Reconnecting to live updates…

ThreatFox IOCs for 2026-04-13

Severity: mediumType: malware

AI Analysis

Technical Summary

The report details ThreatFox IOCs for malware observed on 2026-04-13, focusing on OSINT-related payload delivery and network activity. It lacks specific affected software versions or exploit details. The threat level is moderate, with no known active exploitation or available patches. The data primarily serves as intelligence for detection rather than describing a distinct vulnerability or exploit.

Potential Impact

The impact is assessed as medium severity based on the provided rating, but no direct exploitation or damage details are available. There are no known exploits in the wild, and no affected software versions are specified, indicating limited immediate risk.

Mitigation Recommendations

No patch or official remediation is available for this threat. Since it is an OSINT report of IOCs without specific actionable fixes, defenders should incorporate these IOCs into detection and monitoring tools as appropriate. No urgent remediation actions are indicated.

Indicators of Compromise

url: https://www.technopole-pathologie.fr/
url: https://t9sg.livekeynextlearn.com/?2e45ae879df914afbb78c98
url: https://hmc0.pagebestzoneread.com/?a505ebecd8850a44ab
url: https://www.taylornicholas.com.au/
url: https://tbase.com.mx/
url: https://xfwv.livekeynextlearn.com/?eef16b82f9ee0b29d
url: https://theblkspectrum.com/
file: 149.12.67.112
hash: 445
file: 8.210.79.198
hash: 8443
domain: םv
file: 38.207.181.132
hash: 8084
url: http://179.43.176.109/login
url: https://www.chiropracteur-brignais.fr/
url: https://pdfdocumentsharing.com/
url: https://t4xx.nextzonelivebest.com/?1cf2a26a782f6324
domain: handleill.conferen-cesman.in.net
domain: 57vl6.conferen-cesman.in.net
domain: quorcore1a.conferen-cesman.in.net
domain: breezesto.conferen-cesman.in.net
domain: rnoon-wave.rebutrew0rk.in.net
domain: modul-scene.rebutrew0rk.in.net
domain: serlineet.rebutrew0rk.in.net
domain: es3tp.rebutrew0rk.in.net
domain: cvsbi.rebutrew0rk.in.net
domain: 87vq.rebutrew0rk.in.net
domain: talmarkum1.mucus-rafter.in.net
domain: norvale5on.mucus-rafter.in.net
domain: load9-mount.mucus-rafter.in.net
domain: mpjrpw.mucus-rafter.in.net
domain: orvfw4.mucus-rafter.in.net
domain: bandwiglade.mucus-rafter.in.net
domain: geo-st0ck.chandelh2lifa.in.net
domain: 8rnyx.chandelh2lifa.in.net
domain: nhspq.chandelh2lifa.in.net
domain: bold4-loop.chandelh2lifa.in.net
domain: gvxnzo.chandelh2lifa.in.net
domain: sterileric.chandelh2lifa.in.net
domain: listenercorte.danger-style.in.net
domain: hw62b.danger-style.in.net
domain: 5cqwuhoc.danger-style.in.net
domain: ydiftfl.danger-style.in.net
domain: 39mx.danger-style.in.net
domain: payloastag.danger-style.in.net
domain: akkcq5.insti1partition.in.net
domain: 3zowl.insti1partition.in.net
file: 45.128.119.160
hash: 9506
domain: iqwo0.insti1partition.in.net
domain: ultra-shall0w.insti1partition.in.net
domain: toos.insti1partition.in.net
domain: vapb64us.insti1partition.in.net
domain: assetrid.sanctua-ryunt.in.net
domain: 1707.sanctua-ryunt.in.net
domain: cryeast.sanctua-ryunt.in.net
domain: daernon-grid.sanctua-ryunt.in.net
domain: wolorch.sanctua-ryunt.in.net
domain: 15cqw.sanctua-ryunt.in.net
domain: vend0r-crest.xeltronix.in.net
domain: x79h.xeltronix.in.net
domain: c0ysh.pra7vexal.in.net
domain: nisjdefz.pra7vexal.in.net
domain: dv.yuxuanow.com
domain: meta-tru5.drumoxel.in.net
domain: dih0t.drumoxel.in.net
domain: wkodj.vo3xiran.in.net
domain: 71wxz.vo3xiran.in.net
domain: lumnexa.klinavor.in.net
domain: ygxq.klinavor.in.net
domain: pxedkzjn.zeq8morin.in.net
domain: deliver4-mesh.zeq8morin.in.net
file: 179.43.176.109
hash: 80
domain: vmkzuhhq.travixon.in.net
file: 213.111.189.20
hash: 1489
url: http://co944709.tw1.ru/l1nc0in.php
url: http://chsk.stayland.space/4d74e561.php
file: 64.81.30.234
hash: 1388
file: 192.238.133.6
hash: 1180
domain: www.newgracecorp.com
domain: www.newgracecorpbackup1.com
file: 87.242.106.13
hash: 64106
domain: www.newgracecorpbackup2.com
domain: www.newgracecorpbackup3.com
domain: www.greatnewcorp.com
domain: www.greatnewcorpbackup1.com
domain: www.greatnewcorpbackup2.com
domain: www.greatnewcorpbackup3.com
domain: tgamkj.sa.com
domain: capitalloans.in.net
domain: fdversusmutualfunds.in.net
domain: icreate.jp.net
domain: artx.in.net
domain: 7mcnx.in.net
domain: runwspoo.travixon.in.net
domain: csi.eu.com
domain: microxact.cn.com
domain: gdtrainer10.waizerfly.com
domain: dllhosts.dynu.net
file: 64.81.30.234
hash: 1399
domain: edpisblackbro-54955.portmap.host
domain: f0cu-logic.bry5laxon.in.net
domain: shape-harv.bry5laxon.in.net
domain: zennexis.norxevin.in.net
url: https://www.lohnabrechnungen.net/
domain: buffmargi.norxevin.in.net
domain: did8.qul2marox.in.net
domain: lywetogx.qul2marox.in.net
domain: scenfie.decembha1ifa.in.net
domain: localwild.glasso-greconstruct.in.net
domain: w0rk3-wave.habe7dpermanent.in.net
domain: claudeapp.gitlab.io
domain: claude-code-app.gitlab.io
domain: claude-app-new.gitlab.io
domain: bandwi-span.conferen-cesman.in.net
file: 47.243.22.39
hash: 65201
domain: rouge.haiwaibula0.top
file: 47.76.191.171
hash: 65201
domain: trilith0en.rebutrew0rk.in.net
domain: vivi3-watch.mucus-rafter.in.net
domain: flamemanifest.chandelh2lifa.in.net
url: https://telegram.me/oxffffw
url: https://steamcommunity.com/profiles/76561198714927440
url: https://pre.hifive.net.au/
url: https://pre.sequareeus.online/
url: https://brd.sequareeus.online/
url: https://brd.biolinks.com.br/
url: https://hoe.biolinks.com.br/
url: https://fuz.supportify360.io/
url: https://135.181.233.224/
url: https://74.0.48.89/
url: https://135.181.233.230/
url: https://185.56.45.251/
url: https://185.56.45.244/
url: https://74.0.48.98/
url: https://74.0.32.183/
url: https://74.0.42.99/
url: https://157.90.132.175/
domain: pre.hifive.net.au
domain: pre.sequareeus.online
domain: brd.sequareeus.online
domain: brd.biolinks.com.br
domain: hoe.biolinks.com.br
domain: fuz.supportify360.io
file: 136.243.203.97
hash: 443
file: 135.181.233.224
hash: 443
file: 136.243.116.58
hash: 443
file: 74.0.48.89
hash: 443
file: 135.181.233.230
hash: 443
file: 185.56.45.251
hash: 443
file: 185.56.45.244
hash: 443
file: 74.0.48.98
hash: 443
file: 74.0.32.183
hash: 443
file: 74.0.42.99
hash: 443
file: 157.90.132.175
hash: 443
domain: neo-r0ck.danger-style.in.net
domain: solspireum.insti1partition.in.net
domain: rende7-beam.sanctua-ryunt.in.net
file: 82.192.72.3
hash: 55615
file: 42.238.239.136
hash: 53481
file: 45.59.123.122
hash: 9000
domain: rende.sanctua-ryunt.in.net
file: 38.124.86.207
hash: 139
domain: defend.sanctua-ryunt.in.net
domain: tp3gkrx.cry7adiophone.in.net
url: http://176.65.144.60/psd8ezaw/index.php
domain: freightdat.cry7adiophone.in.net
url: https://www.heliflite.com/
domain: valeoptic.cry7adiophone.in.net
domain: sfayxss.cry7adiophone.in.net
domain: meta-trust3d.cry7adiophone.in.net
domain: nimbl-sheet.cry7adiophone.in.net
file: 43.254.218.245
hash: 443
file: 103.178.57.213
hash: 80
file: 103.106.190.248
hash: 443
domain: iwiax.personal-danger.in.net
domain: qu0t6-trail.personal-danger.in.net
domain: ljubanawaterburythody.com
domain: vp4psm.personal-danger.in.net
domain: 00zk7cis.personal-danger.in.net
file: 36.67.234.41
hash: 8080
domain: pars-packe.personal-danger.in.net
domain: mer-draex.personal-danger.in.net
domain: aliglagoo.babrevea1ing.in.net
domain: itsyou.blacksheeplookingugly.com
domain: cg892665.babrevea1ing.in.net
file: 176.65.144.60
hash: 80
domain: patterndelivery.babrevea1ing.in.net
domain: zenforgeix.babrevea1ing.in.net
domain: quormeshos3.babrevea1ing.in.net
domain: deliveryquant.babrevea1ing.in.net
url: http://176.65.144.60/psd8ezaw/login.php
domain: rnatr1-branch.attit-negligent.in.net
domain: royalvita.attit-negligent.in.net
domain: dhcy36nr.attit-negligent.in.net
domain: ynykxz.attit-negligent.in.net
domain: zzqm.attit-negligent.in.net
file: 130.12.182.175
hash: 429
file: 46.151.182.245
hash: 429
file: 31.57.216.28
hash: 429
file: 46.151.182.19
hash: 429
file: 130.12.180.119
hash: 429
file: 31.57.216.27
hash: 429
file: 204.76.203.162
hash: 429
domain: 5tud1-zone.attit-negligent.in.net
file: 45.155.250.126
hash: 443
file: 83.142.209.196
hash: 443
domain: swordfull.info
hash: b4a7989bbe6d62951b93a33515f6690dab161e226aaae820ee6d9b086836d433
hash: bd3997c44f1820eccc6574ee003bf5319b6a27d28e782937271c6ae190af024d
hash: 6f6ee4710884d7b9a6fe498ffe66d0833ccdaddc2a99dff529a42fce2ed32d50
domain: merluis-beta.pages.dev
domain: nimblcave.piculi5tep.in.net
url: https://www.dropbox.com/scl/fi/6sd0a0od839wwehcndldi/merluis-setup-2.0.0.exe
hash: 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
hash: 7ae34abfc96de00ded88118f432251d114e517ccacc4bfc18e56dd1eb6ded39f
hash: ced385f69e56db2f63bafade76c6285b4a2e058880f271d30deadc52459d419d
domain: merluis.pages.dev
file: 209.54.101.190
hash: 1122
domain: 94auswsb.piculi5tep.in.net
domain: rownip.dyndnss.net
domain: papito.hopto.org
domain: xoilacxyr.tv
domain: malware.xoilacxyr.tv
domain: ktx.uk.com
domain: www.msn168.com.tw
domain: www.hwnp.org
domain: xn--ipw0kz64cfxg.jp.net
domain: gyu.uk.com
file: 176.205.207.214
hash: 4782
domain: metadopt.io
domain: gatewa1-wave.piculi5tep.in.net
domain: a.hellowowo.com
domain: xiyuenet.com
domain: iauhgubyag.ru
domain: mermeshar9.piculi5tep.in.net
domain: logintoaccount.site
domain: ertfu9pm.piculi5tep.in.net
domain: wasteturkey.xyz
domain: subtlemark.piculi5tep.in.net
domain: trilithum7.bell-extraterrit.in.net
url: http://62.60.226.159/xvzpjyddlu/getdata.php
domain: keldraon.bell-extraterrit.in.net
url: http://196.251.107.130/d3c530aa5a241a37405b.php
url: http://196.251.107.130/d7eaac0179104ced8bb4.php
domain: ly12yqh.bell-extraterrit.in.net
domain: alt-br4ve.bell-extraterrit.in.net
domain: genorne-watch.bell-extraterrit.in.net
domain: biom9-hinge.bell-extraterrit.in.net
domain: form4t4-mount.echi6under.in.net
file: 194.26.192.214
hash: 9851
domain: r1v3-route.echi6under.in.net
file: 66.63.170.73
hash: 1717
file: 159.65.195.229
hash: 25001
domain: stockridge.echi6under.in.net
file: 164.92.221.174
hash: 25001
file: 164.92.223.58
hash: 25001
file: 31.56.209.56
hash: 5900
domain: capi-recor.echi6under.in.net
url: https://www.cdnisotopes.com/
file: 209.38.98.242
hash: 25001
domain: 069exw.echi6under.in.net
file: 206.189.15.10
hash: 25001
file: 134.122.53.54
hash: 25001
domain: huvki.echi6under.in.net
file: 206.189.110.158
hash: 25001
domain: 3nx4gks.desola-tidle.in.net
domain: 03i6.desola-tidle.in.net
file: 64.227.72.46
hash: 25001
domain: me6z.desola-tidle.in.net
domain: ptwc.desola-tidle.in.net
domain: checkmis.desola-tidle.in.net
domain: mn4wr.desola-tidle.in.net
domain: crimso1-vector.intersp5uspect.in.net
domain: ibpo.intersp5uspect.in.net
domain: cleansensor.intersp5uspect.in.net
file: 192.227.167.9
hash: 45555
domain: serdrais8.intersp5uspect.in.net
domain: yjsmlbn.intersp5uspect.in.net
domain: sj.frp.one
domain: nkkexjp.intersp5uspect.in.net
domain: pipeli-line.over-tatake.in.net
domain: 00m0t0nd.paragonbloomera.digital
domain: t35t-cast.over-tatake.in.net
domain: 9o394zg7.paragonbloomera.digital
domain: fl9j7clo.borschokf2dd.digital
domain: 2zjyp0pj.borschokf2dd.digital
domain: frost-sync.over-tatake.in.net
domain: autumnlayer.over-tatake.in.net
domain: kelmark6a.over-tatake.in.net
domain: 9duu.over-tatake.in.net
file: 40.233.123.172
hash: 8848
domain: 3xte-array.morphinve8et.in.net
domain: vellineen7.morphinve8et.in.net
domain: observe-mesh.morphinve8et.in.net
domain: form4l-flow.morphinve8et.in.net
domain: triflux3ar.morphinve8et.in.net
domain: loacascad.morphinve8et.in.net
domain: 75gy.baptis-midwife.in.net
domain: zentide2en.baptis-midwife.in.net
domain: proto-reta1n.baptis-midwife.in.net
domain: 03dg.baptis-midwife.in.net
domain: 29223qf.baptis-midwife.in.net
domain: geo-fact0r.baptis-midwife.in.net
domain: ultra-rnerge.phoniche1lo.in.net
domain: threadtrusted.phoniche1lo.in.net
domain: grid6-layer.phoniche1lo.in.net
domain: d1malk.phoniche1lo.in.net
domain: 4kreqbfj.phoniche1lo.in.net
domain: gmzhuq.phoniche1lo.in.net
domain: mh4j.onepal-liat.in.net
domain: arkmesh2ex.onepal-liat.in.net
domain: shal6-stream.onepal-liat.in.net
domain: scanmodel.onepal-liat.in.net
domain: nordraex4.onepal-liat.in.net
url: http://o7labs.top/visual/skins/index.php
domain: basicmas.onepal-liat.in.net
domain: wceemv.oguzok7ye.in.net
domain: talspireis4.oguzok7ye.in.net
domain: smar-disc.oguzok7ye.in.net
domain: 704swp.oguzok7ye.in.net
domain: rgwr.sa.com
domain: opportification.jp.net
domain: rankingly.in.net
domain: infinitynyou.in.net
file: 185.213.155.231
hash: 7004
file: 31.56.209.14
hash: 8200
domain: 3ndp1-reach.oguzok7ye.in.net
domain: harpygt-58891.portmap.host
file: 65.109.68.113
hash: 4782
domain: haircutmenfrederickmd.com
domain: robotics.cn.com
domain: bj88jpn.com
domain: grn.uk.com
domain: edg3d.io
domain: 35prosnowmeprona.za.com
domain: 46asharp-reviews.ru.com
domain: xoilaczzzzb.tv
domain: malware.xoilaczzzzb.tv
domain: utopiamusic.com
domain: malware.utopiamusic.com
domain: dispercentern.us.org
domain: 7mcn.capital
domain: kobe-market.it.com
domain: easturban.oguzok7ye.in.net
domain: 5urv-pulse.multip-lway.in.net
domain: g0lden4-mark.multip-lway.in.net
file: 23.94.252.249
hash: 8990
domain: garde-rave.multip-lway.in.net
domain: hyper-pr1v.multip-lway.in.net
file: 193.161.193.99
hash: 38854
domain: caveazure.multip-lway.in.net
domain: softcamp.multip-lway.in.net
domain: sercrestar.chuv2shfile.in.net
domain: kawjhm.chuv2shfile.in.net
domain: p3ak-path.chuv2shfile.in.net
domain: vendorwhole.chuv2shfile.in.net
domain: fafitgz.chuv2shfile.in.net
domain: bv9fw.chuv2shfile.in.net
domain: psnwbo.ditch-obscene.in.net
domain: guafux.ditch-obscene.in.net
domain: alt-5ynta.ditch-obscene.in.net
domain: 3zpnkdk.ditch-obscene.in.net
domain: shif-well.ditch-obscene.in.net
domain: jzdq.ditch-obscene.in.net
domain: equitysail.inform2tunleaven.in.net
file: 158.160.75.185
hash: 40439
domain: dirmod.inform2tunleaven.in.net
domain: bhbl.inform2tunleaven.in.net
domain: kel-fluxis.inform2tunleaven.in.net
domain: ectenian0se.digital
url: https://ectenian0se.digital/script.sh
domain: popsiclestudent.digital
url: https://popsiclestudent.digital/script.sh
domain: commun1onsouf.digital
url: https://commun1onsouf.digital/script.sh
domain: scre-dust.inform2tunleaven.in.net
domain: free5tytokova.digital
url: https://free5tytokova.digital/script.sh
domain: sky1ine.digital
url: https://sky1ine.digital/script.sh
domain: resilientlimb.icu
url: https://resilientlimb.icu/script.sh
domain: fernoak.inform2tunleaven.in.net
domain: couponfir.kazan-saddle.in.net
file: 38.102.9.247
hash: 24048
domain: tyvp2rya.kazan-saddle.in.net
url: https://wsp.sequareeus.online/
url: https://wsp.biolinks.com.br/
url: https://qhl.sequareeus.online/
url: https://qhl.biolinks.com.br/
domain: qhl.sequareeus.online
domain: qhl.biolinks.com.br
domain: wsp.sequareeus.online
domain: wsp.biolinks.com.br
domain: stitch-spool.kazan-saddle.in.net
domain: nvgsw.kazan-saddle.in.net
domain: sxraqpxxbu8fx4rog2rq7a==
domain: zmxa.kazan-saddle.in.net
domain: neo-c0upon.kazan-saddle.in.net
domain: mon1-check.xelvarinox.in.net
domain: jvcwyjt1.latat-long.digital
domain: ef8qorio.latat-long.digital
domain: api2-route.xelvarinox.in.net
domain: node3-core.xelvarinox.in.net
domain: persaniusdimonica8.com
domain: pod4-sync.xelvarinox.in.net
file: 185.246.223.75
hash: 4040
domain: svc5-mesh.xelvarinox.in.net
domain: philadelphiajewelrystore.com
domain: mteaagent.com
domain: ligthagent.com
domain: orcaleagent.com
domain: gate6-hub.xelvarinox.in.net
domain: pacificcoast3pl.com
domain: bureai.com
domain: upscaleaquatics.com
domain: lnuaagent.com
domain: mastreagent.com
domain: eth1-link.pra6lixon.in.net
domain: thejacksonhouse.com
domain: vastcoins.com
domain: purchaseesim.com
domain: api2-push.pra6lixon.in.net
domain: oclemonlawyers.com
domain: hexesq.cyou
domain: navalc.cyou
domain: shootr.cyou
domain: pashtu.cyou
domain: tactip.cyou
domain: ionicj.cyou
domain: node3-soft.pra6lixon.in.net
domain: flocompsrep.com
domain: job4-task.pra6lixon.in.net
file: 56.24.55.66
hash: 8523
domain: mail.vapeauroz.com
domain: svc5-flow.pra6lixon.in.net
domain: gate6-main.pra6lixon.in.net
domain: box1-state.drumavex.in.net
domain: api2-call.drumavex.in.net
domain: node3-fast.drumavex.in.net
domain: db4-store.drumavex.in.net
domain: svc5-ready.drumavex.in.net
domain: gate6-zone.drumavex.in.net
domain: set1-init.vo2xeral.in.net
domain: api2-meta.vo2xeral.in.net
domain: node3-blob.vo2xeral.in.net
domain: git4-repo.vo2xeral.in.net
domain: svc5-info.vo2xeral.in.net
domain: gate6-way.vo2xeral.in.net
domain: log1-audit.krinaxon.in.net
domain: api2-test.krinaxon.in.net
domain: node3-join.krinaxon.in.net
domain: auth4-key.krinaxon.in.net
domain: svc5-site.krinaxon.in.net
domain: gate6-root.krinaxon.in.net

ThreatFox IOCs for 2026-04-13

Severity: medium

Type: malware

ThreatFox IOCs for 2026-04-13

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

url: https://www.technopole-pathologie.fr/
url: https://t9sg.livekeynextlearn.com/?2e45ae879df914afbb78c98
url: https://hmc0.pagebestzoneread.com/?a505ebecd8850a44ab
url: https://www.taylornicholas.com.au/
url: https://tbase.com.mx/
url: https://xfwv.livekeynextlearn.com/?eef16b82f9ee0b29d
url: https://theblkspectrum.com/
file: 149.12.67.112
hash: 445
file: 8.210.79.198
hash: 8443
domain: םv
file: 38.207.181.132
hash: 8084
url: http://179.43.176.109/login
url: https://www.chiropracteur-brignais.fr/
url: https://pdfdocumentsharing.com/
url: https://t4xx.nextzonelivebest.com/?1cf2a26a782f6324
domain: handleill.conferen-cesman.in.net
domain: 57vl6.conferen-cesman.in.net
domain: quorcore1a.conferen-cesman.in.net
domain: breezesto.conferen-cesman.in.net
domain: rnoon-wave.rebutrew0rk.in.net
domain: modul-scene.rebutrew0rk.in.net
domain: serlineet.rebutrew0rk.in.net
domain: es3tp.rebutrew0rk.in.net
domain: cvsbi.rebutrew0rk.in.net
domain: 87vq.rebutrew0rk.in.net
domain: talmarkum1.mucus-rafter.in.net
domain: norvale5on.mucus-rafter.in.net
domain: load9-mount.mucus-rafter.in.net
domain: mpjrpw.mucus-rafter.in.net
domain: orvfw4.mucus-rafter.in.net
domain: bandwiglade.mucus-rafter.in.net
domain: geo-st0ck.chandelh2lifa.in.net
domain: 8rnyx.chandelh2lifa.in.net
domain: nhspq.chandelh2lifa.in.net
domain: bold4-loop.chandelh2lifa.in.net
domain: gvxnzo.chandelh2lifa.in.net
domain: sterileric.chandelh2lifa.in.net
domain: listenercorte.danger-style.in.net
domain: hw62b.danger-style.in.net
domain: 5cqwuhoc.danger-style.in.net
domain: ydiftfl.danger-style.in.net
domain: 39mx.danger-style.in.net
domain: payloastag.danger-style.in.net
domain: akkcq5.insti1partition.in.net
domain: 3zowl.insti1partition.in.net
file: 45.128.119.160
hash: 9506
domain: iqwo0.insti1partition.in.net
domain: ultra-shall0w.insti1partition.in.net
domain: toos.insti1partition.in.net
domain: vapb64us.insti1partition.in.net
domain: assetrid.sanctua-ryunt.in.net
domain: 1707.sanctua-ryunt.in.net
domain: cryeast.sanctua-ryunt.in.net
domain: daernon-grid.sanctua-ryunt.in.net
domain: wolorch.sanctua-ryunt.in.net
domain: 15cqw.sanctua-ryunt.in.net
domain: vend0r-crest.xeltronix.in.net
domain: x79h.xeltronix.in.net
domain: c0ysh.pra7vexal.in.net
domain: nisjdefz.pra7vexal.in.net
domain: dv.yuxuanow.com
domain: meta-tru5.drumoxel.in.net
domain: dih0t.drumoxel.in.net
domain: wkodj.vo3xiran.in.net
domain: 71wxz.vo3xiran.in.net
domain: lumnexa.klinavor.in.net
domain: ygxq.klinavor.in.net
domain: pxedkzjn.zeq8morin.in.net
domain: deliver4-mesh.zeq8morin.in.net
file: 179.43.176.109
hash: 80
domain: vmkzuhhq.travixon.in.net
file: 213.111.189.20
hash: 1489
url: http://co944709.tw1.ru/l1nc0in.php
url: http://chsk.stayland.space/4d74e561.php
file: 64.81.30.234
hash: 1388
file: 192.238.133.6
hash: 1180
domain: www.newgracecorp.com
domain: www.newgracecorpbackup1.com
file: 87.242.106.13
hash: 64106
domain: www.newgracecorpbackup2.com
domain: www.newgracecorpbackup3.com
domain: www.greatnewcorp.com
domain: www.greatnewcorpbackup1.com
domain: www.greatnewcorpbackup2.com
domain: www.greatnewcorpbackup3.com
domain: tgamkj.sa.com
domain: capitalloans.in.net
domain: fdversusmutualfunds.in.net
domain: icreate.jp.net
domain: artx.in.net
domain: 7mcnx.in.net
domain: runwspoo.travixon.in.net
domain: csi.eu.com
domain: microxact.cn.com
domain: gdtrainer10.waizerfly.com
domain: dllhosts.dynu.net
file: 64.81.30.234
hash: 1399
domain: edpisblackbro-54955.portmap.host
domain: f0cu-logic.bry5laxon.in.net
domain: shape-harv.bry5laxon.in.net
domain: zennexis.norxevin.in.net
url: https://www.lohnabrechnungen.net/
domain: buffmargi.norxevin.in.net
domain: did8.qul2marox.in.net
domain: lywetogx.qul2marox.in.net
domain: scenfie.decembha1ifa.in.net
domain: localwild.glasso-greconstruct.in.net
domain: w0rk3-wave.habe7dpermanent.in.net
domain: claudeapp.gitlab.io
domain: claude-code-app.gitlab.io
domain: claude-app-new.gitlab.io
domain: bandwi-span.conferen-cesman.in.net
file: 47.243.22.39
hash: 65201
domain: rouge.haiwaibula0.top
file: 47.76.191.171
hash: 65201
domain: trilith0en.rebutrew0rk.in.net
domain: vivi3-watch.mucus-rafter.in.net
domain: flamemanifest.chandelh2lifa.in.net
url: https://telegram.me/oxffffw
url: https://steamcommunity.com/profiles/76561198714927440
url: https://pre.hifive.net.au/
url: https://pre.sequareeus.online/
url: https://brd.sequareeus.online/
url: https://brd.biolinks.com.br/
url: https://hoe.biolinks.com.br/
url: https://fuz.supportify360.io/
url: https://135.181.233.224/
url: https://74.0.48.89/
url: https://135.181.233.230/
url: https://185.56.45.251/
url: https://185.56.45.244/
url: https://74.0.48.98/
url: https://74.0.32.183/
url: https://74.0.42.99/
url: https://157.90.132.175/
domain: pre.hifive.net.au
domain: pre.sequareeus.online
domain: brd.sequareeus.online
domain: brd.biolinks.com.br
domain: hoe.biolinks.com.br
domain: fuz.supportify360.io
file: 136.243.203.97
hash: 443
file: 135.181.233.224
hash: 443
file: 136.243.116.58
hash: 443
file: 74.0.48.89
hash: 443
file: 135.181.233.230
hash: 443
file: 185.56.45.251
hash: 443
file: 185.56.45.244
hash: 443
file: 74.0.48.98
hash: 443
file: 74.0.32.183
hash: 443
file: 74.0.42.99
hash: 443
file: 157.90.132.175
hash: 443
domain: neo-r0ck.danger-style.in.net
domain: solspireum.insti1partition.in.net
domain: rende7-beam.sanctua-ryunt.in.net
file: 82.192.72.3
hash: 55615
file: 42.238.239.136
hash: 53481
file: 45.59.123.122
hash: 9000
domain: rende.sanctua-ryunt.in.net
file: 38.124.86.207
hash: 139
domain: defend.sanctua-ryunt.in.net
domain: tp3gkrx.cry7adiophone.in.net
url: http://176.65.144.60/psd8ezaw/index.php
domain: freightdat.cry7adiophone.in.net
url: https://www.heliflite.com/
domain: valeoptic.cry7adiophone.in.net
domain: sfayxss.cry7adiophone.in.net
domain: meta-trust3d.cry7adiophone.in.net
domain: nimbl-sheet.cry7adiophone.in.net
file: 43.254.218.245
hash: 443
file: 103.178.57.213
hash: 80
file: 103.106.190.248
hash: 443
domain: iwiax.personal-danger.in.net
domain: qu0t6-trail.personal-danger.in.net
domain: ljubanawaterburythody.com
domain: vp4psm.personal-danger.in.net
domain: 00zk7cis.personal-danger.in.net
file: 36.67.234.41
hash: 8080
domain: pars-packe.personal-danger.in.net
domain: mer-draex.personal-danger.in.net
domain: aliglagoo.babrevea1ing.in.net
domain: itsyou.blacksheeplookingugly.com
domain: cg892665.babrevea1ing.in.net
file: 176.65.144.60
hash: 80
domain: patterndelivery.babrevea1ing.in.net
domain: zenforgeix.babrevea1ing.in.net
domain: quormeshos3.babrevea1ing.in.net
domain: deliveryquant.babrevea1ing.in.net
url: http://176.65.144.60/psd8ezaw/login.php
domain: rnatr1-branch.attit-negligent.in.net
domain: royalvita.attit-negligent.in.net
domain: dhcy36nr.attit-negligent.in.net
domain: ynykxz.attit-negligent.in.net
domain: zzqm.attit-negligent.in.net
file: 130.12.182.175
hash: 429
file: 46.151.182.245
hash: 429
file: 31.57.216.28
hash: 429
file: 46.151.182.19
hash: 429
file: 130.12.180.119
hash: 429
file: 31.57.216.27
hash: 429
file: 204.76.203.162
hash: 429
domain: 5tud1-zone.attit-negligent.in.net
file: 45.155.250.126
hash: 443
file: 83.142.209.196
hash: 443
domain: swordfull.info
hash: b4a7989bbe6d62951b93a33515f6690dab161e226aaae820ee6d9b086836d433
hash: bd3997c44f1820eccc6574ee003bf5319b6a27d28e782937271c6ae190af024d
hash: 6f6ee4710884d7b9a6fe498ffe66d0833ccdaddc2a99dff529a42fce2ed32d50
domain: merluis-beta.pages.dev
domain: nimblcave.piculi5tep.in.net
url: https://www.dropbox.com/scl/fi/6sd0a0od839wwehcndldi/merluis-setup-2.0.0.exe
hash: 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
hash: 7ae34abfc96de00ded88118f432251d114e517ccacc4bfc18e56dd1eb6ded39f
hash: ced385f69e56db2f63bafade76c6285b4a2e058880f271d30deadc52459d419d
domain: merluis.pages.dev
file: 209.54.101.190
hash: 1122
domain: 94auswsb.piculi5tep.in.net
domain: rownip.dyndnss.net
domain: papito.hopto.org
domain: xoilacxyr.tv
domain: malware.xoilacxyr.tv
domain: ktx.uk.com
domain: www.msn168.com.tw
domain: www.hwnp.org
domain: xn--ipw0kz64cfxg.jp.net
domain: gyu.uk.com
file: 176.205.207.214
hash: 4782
domain: metadopt.io
domain: gatewa1-wave.piculi5tep.in.net
domain: a.hellowowo.com
domain: xiyuenet.com
domain: iauhgubyag.ru
domain: mermeshar9.piculi5tep.in.net
domain: logintoaccount.site
domain: ertfu9pm.piculi5tep.in.net
domain: wasteturkey.xyz
domain: subtlemark.piculi5tep.in.net
domain: trilithum7.bell-extraterrit.in.net
url: http://62.60.226.159/xvzpjyddlu/getdata.php
domain: keldraon.bell-extraterrit.in.net
url: http://196.251.107.130/d3c530aa5a241a37405b.php
url: http://196.251.107.130/d7eaac0179104ced8bb4.php
domain: ly12yqh.bell-extraterrit.in.net
domain: alt-br4ve.bell-extraterrit.in.net
domain: genorne-watch.bell-extraterrit.in.net
domain: biom9-hinge.bell-extraterrit.in.net
domain: form4t4-mount.echi6under.in.net
file: 194.26.192.214
hash: 9851
domain: r1v3-route.echi6under.in.net
file: 66.63.170.73
hash: 1717
file: 159.65.195.229
hash: 25001
domain: stockridge.echi6under.in.net
file: 164.92.221.174
hash: 25001
file: 164.92.223.58
hash: 25001
file: 31.56.209.56
hash: 5900
domain: capi-recor.echi6under.in.net
url: https://www.cdnisotopes.com/
file: 209.38.98.242
hash: 25001
domain: 069exw.echi6under.in.net
file: 206.189.15.10
hash: 25001
file: 134.122.53.54
hash: 25001
domain: huvki.echi6under.in.net
file: 206.189.110.158
hash: 25001
domain: 3nx4gks.desola-tidle.in.net
domain: 03i6.desola-tidle.in.net
file: 64.227.72.46
hash: 25001
domain: me6z.desola-tidle.in.net
domain: ptwc.desola-tidle.in.net
domain: checkmis.desola-tidle.in.net
domain: mn4wr.desola-tidle.in.net
domain: crimso1-vector.intersp5uspect.in.net
domain: ibpo.intersp5uspect.in.net
domain: cleansensor.intersp5uspect.in.net
file: 192.227.167.9
hash: 45555
domain: serdrais8.intersp5uspect.in.net
domain: yjsmlbn.intersp5uspect.in.net
domain: sj.frp.one
domain: nkkexjp.intersp5uspect.in.net
domain: pipeli-line.over-tatake.in.net
domain: 00m0t0nd.paragonbloomera.digital
domain: t35t-cast.over-tatake.in.net
domain: 9o394zg7.paragonbloomera.digital
domain: fl9j7clo.borschokf2dd.digital
domain: 2zjyp0pj.borschokf2dd.digital
domain: frost-sync.over-tatake.in.net
domain: autumnlayer.over-tatake.in.net
domain: kelmark6a.over-tatake.in.net
domain: 9duu.over-tatake.in.net
file: 40.233.123.172
hash: 8848
domain: 3xte-array.morphinve8et.in.net
domain: vellineen7.morphinve8et.in.net
domain: observe-mesh.morphinve8et.in.net
domain: form4l-flow.morphinve8et.in.net
domain: triflux3ar.morphinve8et.in.net
domain: loacascad.morphinve8et.in.net
domain: 75gy.baptis-midwife.in.net
domain: zentide2en.baptis-midwife.in.net
domain: proto-reta1n.baptis-midwife.in.net
domain: 03dg.baptis-midwife.in.net
domain: 29223qf.baptis-midwife.in.net
domain: geo-fact0r.baptis-midwife.in.net
domain: ultra-rnerge.phoniche1lo.in.net
domain: threadtrusted.phoniche1lo.in.net
domain: grid6-layer.phoniche1lo.in.net
domain: d1malk.phoniche1lo.in.net
domain: 4kreqbfj.phoniche1lo.in.net
domain: gmzhuq.phoniche1lo.in.net
domain: mh4j.onepal-liat.in.net
domain: arkmesh2ex.onepal-liat.in.net
domain: shal6-stream.onepal-liat.in.net
domain: scanmodel.onepal-liat.in.net
domain: nordraex4.onepal-liat.in.net
url: http://o7labs.top/visual/skins/index.php
domain: basicmas.onepal-liat.in.net
domain: wceemv.oguzok7ye.in.net
domain: talspireis4.oguzok7ye.in.net
domain: smar-disc.oguzok7ye.in.net
domain: 704swp.oguzok7ye.in.net
domain: rgwr.sa.com
domain: opportification.jp.net
domain: rankingly.in.net
domain: infinitynyou.in.net
file: 185.213.155.231
hash: 7004
file: 31.56.209.14
hash: 8200
domain: 3ndp1-reach.oguzok7ye.in.net
domain: harpygt-58891.portmap.host
file: 65.109.68.113
hash: 4782
domain: haircutmenfrederickmd.com
domain: robotics.cn.com
domain: bj88jpn.com
domain: grn.uk.com
domain: edg3d.io
domain: 35prosnowmeprona.za.com
domain: 46asharp-reviews.ru.com
domain: xoilaczzzzb.tv
domain: malware.xoilaczzzzb.tv
domain: utopiamusic.com
domain: malware.utopiamusic.com
domain: dispercentern.us.org
domain: 7mcn.capital
domain: kobe-market.it.com
domain: easturban.oguzok7ye.in.net
domain: 5urv-pulse.multip-lway.in.net
domain: g0lden4-mark.multip-lway.in.net
file: 23.94.252.249
hash: 8990
domain: garde-rave.multip-lway.in.net
domain: hyper-pr1v.multip-lway.in.net
file: 193.161.193.99
hash: 38854
domain: caveazure.multip-lway.in.net
domain: softcamp.multip-lway.in.net
domain: sercrestar.chuv2shfile.in.net
domain: kawjhm.chuv2shfile.in.net
domain: p3ak-path.chuv2shfile.in.net
domain: vendorwhole.chuv2shfile.in.net
domain: fafitgz.chuv2shfile.in.net
domain: bv9fw.chuv2shfile.in.net
domain: psnwbo.ditch-obscene.in.net
domain: guafux.ditch-obscene.in.net
domain: alt-5ynta.ditch-obscene.in.net
domain: 3zpnkdk.ditch-obscene.in.net
domain: shif-well.ditch-obscene.in.net
domain: jzdq.ditch-obscene.in.net
domain: equitysail.inform2tunleaven.in.net
file: 158.160.75.185
hash: 40439
domain: dirmod.inform2tunleaven.in.net
domain: bhbl.inform2tunleaven.in.net
domain: kel-fluxis.inform2tunleaven.in.net
domain: ectenian0se.digital
url: https://ectenian0se.digital/script.sh
domain: popsiclestudent.digital
url: https://popsiclestudent.digital/script.sh
domain: commun1onsouf.digital
url: https://commun1onsouf.digital/script.sh
domain: scre-dust.inform2tunleaven.in.net
domain: free5tytokova.digital
url: https://free5tytokova.digital/script.sh
domain: sky1ine.digital
url: https://sky1ine.digital/script.sh
domain: resilientlimb.icu
url: https://resilientlimb.icu/script.sh
domain: fernoak.inform2tunleaven.in.net
domain: couponfir.kazan-saddle.in.net
file: 38.102.9.247
hash: 24048
domain: tyvp2rya.kazan-saddle.in.net
url: https://wsp.sequareeus.online/
url: https://wsp.biolinks.com.br/
url: https://qhl.sequareeus.online/
url: https://qhl.biolinks.com.br/
domain: qhl.sequareeus.online
domain: qhl.biolinks.com.br
domain: wsp.sequareeus.online
domain: wsp.biolinks.com.br
domain: stitch-spool.kazan-saddle.in.net
domain: nvgsw.kazan-saddle.in.net
domain: sxraqpxxbu8fx4rog2rq7a==
domain: zmxa.kazan-saddle.in.net
domain: neo-c0upon.kazan-saddle.in.net
domain: mon1-check.xelvarinox.in.net
domain: jvcwyjt1.latat-long.digital
domain: ef8qorio.latat-long.digital
domain: api2-route.xelvarinox.in.net
domain: node3-core.xelvarinox.in.net
domain: persaniusdimonica8.com
domain: pod4-sync.xelvarinox.in.net
file: 185.246.223.75
hash: 4040
domain: svc5-mesh.xelvarinox.in.net
domain: philadelphiajewelrystore.com
domain: mteaagent.com
domain: ligthagent.com
domain: orcaleagent.com
domain: gate6-hub.xelvarinox.in.net
domain: pacificcoast3pl.com
domain: bureai.com
domain: upscaleaquatics.com
domain: lnuaagent.com
domain: mastreagent.com
domain: eth1-link.pra6lixon.in.net
domain: thejacksonhouse.com
domain: vastcoins.com
domain: purchaseesim.com
domain: api2-push.pra6lixon.in.net
domain: oclemonlawyers.com
domain: hexesq.cyou
domain: navalc.cyou
domain: shootr.cyou
domain: pashtu.cyou
domain: tactip.cyou
domain: ionicj.cyou
domain: node3-soft.pra6lixon.in.net
domain: flocompsrep.com
domain: job4-task.pra6lixon.in.net
file: 56.24.55.66
hash: 8523
domain: mail.vapeauroz.com
domain: svc5-flow.pra6lixon.in.net
domain: gate6-main.pra6lixon.in.net
domain: box1-state.drumavex.in.net
domain: api2-call.drumavex.in.net
domain: node3-fast.drumavex.in.net
domain: db4-store.drumavex.in.net
domain: svc5-ready.drumavex.in.net
domain: gate6-zone.drumavex.in.net
domain: set1-init.vo2xeral.in.net
domain: api2-meta.vo2xeral.in.net
domain: node3-blob.vo2xeral.in.net
domain: git4-repo.vo2xeral.in.net
domain: svc5-info.vo2xeral.in.net
domain: gate6-way.vo2xeral.in.net
domain: log1-audit.krinaxon.in.net
domain: api2-test.krinaxon.in.net
domain: node3-join.krinaxon.in.net
domain: auth4-key.krinaxon.in.net
domain: svc5-site.krinaxon.in.net
domain: gate6-root.krinaxon.in.net

Source: ThreatFox MISP Feed

Published: Mon Apr 13 2026

ThreatFox IOCs for 2026-04-13

Medium

Malwaretype:osint tlp:white

Published: Mon Apr 13 2026 (04/13/2026, 00:00:00 UTC)

Source: ThreatFox MISP Feed

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2026-04-13

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 04/14/2026, 00:17:09 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: c5275193-0cad-453e-854c-cea6e0e2df62
Original Timestamp: 1776124987

Indicators of Compromise

Url

Value	Description	Copy
urlhttps://www.technopole-pathologie.fr/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://t9sg.livekeynextlearn.com/?2e45ae879df914afbb78c98	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://hmc0.pagebestzoneread.com/?a505ebecd8850a44ab	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://www.taylornicholas.com.au/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://tbase.com.mx/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://xfwv.livekeynextlearn.com/?eef16b82f9ee0b29d	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://theblkspectrum.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttp://179.43.176.109/login	Unknown malware botnet C2 (confidence level: 100%)
urlhttps://www.chiropracteur-brignais.fr/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://pdfdocumentsharing.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://t4xx.nextzonelivebest.com/?1cf2a26a782f6324	Unknown malware payload delivery URL (confidence level: 90%)
urlhttp://co944709.tw1.ru/l1nc0in.php	DCRat botnet C2 (confidence level: 100%)
urlhttp://chsk.stayland.space/4d74e561.php	DCRat botnet C2 (confidence level: 100%)
urlhttps://www.lohnabrechnungen.net/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://telegram.me/oxffffw	Vidar botnet C2 (confidence level: 100%)
urlhttps://steamcommunity.com/profiles/76561198714927440	Vidar botnet C2 (confidence level: 100%)
urlhttps://pre.hifive.net.au/	Vidar botnet C2 (confidence level: 100%)
urlhttps://pre.sequareeus.online/	Vidar botnet C2 (confidence level: 100%)
urlhttps://brd.sequareeus.online/	Vidar botnet C2 (confidence level: 100%)
urlhttps://brd.biolinks.com.br/	Vidar botnet C2 (confidence level: 100%)
urlhttps://hoe.biolinks.com.br/	Vidar botnet C2 (confidence level: 100%)
urlhttps://fuz.supportify360.io/	Vidar botnet C2 (confidence level: 100%)
urlhttps://135.181.233.224/	Vidar botnet C2 (confidence level: 100%)
urlhttps://74.0.48.89/	Vidar botnet C2 (confidence level: 100%)
urlhttps://135.181.233.230/	Vidar botnet C2 (confidence level: 100%)
urlhttps://185.56.45.251/	Vidar botnet C2 (confidence level: 100%)
urlhttps://185.56.45.244/	Vidar botnet C2 (confidence level: 100%)
urlhttps://74.0.48.98/	Vidar botnet C2 (confidence level: 100%)
urlhttps://74.0.32.183/	Vidar botnet C2 (confidence level: 100%)
urlhttps://74.0.42.99/	Vidar botnet C2 (confidence level: 100%)
urlhttps://157.90.132.175/	Vidar botnet C2 (confidence level: 100%)
urlhttp://176.65.144.60/psd8ezaw/index.php	Amadey botnet C2 (confidence level: 100%)
urlhttps://www.heliflite.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttp://176.65.144.60/psd8ezaw/login.php	Amadey botnet C2 (confidence level: 100%)
urlhttps://www.dropbox.com/scl/fi/6sd0a0od839wwehcndldi/merluis-setup-2.0.0.exe	Unknown RAT payload delivery URL (confidence level: 75%)
urlhttp://62.60.226.159/xvzpjyddlu/getdata.php	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://196.251.107.130/d3c530aa5a241a37405b.php	Stealc botnet C2 (confidence level: 100%)
urlhttp://196.251.107.130/d7eaac0179104ced8bb4.php	Stealc botnet C2 (confidence level: 100%)
urlhttps://www.cdnisotopes.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttp://o7labs.top/visual/skins/index.php	Amadey botnet C2 (confidence level: 100%)
urlhttps://ectenian0se.digital/script.sh	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://popsiclestudent.digital/script.sh	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://commun1onsouf.digital/script.sh	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://free5tytokova.digital/script.sh	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://sky1ine.digital/script.sh	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://resilientlimb.icu/script.sh	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://wsp.sequareeus.online/	Vidar botnet C2 (confidence level: 100%)
urlhttps://wsp.biolinks.com.br/	Vidar botnet C2 (confidence level: 100%)
urlhttps://qhl.sequareeus.online/	Vidar botnet C2 (confidence level: 100%)
urlhttps://qhl.biolinks.com.br/	Vidar botnet C2 (confidence level: 100%)

File

Value	Description	Copy
file149.12.67.112	Xtreme RAT botnet C2 server (confidence level: 100%)
file8.210.79.198	GobRAT botnet C2 server (confidence level: 100%)
file38.207.181.132	Unknown malware botnet C2 server (confidence level: 100%)
file45.128.119.160	Mirai botnet C2 server (confidence level: 80%)
file179.43.176.109	ShellClient RAT botnet C2 server (confidence level: 50%)
file213.111.189.20	NjRAT botnet C2 server (confidence level: 100%)
file64.81.30.234	ValleyRAT botnet C2 server (confidence level: 100%)
file192.238.133.6	ValleyRAT botnet C2 server (confidence level: 100%)
file87.242.106.13	RatonRAT botnet C2 server (confidence level: 100%)
file64.81.30.234	ValleyRAT botnet C2 server (confidence level: 100%)
file47.243.22.39	ValleyRAT botnet C2 server (confidence level: 100%)
file47.76.191.171	ValleyRAT botnet C2 server (confidence level: 75%)
file136.243.203.97	Vidar botnet C2 server (confidence level: 100%)
file135.181.233.224	Vidar botnet C2 server (confidence level: 100%)
file136.243.116.58	Vidar botnet C2 server (confidence level: 100%)
file74.0.48.89	Vidar botnet C2 server (confidence level: 100%)
file135.181.233.230	Vidar botnet C2 server (confidence level: 100%)
file185.56.45.251	Vidar botnet C2 server (confidence level: 100%)
file185.56.45.244	Vidar botnet C2 server (confidence level: 100%)
file74.0.48.98	Vidar botnet C2 server (confidence level: 100%)
file74.0.32.183	Vidar botnet C2 server (confidence level: 100%)
file74.0.42.99	Vidar botnet C2 server (confidence level: 100%)
file157.90.132.175	Vidar botnet C2 server (confidence level: 100%)
file82.192.72.3	RedLine Stealer botnet C2 server (confidence level: 100%)
file42.238.239.136	Mozi botnet C2 server (confidence level: 100%)
file45.59.123.122	SectopRAT botnet C2 server (confidence level: 100%)
file38.124.86.207	Xtreme RAT botnet C2 server (confidence level: 100%)
file43.254.218.245	Cobalt Strike botnet C2 server (confidence level: 100%)
file103.178.57.213	Cobalt Strike botnet C2 server (confidence level: 100%)
file103.106.190.248	Cobalt Strike botnet C2 server (confidence level: 100%)
file36.67.234.41	Chaos botnet C2 server (confidence level: 100%)
file176.65.144.60	Amadey botnet C2 server (confidence level: 50%)
file130.12.182.175	Tofsee botnet C2 server (confidence level: 75%)
file46.151.182.245	Tofsee botnet C2 server (confidence level: 75%)
file31.57.216.28	Tofsee botnet C2 server (confidence level: 75%)
file46.151.182.19	Tofsee botnet C2 server (confidence level: 75%)
file130.12.180.119	Tofsee botnet C2 server (confidence level: 75%)
file31.57.216.27	Tofsee botnet C2 server (confidence level: 75%)
file204.76.203.162	Tofsee botnet C2 server (confidence level: 75%)
file45.155.250.126	Socks5 Systemz botnet C2 server (confidence level: 75%)
file83.142.209.196	Socks5 Systemz botnet C2 server (confidence level: 75%)
file209.54.101.190	XWorm botnet C2 server (confidence level: 100%)
file176.205.207.214	Quasar RAT botnet C2 server (confidence level: 100%)
file194.26.192.214	Remcos botnet C2 server (confidence level: 75%)
file66.63.170.73	Remcos botnet C2 server (confidence level: 75%)
file159.65.195.229	Kimwolf botnet C2 server (confidence level: 100%)
file164.92.221.174	Kimwolf botnet C2 server (confidence level: 100%)
file164.92.223.58	Kimwolf botnet C2 server (confidence level: 100%)
file31.56.209.56	XWorm botnet C2 server (confidence level: 75%)
file209.38.98.242	Kimwolf botnet C2 server (confidence level: 100%)
file206.189.15.10	Kimwolf botnet C2 server (confidence level: 100%)
file134.122.53.54	Kimwolf botnet C2 server (confidence level: 100%)
file206.189.110.158	Kimwolf botnet C2 server (confidence level: 100%)
file64.227.72.46	Kimwolf botnet C2 server (confidence level: 100%)
file192.227.167.9	ValleyRAT botnet C2 server (confidence level: 100%)
file40.233.123.172	RatonRAT botnet C2 server (confidence level: 100%)
file185.213.155.231	XWorm botnet C2 server (confidence level: 100%)
file31.56.209.14	XWorm botnet C2 server (confidence level: 100%)
file65.109.68.113	Quasar RAT botnet C2 server (confidence level: 100%)
file23.94.252.249	Quasar RAT botnet C2 server (confidence level: 75%)
file193.161.193.99	RatonRAT botnet C2 server (confidence level: 100%)
file158.160.75.185	RatonRAT botnet C2 server (confidence level: 100%)
file38.102.9.247	Remcos botnet C2 server (confidence level: 100%)
file185.246.223.75	Unknown Stealer botnet C2 server (confidence level: 100%)
file56.24.55.66	AdaptixC2 botnet C2 server (confidence level: 100%)

Hash

Value	Description	Copy
hash445	Xtreme RAT botnet C2 server (confidence level: 100%)
hash8443	GobRAT botnet C2 server (confidence level: 100%)
hash8084	Unknown malware botnet C2 server (confidence level: 100%)
hash9506	Mirai botnet C2 server (confidence level: 80%)
hash80	ShellClient RAT botnet C2 server (confidence level: 50%)
hash1489	NjRAT botnet C2 server (confidence level: 100%)
hash1388	ValleyRAT botnet C2 server (confidence level: 100%)
hash1180	ValleyRAT botnet C2 server (confidence level: 100%)
hash64106	RatonRAT botnet C2 server (confidence level: 100%)
hash1399	ValleyRAT botnet C2 server (confidence level: 100%)
hash65201	ValleyRAT botnet C2 server (confidence level: 100%)
hash65201	ValleyRAT botnet C2 server (confidence level: 75%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash55615	RedLine Stealer botnet C2 server (confidence level: 100%)
hash53481	Mozi botnet C2 server (confidence level: 100%)
hash9000	SectopRAT botnet C2 server (confidence level: 100%)
hash139	Xtreme RAT botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080	Chaos botnet C2 server (confidence level: 100%)
hash80	Amadey botnet C2 server (confidence level: 50%)
hash429	Tofsee botnet C2 server (confidence level: 75%)
hash429	Tofsee botnet C2 server (confidence level: 75%)
hash429	Tofsee botnet C2 server (confidence level: 75%)
hash429	Tofsee botnet C2 server (confidence level: 75%)
hash429	Tofsee botnet C2 server (confidence level: 75%)
hash429	Tofsee botnet C2 server (confidence level: 75%)
hash429	Tofsee botnet C2 server (confidence level: 75%)
hash443	Socks5 Systemz botnet C2 server (confidence level: 75%)
hash443	Socks5 Systemz botnet C2 server (confidence level: 75%)
hashb4a7989bbe6d62951b93a33515f6690dab161e226aaae820ee6d9b086836d433	Unknown RAT payload (confidence level: 75%)
hashbd3997c44f1820eccc6574ee003bf5319b6a27d28e782937271c6ae190af024d	Unknown RAT payload (confidence level: 75%)
hash6f6ee4710884d7b9a6fe498ffe66d0833ccdaddc2a99dff529a42fce2ed32d50	Unknown RAT payload (confidence level: 75%)
hash9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37	Unknown RAT payload (confidence level: 75%)
hash7ae34abfc96de00ded88118f432251d114e517ccacc4bfc18e56dd1eb6ded39f	Unknown RAT payload (confidence level: 75%)
hashced385f69e56db2f63bafade76c6285b4a2e058880f271d30deadc52459d419d	Unknown RAT payload (confidence level: 75%)
hash1122	XWorm botnet C2 server (confidence level: 100%)
hash4782	Quasar RAT botnet C2 server (confidence level: 100%)
hash9851	Remcos botnet C2 server (confidence level: 75%)
hash1717	Remcos botnet C2 server (confidence level: 75%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash5900	XWorm botnet C2 server (confidence level: 75%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash45555	ValleyRAT botnet C2 server (confidence level: 100%)
hash8848	RatonRAT botnet C2 server (confidence level: 100%)
hash7004	XWorm botnet C2 server (confidence level: 100%)
hash8200	XWorm botnet C2 server (confidence level: 100%)
hash4782	Quasar RAT botnet C2 server (confidence level: 100%)
hash8990	Quasar RAT botnet C2 server (confidence level: 75%)
hash38854	RatonRAT botnet C2 server (confidence level: 100%)
hash40439	RatonRAT botnet C2 server (confidence level: 100%)
hash24048	Remcos botnet C2 server (confidence level: 100%)
hash4040	Unknown Stealer botnet C2 server (confidence level: 100%)
hash8523	AdaptixC2 botnet C2 server (confidence level: 100%)

Domain

Value	Description	Copy
domainםv	ClearFake payload delivery domain (confidence level: 100%)
domainhandleill.conferen-cesman.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain57vl6.conferen-cesman.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainquorcore1a.conferen-cesman.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbreezesto.conferen-cesman.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainrnoon-wave.rebutrew0rk.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainmodul-scene.rebutrew0rk.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainserlineet.rebutrew0rk.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaines3tp.rebutrew0rk.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincvsbi.rebutrew0rk.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain87vq.rebutrew0rk.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaintalmarkum1.mucus-rafter.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainnorvale5on.mucus-rafter.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainload9-mount.mucus-rafter.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainmpjrpw.mucus-rafter.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainorvfw4.mucus-rafter.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbandwiglade.mucus-rafter.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaingeo-st0ck.chandelh2lifa.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain8rnyx.chandelh2lifa.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainnhspq.chandelh2lifa.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbold4-loop.chandelh2lifa.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaingvxnzo.chandelh2lifa.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsterileric.chandelh2lifa.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainlistenercorte.danger-style.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainhw62b.danger-style.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain5cqwuhoc.danger-style.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainydiftfl.danger-style.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain39mx.danger-style.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainpayloastag.danger-style.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainakkcq5.insti1partition.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain3zowl.insti1partition.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainiqwo0.insti1partition.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainultra-shall0w.insti1partition.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaintoos.insti1partition.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainvapb64us.insti1partition.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainassetrid.sanctua-ryunt.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain1707.sanctua-ryunt.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincryeast.sanctua-ryunt.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindaernon-grid.sanctua-ryunt.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainwolorch.sanctua-ryunt.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain15cqw.sanctua-ryunt.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainvend0r-crest.xeltronix.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainx79h.xeltronix.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainc0ysh.pra7vexal.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainnisjdefz.pra7vexal.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindv.yuxuanow.com	ValleyRAT botnet C2 domain (confidence level: 75%)
domainmeta-tru5.drumoxel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindih0t.drumoxel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainwkodj.vo3xiran.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain71wxz.vo3xiran.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainlumnexa.klinavor.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainygxq.klinavor.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainpxedkzjn.zeq8morin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindeliver4-mesh.zeq8morin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainvmkzuhhq.travixon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainwww.newgracecorp.com	Remcos botnet C2 domain (confidence level: 100%)
domainwww.newgracecorpbackup1.com	Remcos botnet C2 domain (confidence level: 100%)
domainwww.newgracecorpbackup2.com	Remcos botnet C2 domain (confidence level: 100%)
domainwww.newgracecorpbackup3.com	Remcos botnet C2 domain (confidence level: 100%)
domainwww.greatnewcorp.com	Remcos botnet C2 domain (confidence level: 100%)
domainwww.greatnewcorpbackup1.com	Remcos botnet C2 domain (confidence level: 100%)
domainwww.greatnewcorpbackup2.com	Remcos botnet C2 domain (confidence level: 100%)
domainwww.greatnewcorpbackup3.com	Remcos botnet C2 domain (confidence level: 100%)
domaintgamkj.sa.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domaincapitalloans.in.net	Quasar RAT botnet C2 domain (confidence level: 100%)
domainfdversusmutualfunds.in.net	Quasar RAT botnet C2 domain (confidence level: 100%)
domainicreate.jp.net	Quasar RAT botnet C2 domain (confidence level: 100%)
domainartx.in.net	Quasar RAT botnet C2 domain (confidence level: 100%)
domain7mcnx.in.net	Quasar RAT botnet C2 domain (confidence level: 100%)
domainrunwspoo.travixon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincsi.eu.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainmicroxact.cn.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domaingdtrainer10.waizerfly.com	NjRAT botnet C2 domain (confidence level: 100%)
domaindllhosts.dynu.net	NjRAT botnet C2 domain (confidence level: 100%)
domainedpisblackbro-54955.portmap.host	SpyNote botnet C2 domain (confidence level: 100%)
domainf0cu-logic.bry5laxon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainshape-harv.bry5laxon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainzennexis.norxevin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbuffmargi.norxevin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindid8.qul2marox.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainlywetogx.qul2marox.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainscenfie.decembha1ifa.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainlocalwild.glasso-greconstruct.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainw0rk3-wave.habe7dpermanent.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainclaudeapp.gitlab.io	ClearFake payload delivery domain (confidence level: 100%)
domainclaude-code-app.gitlab.io	ClearFake payload delivery domain (confidence level: 100%)
domainclaude-app-new.gitlab.io	ClearFake payload delivery domain (confidence level: 100%)
domainbandwi-span.conferen-cesman.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainrouge.haiwaibula0.top	ValleyRAT botnet C2 domain (confidence level: 75%)
domaintrilith0en.rebutrew0rk.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainvivi3-watch.mucus-rafter.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainflamemanifest.chandelh2lifa.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainpre.hifive.net.au	Vidar botnet C2 domain (confidence level: 100%)
domainpre.sequareeus.online	Vidar botnet C2 domain (confidence level: 100%)
domainbrd.sequareeus.online	Vidar botnet C2 domain (confidence level: 100%)
domainbrd.biolinks.com.br	Vidar botnet C2 domain (confidence level: 100%)
domainhoe.biolinks.com.br	Vidar botnet C2 domain (confidence level: 100%)
domainfuz.supportify360.io	Vidar botnet C2 domain (confidence level: 100%)
domainneo-r0ck.danger-style.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsolspireum.insti1partition.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainrende7-beam.sanctua-ryunt.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainrende.sanctua-ryunt.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindefend.sanctua-ryunt.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaintp3gkrx.cry7adiophone.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainfreightdat.cry7adiophone.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainvaleoptic.cry7adiophone.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsfayxss.cry7adiophone.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainmeta-trust3d.cry7adiophone.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainnimbl-sheet.cry7adiophone.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainiwiax.personal-danger.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainqu0t6-trail.personal-danger.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainljubanawaterburythody.com	DeerStealer botnet C2 domain (confidence level: 100%)
domainvp4psm.personal-danger.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain00zk7cis.personal-danger.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainpars-packe.personal-danger.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainmer-draex.personal-danger.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainaliglagoo.babrevea1ing.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainitsyou.blacksheeplookingugly.com	Remcos botnet C2 domain (confidence level: 75%)
domaincg892665.babrevea1ing.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainpatterndelivery.babrevea1ing.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainzenforgeix.babrevea1ing.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainquormeshos3.babrevea1ing.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindeliveryquant.babrevea1ing.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainrnatr1-branch.attit-negligent.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainroyalvita.attit-negligent.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindhcy36nr.attit-negligent.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainynykxz.attit-negligent.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainzzqm.attit-negligent.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain5tud1-zone.attit-negligent.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainswordfull.info	Unknown RAT botnet C2 domain (confidence level: 75%)
domainmerluis-beta.pages.dev	Unknown RAT payload delivery domain (confidence level: 75%)
domainnimblcave.piculi5tep.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainmerluis.pages.dev	Unknown RAT payload delivery domain (confidence level: 75%)
domain94auswsb.piculi5tep.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainrownip.dyndnss.net	Remcos botnet C2 domain (confidence level: 100%)
domainpapito.hopto.org	Remcos botnet C2 domain (confidence level: 100%)
domainxoilacxyr.tv	Quasar RAT botnet C2 domain (confidence level: 100%)
domainmalware.xoilacxyr.tv	Quasar RAT botnet C2 domain (confidence level: 100%)
domainktx.uk.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainwww.msn168.com.tw	Quasar RAT botnet C2 domain (confidence level: 100%)
domainwww.hwnp.org	Quasar RAT botnet C2 domain (confidence level: 100%)
domainxn--ipw0kz64cfxg.jp.net	Quasar RAT botnet C2 domain (confidence level: 100%)
domaingyu.uk.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainmetadopt.io	Quasar RAT botnet C2 domain (confidence level: 100%)
domaingatewa1-wave.piculi5tep.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaina.hellowowo.com	ValleyRAT botnet C2 domain (confidence level: 100%)
domainxiyuenet.com	ValleyRAT botnet C2 domain (confidence level: 100%)
domainiauhgubyag.ru	SantaStealer botnet C2 domain (confidence level: 100%)
domainmermeshar9.piculi5tep.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainlogintoaccount.site	Cobalt Strike botnet C2 domain (confidence level: 100%)
domainertfu9pm.piculi5tep.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainwasteturkey.xyz	Unknown Loader botnet C2 domain (confidence level: 100%)
domainsubtlemark.piculi5tep.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaintrilithum7.bell-extraterrit.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainkeldraon.bell-extraterrit.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainly12yqh.bell-extraterrit.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainalt-br4ve.bell-extraterrit.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaingenorne-watch.bell-extraterrit.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbiom9-hinge.bell-extraterrit.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainform4t4-mount.echi6under.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainr1v3-route.echi6under.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainstockridge.echi6under.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincapi-recor.echi6under.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain069exw.echi6under.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainhuvki.echi6under.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain3nx4gks.desola-tidle.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain03i6.desola-tidle.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainme6z.desola-tidle.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainptwc.desola-tidle.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincheckmis.desola-tidle.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainmn4wr.desola-tidle.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincrimso1-vector.intersp5uspect.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainibpo.intersp5uspect.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincleansensor.intersp5uspect.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainserdrais8.intersp5uspect.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainyjsmlbn.intersp5uspect.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsj.frp.one	ValleyRAT botnet C2 domain (confidence level: 75%)
domainnkkexjp.intersp5uspect.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainpipeli-line.over-tatake.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain00m0t0nd.paragonbloomera.digital	ClearFake payload delivery domain (confidence level: 100%)
domaint35t-cast.over-tatake.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain9o394zg7.paragonbloomera.digital	ClearFake payload delivery domain (confidence level: 100%)
domainfl9j7clo.borschokf2dd.digital	ClearFake payload delivery domain (confidence level: 100%)
domain2zjyp0pj.borschokf2dd.digital	ClearFake payload delivery domain (confidence level: 100%)
domainfrost-sync.over-tatake.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainautumnlayer.over-tatake.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainkelmark6a.over-tatake.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain9duu.over-tatake.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain3xte-array.morphinve8et.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainvellineen7.morphinve8et.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainobserve-mesh.morphinve8et.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainform4l-flow.morphinve8et.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaintriflux3ar.morphinve8et.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainloacascad.morphinve8et.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain75gy.baptis-midwife.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainzentide2en.baptis-midwife.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainproto-reta1n.baptis-midwife.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain03dg.baptis-midwife.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain29223qf.baptis-midwife.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaingeo-fact0r.baptis-midwife.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainultra-rnerge.phoniche1lo.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainthreadtrusted.phoniche1lo.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaingrid6-layer.phoniche1lo.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaind1malk.phoniche1lo.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain4kreqbfj.phoniche1lo.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaingmzhuq.phoniche1lo.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainmh4j.onepal-liat.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainarkmesh2ex.onepal-liat.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainshal6-stream.onepal-liat.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainscanmodel.onepal-liat.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainnordraex4.onepal-liat.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbasicmas.onepal-liat.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainwceemv.oguzok7ye.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaintalspireis4.oguzok7ye.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsmar-disc.oguzok7ye.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain704swp.oguzok7ye.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainrgwr.sa.com	XWorm botnet C2 domain (confidence level: 100%)
domainopportification.jp.net	XWorm botnet C2 domain (confidence level: 100%)
domainrankingly.in.net	XWorm botnet C2 domain (confidence level: 100%)
domaininfinitynyou.in.net	XWorm botnet C2 domain (confidence level: 100%)
domain3ndp1-reach.oguzok7ye.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainharpygt-58891.portmap.host	Quasar RAT botnet C2 domain (confidence level: 100%)
domainhaircutmenfrederickmd.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainrobotics.cn.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainbj88jpn.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domaingrn.uk.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainedg3d.io	Quasar RAT botnet C2 domain (confidence level: 100%)
domain35prosnowmeprona.za.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domain46asharp-reviews.ru.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainxoilaczzzzb.tv	Quasar RAT botnet C2 domain (confidence level: 100%)
domainmalware.xoilaczzzzb.tv	Quasar RAT botnet C2 domain (confidence level: 100%)
domainutopiamusic.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainmalware.utopiamusic.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domaindispercentern.us.org	Quasar RAT botnet C2 domain (confidence level: 100%)
domain7mcn.capital	Quasar RAT botnet C2 domain (confidence level: 100%)
domainkobe-market.it.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domaineasturban.oguzok7ye.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain5urv-pulse.multip-lway.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaing0lden4-mark.multip-lway.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaingarde-rave.multip-lway.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainhyper-pr1v.multip-lway.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincaveazure.multip-lway.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsoftcamp.multip-lway.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsercrestar.chuv2shfile.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainkawjhm.chuv2shfile.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainp3ak-path.chuv2shfile.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainvendorwhole.chuv2shfile.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainfafitgz.chuv2shfile.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbv9fw.chuv2shfile.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainpsnwbo.ditch-obscene.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainguafux.ditch-obscene.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainalt-5ynta.ditch-obscene.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain3zpnkdk.ditch-obscene.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainshif-well.ditch-obscene.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainjzdq.ditch-obscene.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainequitysail.inform2tunleaven.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindirmod.inform2tunleaven.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbhbl.inform2tunleaven.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainkel-fluxis.inform2tunleaven.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainectenian0se.digital	Unknown malware payload delivery domain (confidence level: 100%)
domainpopsiclestudent.digital	Unknown malware payload delivery domain (confidence level: 100%)
domaincommun1onsouf.digital	Unknown malware payload delivery domain (confidence level: 100%)
domainscre-dust.inform2tunleaven.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainfree5tytokova.digital	Unknown malware payload delivery domain (confidence level: 100%)
domainsky1ine.digital	Unknown malware payload delivery domain (confidence level: 100%)
domainresilientlimb.icu	Unknown malware payload delivery domain (confidence level: 100%)
domainfernoak.inform2tunleaven.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincouponfir.kazan-saddle.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaintyvp2rya.kazan-saddle.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainqhl.sequareeus.online	Vidar botnet C2 domain (confidence level: 100%)
domainqhl.biolinks.com.br	Vidar botnet C2 domain (confidence level: 100%)
domainwsp.sequareeus.online	Vidar botnet C2 domain (confidence level: 100%)
domainwsp.biolinks.com.br	Vidar botnet C2 domain (confidence level: 100%)
domainstitch-spool.kazan-saddle.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainnvgsw.kazan-saddle.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsxraqpxxbu8fx4rog2rq7a==	XWorm botnet C2 domain (confidence level: 75%)
domainzmxa.kazan-saddle.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainneo-c0upon.kazan-saddle.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainmon1-check.xelvarinox.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainjvcwyjt1.latat-long.digital	ClearFake payload delivery domain (confidence level: 100%)
domainef8qorio.latat-long.digital	ClearFake payload delivery domain (confidence level: 100%)
domainapi2-route.xelvarinox.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainnode3-core.xelvarinox.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainpersaniusdimonica8.com	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainpod4-sync.xelvarinox.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsvc5-mesh.xelvarinox.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainphiladelphiajewelrystore.com	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainmteaagent.com	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainligthagent.com	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainorcaleagent.com	Unknown Stealer botnet C2 domain (confidence level: 100%)
domaingate6-hub.xelvarinox.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainpacificcoast3pl.com	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainbureai.com	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainupscaleaquatics.com	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainlnuaagent.com	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainmastreagent.com	Unknown Stealer botnet C2 domain (confidence level: 100%)
domaineth1-link.pra6lixon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainthejacksonhouse.com	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainvastcoins.com	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainpurchaseesim.com	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainapi2-push.pra6lixon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainoclemonlawyers.com	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainhexesq.cyou	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainnavalc.cyou	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainshootr.cyou	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainpashtu.cyou	Lumma Stealer botnet C2 domain (confidence level: 100%)
domaintactip.cyou	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainionicj.cyou	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainnode3-soft.pra6lixon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainflocompsrep.com	AdaptixC2 botnet C2 domain (confidence level: 100%)
domainjob4-task.pra6lixon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainmail.vapeauroz.com	AdaptixC2 botnet C2 domain (confidence level: 100%)
domainsvc5-flow.pra6lixon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaingate6-main.pra6lixon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbox1-state.drumavex.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainapi2-call.drumavex.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainnode3-fast.drumavex.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindb4-store.drumavex.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsvc5-ready.drumavex.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaingate6-zone.drumavex.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainset1-init.vo2xeral.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainapi2-meta.vo2xeral.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainnode3-blob.vo2xeral.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaingit4-repo.vo2xeral.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsvc5-info.vo2xeral.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaingate6-way.vo2xeral.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainlog1-audit.krinaxon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainapi2-test.krinaxon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainnode3-join.krinaxon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainauth4-key.krinaxon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsvc5-site.krinaxon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaingate6-root.krinaxon.in.net	ClearFake payload delivery domain (confidence level: 100%)

Threat ID: 69dd876a82d89c981f91c0fa

Added to database: 4/14/2026, 12:16:42 AM

Last enriched: 4/14/2026, 12:17:09 AM

Last updated: 4/14/2026, 8:01:27 AM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited

View courses

ThreatFox IOCs for 2026-04-13

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

ThreatFox IOCs for 2026-04-13

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Technical Details

Indicators of Compromise

Url

File

Hash

Domain

Community Reviews

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility

ThreatFox IOCs for 2026-04-13

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

ThreatFox IOCs for 2026-04-13

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Technical Details

Indicators of Compromise

Url

File

Hash

Domain

Community Reviews

Related Threats

Polymarket Trader Funds at Risk: DPRK npm Package Steals Wallet Keys and Installs SSH Backdoor

Fake recruiter campaign targets crypto developers with RAT

Maltrail IOC for 2026-04-13

REFUNDEE: Inside a Shadow Panel Phishing-as-a-Service Operation

Tracking an OtterCookie Infostealer Campaign Across npm

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility