copy
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 90%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 50%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash443	Nanocore RAT botnet C2 server (confidence level: 100%)
hash443	Nanocore RAT botnet C2 server (confidence level: 100%)
hash443	Nanocore RAT botnet C2 server (confidence level: 100%)
hash443	Nanocore RAT botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash55443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8884	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080	SectopRAT botnet C2 server (confidence level: 100%)
hash8443	GobRAT botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash81	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8086	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2095	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash9443	brute_ratel botnet C2 server (confidence level: 50%)
hash443	brute_ratel botnet C2 server (confidence level: 50%)
hash443	brute_ratel botnet C2 server (confidence level: 50%)
hash8443	brute_ratel botnet C2 server (confidence level: 50%)
hash8443	brute_ratel botnet C2 server (confidence level: 50%)
hash443	brute_ratel botnet C2 server (confidence level: 50%)
hash443	brute_ratel botnet C2 server (confidence level: 50%)
hash4433	brute_ratel botnet C2 server (confidence level: 50%)
hash443	brute_ratel botnet C2 server (confidence level: 50%)
hash8081	brute_ratel botnet C2 server (confidence level: 50%)
hash8443	brute_ratel botnet C2 server (confidence level: 50%)
hash9000	SectopRAT botnet C2 server (confidence level: 100%)
hash80	SmartLoader botnet C2 server (confidence level: 75%)
hash8888	Unknown malware botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash3000	Unknown malware botnet C2 server (confidence level: 100%)
hash5173	Unknown malware botnet C2 server (confidence level: 75%)
hash56001	PureRAT botnet C2 server (confidence level: 75%)
hash8888	Unknown malware botnet C2 server (confidence level: 75%)
hash14993	Unknown malware botnet C2 server (confidence level: 75%)
hash443	Unknown RAT botnet C2 server (confidence level: 75%)
hash443	Unknown RAT botnet C2 server (confidence level: 75%)
hash443	Unknown RAT botnet C2 server (confidence level: 75%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash443	magecart payload delivery server (confidence level: 90%)
hash5555	Quasar RAT botnet C2 server (confidence level: 100%)
hash5222	ValleyRAT botnet C2 server (confidence level: 100%)
hash22352	ValleyRAT botnet C2 server (confidence level: 100%)
hash10801	ValleyRAT botnet C2 server (confidence level: 100%)
hash10801	ValleyRAT botnet C2 server (confidence level: 100%)
hash1151	SpyNote botnet C2 server (confidence level: 100%)
hash1985	XWorm botnet C2 server (confidence level: 75%)

Domain

Value	Description	Copy
domainpoxzxin.cyou	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainpeer1-link.zeq9lora.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain2hqc55jr.amb1ing-farm.digital	ClearFake payload delivery domain (confidence level: 100%)
domainf13hwmuq.amb1ing-farm.digital	ClearFake payload delivery domain (confidence level: 100%)
domainseed2-node.zeq9lora.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainhash3-list.zeq9lora.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsalt4-byte.zeq9lora.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainping5-test.zeq9lora.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainhop6-route.zeq9lora.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainzone1-dns.travexon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainrec2-record.travexon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainttl3-limit.travexon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsoa4-start.travexon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainptr5-rev.travexon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaintxt6-info.travexon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainraw1-blob.bryo2maxil.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainfile2-obj.bryo2maxil.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindir3-index.bryo2maxil.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaintmp4-path.bryo2maxil.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbin5-exec.bryo2maxil.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainlib6-share.bryo2maxil.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindom1-tree.norxelium.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincss2-rule.norxelium.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaintag3-attr.norxelium.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsoste15oct.duckdns.org	Remcos botnet C2 domain (confidence level: 100%)
domainjs4-script.norxelium.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainserdyuk2-50934.portmap.host	XWorm botnet C2 domain (confidence level: 100%)
domainimg5-asset.norxelium.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainfont6-face.norxelium.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincron1-task.qul7vexar.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainjob2-run.qul7vexar.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainpid3-check.qul7vexar.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaintop4-load.qul7vexar.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainstat5-info.qul7vexar.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbash6-cmd.qul7vexar.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainflow1-point.zorvelixan.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainapi2-delta.zorvelixan.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainnode3-alpha.zorvelixan.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsync4-meta.zorvelixan.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainweb5-relay.zorvelixan.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaingate6-post.zorvelixan.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsite1-proxy.plu8moran.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindata2-fast.plu8moran.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainapp3-frame.plu8moran.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsoft4-base.plu8moran.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainhub5-local.plu8moran.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainport6-send.plu8moran.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainlink1-host.draxolin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainpeer2-join.draxolin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsrv3-ready.draxolin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainmain4-path.draxolin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainunit5-mesh.draxolin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaingate6-root.draxolin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainwork1-area.veq4tralis.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainapi2-stage.veq4tralis.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainnode3-view.veq4tralis.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincall4-back.veq4tralis.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsvc5-task.veq4tralis.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainway6-gate.veq4tralis.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainstep1-item.krynexor.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainlist2-load.krynexor.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainnode3-core.krynexor.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainapi4-sync.krynexor.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsvc5-rule.krynexor.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainhub6-main.krynexor.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainama.jp.net	Nanocore RAT botnet C2 domain (confidence level: 75%)
domaindrmartensoutlet.us.com	Nanocore RAT botnet C2 domain (confidence level: 75%)
domainauth1-user.sox9liven.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainapi2-cert.sox9liven.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainnode3-pack.sox9liven.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainblob4-data.sox9liven.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainahaya.it.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainshee5kmm.3utilities.com	XWorm botnet C2 domain (confidence level: 100%)
domainkurkupa-robux.ru	XWorm botnet C2 domain (confidence level: 100%)
domaindeathtoall-38456.portmap.host	XWorm botnet C2 domain (confidence level: 100%)
domaindeathtoall-43710.portmap.host	XWorm botnet C2 domain (confidence level: 100%)
domainsvc5-edge.sox9liven.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainideavault.in.net	Nanocore RAT botnet C2 domain (confidence level: 100%)
domaingate6-link.sox9liven.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainfile1-swap.travemox.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainapi2-port.travemox.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainnode3-link.travemox.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindb4-cache.travemox.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsvc5-scan.travemox.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainhub6-pipe.travemox.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbase1-site.bri2xalon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainapp2-root.bri2xalon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainnewworld-helloworld.icu	SantaStealer botnet C2 domain (confidence level: 100%)
domainnode3-flag.bri2xalon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbox4-file.bri2xalon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsvc5-info.bri2xalon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaingate6-map.bri2xalon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainread1-data.norqelix.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainprimetrace.cfd	Unknown malware payload delivery domain (confidence level: 100%)
domainapi2-jump.norqelix.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainshadowlink.cyou	Unknown malware payload delivery domain (confidence level: 100%)
domainnode3-push.norqelix.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainceramicskick.digital	Unknown malware payload delivery domain (confidence level: 100%)
domainfolkunwary.digital	Unknown malware payload delivery domain (confidence level: 100%)
domainmumbleplaything.digital	Unknown malware payload delivery domain (confidence level: 100%)
domainscoldingspoiled.digital	Unknown malware payload delivery domain (confidence level: 100%)
domainmap4-base.norqelix.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainunlessdiscolor.icu	Unknown malware payload delivery domain (confidence level: 100%)
domainuniquelyblimp.icu	Unknown malware payload delivery domain (confidence level: 100%)
domaindisallowreconfirm.digital	Unknown malware payload delivery domain (confidence level: 100%)
domainenslaveculprit.digital	Unknown malware payload delivery domain (confidence level: 100%)
domainmanagingdeceptive.digital	Unknown malware payload delivery domain (confidence level: 100%)
domaingoalharvest.digital	Unknown malware payload delivery domain (confidence level: 100%)
domainsvc5-flow.norqelix.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincauterizespray.icu	Unknown malware payload delivery domain (confidence level: 100%)
domainpencilduring.icu	Unknown malware payload delivery domain (confidence level: 100%)
domainhub6-area.norqelix.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainmymeetingnow.com	Unknown malware payload delivery domain (confidence level: 100%)
domaintest1-run.quv7maren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainmymeetgooogle.com	Unknown malware payload delivery domain (confidence level: 100%)
domainapi2-call.quv7maren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainnode3-soft.quv7maren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainvault4-key.quv7maren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsvc5-relay.quv7maren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaingate6-main.quv7maren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainma1n.quv7maren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaina1ea.norqelix.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainb0x.bri2xalon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainfi1e.bri2xalon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainnode3.travemox.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainf0rmate.para5itrecal.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain1ink.sox9liven.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainserlith5ex.xeltronix.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainktvkmgqc.xeltronix.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaintoke-plate.xeltronix.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain77vlmbv.xeltronix.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainenclin.xeltronix.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainnf59jdtk.xeltronix.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainzendra6a.pra7vexal.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainf1x8-point.pra7vexal.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainkel-valear.pra7vexal.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaintimbecor.pra7vexal.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainanccompi.pra7vexal.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsub-runvv.pra7vexal.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainjymbrdt.drumoxel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindyndra8al.drumoxel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindawnbold.drumoxel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainscalelabel.drumoxel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainmeta-cornp.drumoxel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainoutletarray.drumoxel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainglypipeli.vo3xiran.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincmomy7g.vo3xiran.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainmogen.vo3xiran.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainneura-vector.vo3xiran.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainpulse1-phase.vo3xiran.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindosb0zd.vo3xiran.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainrn1no-hold.klinavor.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindynspireis.klinavor.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain5xhr.klinavor.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainmhkugefu.klinavor.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsparrowultra.klinavor.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsumm4-field.klinavor.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsapcha.zeq8morin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindeepoutl.zeq8morin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainirfy5j.zeq8morin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsdasrfj.zeq8morin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainpjrlyy.zeq8morin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainletteneed.zeq8morin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainrur414-line.travixon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaintricrestum.travixon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsketcult.travixon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainn0hi.travixon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainf0res-frame.travixon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainneo-f0x.travixon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbasi-sand.bry5laxon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsol-draon.bry5laxon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainapp.xai533k.com	PureRAT botnet C2 domain (confidence level: 100%)
domainapp.cc-coins.xyz	Unknown malware botnet C2 domain (confidence level: 100%)
domainchat.cc-coins.xyz	Unknown malware botnet C2 domain (confidence level: 100%)
domain1433.ydns.eu	Unknown malware botnet C2 domain (confidence level: 100%)
domainhzh.0xox0xox0.com	Unknown malware botnet C2 domain (confidence level: 100%)
domain5ap-pulse.bry5laxon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainlakestlucia.com	NetSupportManager RAT botnet C2 domain (confidence level: 100%)
domaincliff-hinge.bry5laxon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainfreightrap.bry5laxon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainprintscar.bry5laxon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaingr1m-forge.norxevin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainregretsquirrel.xyz	Unknown Loader botnet C2 domain (confidence level: 100%)
domainhoyjyxdc.norxevin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindockbrok.norxevin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainimag-media.norxevin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainmerdraex.norxevin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainridg31-drive.norxevin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaintest-dummy-validation.invalid	magecart payload delivery domain (confidence level: 0%)
domainfundsf.com	magecart payload delivery domain (confidence level: 90%)
domainsound3-gate.qul2marox.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainprimescan.live	Unknown malware payload delivery domain (confidence level: 100%)
domainshadowmetric.buzz	Unknown malware payload delivery domain (confidence level: 100%)
domaincddvp.qul2marox.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaint3st1-track.qul2marox.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainyjcyrpx.qul2marox.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincolorpastur.qul2marox.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainpquyrk.qul2marox.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainopticsswi.con9uerbunker.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainreso1-cast.con9uerbunker.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainv1al-sheet.con9uerbunker.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainexposmot.con9uerbunker.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainb4y-signal.con9uerbunker.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainroyalemb.con9uerbunker.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainclinicfjord.recogniz-rural.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainvk05p.recogniz-rural.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainlyav76.recogniz-rural.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainmacrosummit.recogniz-rural.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainpale-prime.recogniz-rural.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainnkhpvbun.recogniz-rural.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincell4-stream.2rmpitoutstand.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainatomicatom.2rmpitoutstand.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsouthspring.2rmpitoutstand.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainblwaa.2rmpitoutstand.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainabncti.2rmpitoutstand.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain5ummi5-mark.2rmpitoutstand.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainxoilacztl.tv	Quasar RAT botnet C2 domain (confidence level: 100%)
domainmalware.xoilacztl.tv	Quasar RAT botnet C2 domain (confidence level: 100%)
domainxlvi.livebytexscore.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainmalware.xlvi.livebytexscore.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainxltv.livebytexscore.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainmalware.xltv.livebytexscore.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainxl365.livebytexscore.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainmalware.xl365.livebytexscore.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainjjk.uk.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainsoco.livebytexscore.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainmalware.soco.livebytexscore.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainmalware.seetexaseclipse.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainrondoavenueinc.org	Quasar RAT botnet C2 domain (confidence level: 100%)
domainmalware.rondoavenueinc.org	Quasar RAT botnet C2 domain (confidence level: 100%)
domainbjam.in.net	Quasar RAT botnet C2 domain (confidence level: 100%)
domainmalware.livebytexscore.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainjurasudfoot.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainmalware.jurasudfoot.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domain54asharp-reviews.sa.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainexplorethemed.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainmalware.explorethemed.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainck.livebytexscore.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainmalware.ck.livebytexscore.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domaincakhiaan.cc	Quasar RAT botnet C2 domain (confidence level: 100%)
domainmalware.cakhiaan.cc	Quasar RAT botnet C2 domain (confidence level: 100%)
domain91p.livebytexscore.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainmalware.91p.livebytexscore.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainxoilaczzzw.tv	Quasar RAT botnet C2 domain (confidence level: 100%)
domainmalware.xoilaczzzw.tv	Quasar RAT botnet C2 domain (confidence level: 100%)
domainybdfinds.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainmalware.ybdfinds.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainxoilacztf.tv	Quasar RAT botnet C2 domain (confidence level: 100%)
domainmalware.xoilacztf.tv	Quasar RAT botnet C2 domain (confidence level: 100%)
domainxoilacxyy.tv	Quasar RAT botnet C2 domain (confidence level: 100%)
domainmalware.xoilacxyy.tv	Quasar RAT botnet C2 domain (confidence level: 100%)
domainxoilacxyu.tv	Quasar RAT botnet C2 domain (confidence level: 100%)
domainmalware.xoilacxyu.tv	Quasar RAT botnet C2 domain (confidence level: 100%)
domainxoilacxyq.tv	Quasar RAT botnet C2 domain (confidence level: 100%)
domainmalware.xoilacxyq.tv	Quasar RAT botnet C2 domain (confidence level: 100%)
domainxoilacxyp.tv	Quasar RAT botnet C2 domain (confidence level: 100%)
domainmalware.xoilacxyp.tv	Quasar RAT botnet C2 domain (confidence level: 100%)
domain7mcn.casa	Quasar RAT botnet C2 domain (confidence level: 100%)
domainxoilacvvw.cc	Quasar RAT botnet C2 domain (confidence level: 100%)
domainmalware.xoilacvvw.cc	Quasar RAT botnet C2 domain (confidence level: 100%)
domainxoilactvlinkc.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainmalware.xoilactvlinkc.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domaingazawar.in.net	Nanocore RAT botnet C2 domain (confidence level: 100%)
domainizdmpn.far-guess.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainkvtk.far-guess.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainolxx.far-guess.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainvitalpure.far-guess.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainreview-spr.far-guess.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsnow-cache.far-guess.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainht1eqo.suicideva1ny.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindynvenis5.suicideva1ny.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainswitchfresh.suicideva1ny.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincoral5-index.suicideva1ny.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain41uml3.suicideva1ny.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain1kuz.suicideva1ny.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainlabellively.cytolo-gyywniak.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain96rcki34.cytolo-gyywniak.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain5ybzh.cytolo-gyywniak.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainarklinea.cytolo-gyywniak.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainnormarkix.cytolo-gyywniak.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincompute-comp.cytolo-gyywniak.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsap-alp.charlotte5tereoph.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsermarken6.charlotte5tereoph.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsystemott.charlotte5tereoph.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainjnza.charlotte5tereoph.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainvub10.charlotte5tereoph.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainc4p1-route.charlotte5tereoph.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainjznccuuc.paragonbloomera.digital	ClearFake payload delivery domain (confidence level: 100%)
domainm9thskmy.paragonbloomera.digital	ClearFake payload delivery domain (confidence level: 100%)
domainnmno.cash-guys.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainpubliccrawl.cash-guys.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain68df0.cash-guys.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainmoon0-logic.cash-guys.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainfl0w-graph.cash-guys.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainapbc9a.cash-guys.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainzenspireix9.disas5embsilence.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainmerspireos7.disas5embsilence.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainagibny9n.disas5embsilence.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainhan9l.disas5embsilence.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainzl0dsl.disas5embsilence.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaingenelight.disas5embsilence.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainodau.clean-sorted.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainlwzqvms.clean-sorted.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainlum-lineos.clean-sorted.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainopt1c-mesh.clean-sorted.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbkumfd.clean-sorted.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainarknexal2.clean-sorted.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaingf11j.decembha1ifa.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainrepairsales.decembha1ifa.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain9rmc.decembha1ifa.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainharves3-spark.decembha1ifa.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaintrivenet8.decembha1ifa.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainwinterdeliv.decembha1ifa.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainlvk5wwb.glasso-greconstruct.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainlumtidea9.glasso-greconstruct.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainexte-lab.glasso-greconstruct.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainfiercepale.glasso-greconstruct.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainscre-wes.glasso-greconstruct.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainneedlsdk.glasso-greconstruct.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainxjmzl07n.habe7dpermanent.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaintal-crestal.habe7dpermanent.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindeal-mars.habe7dpermanent.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainarkcrest5or.habe7dpermanent.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainquormarkal8.habe7dpermanent.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindzokbx.habe7dpermanent.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincipherdepo.conferen-cesman.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainfresh-crest.conferen-cesman.in.net	ClearFake payload delivery domain (confidence level: 100%)

Url

Value	Description	Copy
urlhttps://kurdishstudies.net/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://136.243.203.97	Vidar botnet C2 (confidence level: 75%)
urlhttps://primetrace.cfd/t.js?site=	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://primetrace.cfd/t.188cfd3975db.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://primetrace.cfd/ext-b.8ec365dfbab5.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://primetrace.cfd/ext.4ac6dedda6a5.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://shadowlink.cyou/t.js?site=	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://shadowlink.cyou/t.188cfd3975db.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://shadowlink.cyou/ext-b.8ec365dfbab5.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://shadowlink.cyou/ext.4ac6dedda6a5.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://ceramicskick.digital/script.sh	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://folkunwary.digital/script.sh	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://mumbleplaything.digital/script.sh	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://scoldingspoiled.digital/script.sh	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://unlessdiscolor.icu/script.sh	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://uniquelyblimp.icu/script.sh	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://disallowreconfirm.digital/script.sh	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://enslaveculprit.digital/script.sh	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://managingdeceptive.digital/script.sh	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://goalharvest.digital/script.sh	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://cauterizespray.icu/script.sh	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://pencilduring.icu/script.sh	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://mymeetingnow.com	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://mymeetingnow.com/microsoft-store.html	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://mymeetingnow.com/metro/download.php	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://mymeetgooogle.com	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://mymeetgooogle.com/microsoft-store.html	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://mymeetgooogle.com/metro/download.php	Unknown malware payload delivery URL (confidence level: 100%)
urlhttp://144.31.57.65/api/nte3yjdjnwu1njyznju2yta1n2y=	SmartLoader botnet C2 (confidence level: 75%)
urlhttp://103.75.117.209:8888/supershell/login/	Unknown malware botnet C2 (confidence level: 100%)
urlhttps://www.simontait.com.au/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttp://check.nid-log.com/api/bootservice.php	Unknown malware botnet C2 (confidence level: 100%)
urlhttps://136.243.116.58	Vidar botnet C2 (confidence level: 75%)
urlhttps://fundsf.com/fish_ws/status	magecart payload delivery URL (confidence level: 90%)
urlhttps://fundsf.com/socket.io/?eio=4&transport=polling	magecart payload delivery URL (confidence level: 90%)
urlhttps://fundsf.com/jwiynfdy/	magecart payload delivery URL (confidence level: 90%)
urlwss://fundsf.com/api/gateway/fish_ws	magecart payload delivery URL (confidence level: 90%)
urlhttps://primescan.live/t.js?site=	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://primescan.live/t.188cfd3975db.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://primescan.live/ext-b.8ec365dfbab5.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://auto-it.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://primescan.live/ext.4ac6dedda6a5.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://shadowmetric.buzz/t.js?site=	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://shadowmetric.buzz/t.188cfd3975db.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://shadowmetric.buzz/ext-b.8ec365dfbab5.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://shadowmetric.buzz/ext.4ac6dedda6a5.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://179.43.162.23:8509/c29db42cd4cdbbd4077/favicon.png	Rhadamanthys botnet C2 (confidence level: 100%)

Threat ID: 69dc35ea82d89c981f7953ab

Added to database: 4/13/2026, 12:16:42 AM

Last enriched: 4/13/2026, 12:16:52 AM

Last updated: 4/13/2026, 2:56:15 AM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited

View courses

ThreatFox IOCs for 2026-04-12

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

ThreatFox IOCs for 2026-04-12

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Technical Details

Indicators of Compromise

File

Hash

Domain

Url

Community Reviews

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility

ThreatFox IOCs for 2026-04-12

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

ThreatFox IOCs for 2026-04-12

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Technical Details

Indicators of Compromise

File

Hash

Domain

Url

Community Reviews

Related Threats

Maltrail IOC for 2026-04-12

ThreatFox IOCs for 2026-04-11

Maltrail IOC for 2026-04-11

ThreatFox IOCs for 2026-04-10

Maltrail IOC for 2026-04-10

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility