Reconnecting to live updates…

ThreatFox IOCs for 2026-04-24

Severity: mediumType: malware

AI Analysis

Technical Summary

The data represents a set of malware-related IOCs published by ThreatFox on 2026-04-24, intended for open-source intelligence (OSINT) use. It focuses on payload delivery and network activity associated with malware threats. There are no specific vulnerable software versions or exploits documented, and no patch or remediation is applicable. The threat level and analysis scores are low to moderate, with distribution rated higher, indicating some spread or sharing of these IOCs within the community.

Potential Impact

Since this is a collection of threat intelligence indicators rather than a direct vulnerability or exploit, there is no direct impact on software or systems. The information aids defenders in identifying and mitigating potential malware infections by recognizing related network or payload activity patterns.

Mitigation Recommendations

No patch or direct remediation is applicable. Security teams should integrate these IOCs into their detection and monitoring tools to enhance threat visibility. No urgent action is required beyond standard threat intelligence consumption and operational security practices.

Indicators of Compromise

domain: use-claude.com
url: https://use-claude.com/install.ps1
domain: cpanel.eastcoast-wealth.com
domain: carrolc.com
domain: cwrtwright.com
file: 45.61.136.30
hash: 443
hash: fb3630822b70bacb56aa4cec29b5a0e3e9acb3920809e70310a4003385a6d34a
hash: 6316e735a026e0421e4ee274e36594bb510afbf8798e767f6a082d827b5082a0
hash: 59e3c4cb06331b4f2d78a9a0592f3747e573bd01c5a7650c26361d1e25520712
file: 176.65.148.212
hash: 38241
domain: 176.65.148.212.ptr.pfcloud.network
file: 104.248.200.241
hash: 25001
file: 167.172.34.157
hash: 25001
file: 165.232.91.237
hash: 25001
file: 45.61.186.36
hash: 8001
file: 154.9.237.158
hash: 8888
domain: afejoed.cyou
domain: analipr.cyou
domain: brorgma.cyou
domain: coneogz.cyou
domain: driplin.cyou
domain: famiszp.cyou
domain: elgccyx.cyou
domain: genuoei.cyou
domain: leypuuq.cyou
domain: obnusho.cyou
domain: plitofa.cyou
domain: thuqxer.cyou
domain: tramoqj.cyou
domain: vidtihe.cyou
domain: jugbphm.click
domain: longmbx.click
domain: decrnoj.club
domain: tangmwp.club
domain: strikql.shop
domain: ulmudhw.shop
url: https://dhnsdns.beer/api/index.php
url: https://dhnsdns.beer/api/7z.exe
file: 178.16.52.101
hash: 443
hash: b25dedf5906840ddb19f96c27fae06abb08872b4b931466cc63ac1e9436b1270
file: 45.131.108.107
hash: 1302
url: http://206.82.6.110:8888/supershell/login/
file: 206.82.6.110
hash: 8888
file: 45.135.193.118
hash: 1995
domain: fast-zeit-3.ma8nemezzan.in.net
domain: noir-7.ma8nemezzan.in.net
domain: bachiller.uct.cl
url: https://awgwindowcleaning.com/
url: https://dominion.pk/
domain: bleu-land-1v.ma8nemezzan.in.net
domain: holz-5.ma8nemezzan.in.net
domain: dark-star-9k.ma8nemezzan.in.net
domain: vert-2.ma8nemezzan.in.net
domain: soft-4z.accustom-unrecog.in.net
domain: rouge-3.accustom-unrecog.in.net
domain: one.gayenk.site
domain: dummy-tf-test-dummy-2t4navcd.example
domain: dummy-tf-test-dummy-rfnsp2ni.example
domain: kalt-berg-6.accustom-unrecog.in.net
domain: baum-w1.accustom-unrecog.in.net
url: https://claude-desktop.gitlab.io/dev/
domain: open-petit-8.accustom-unrecog.in.net
domain: wind-5.accustom-unrecog.in.net
domain: gold-mond-2m.there5econd.in.net
domain: haus-9.there5econd.in.net
domain: apgmja.pk
domain: cold-fire-4.there5econd.in.net
domain: apmotopart.com
domain: noir-3x.there5econd.in.net
domain: app.esinfinitamentereciclable.com
domain: wald-petit-7.there5econd.in.net
domain: appraisal.ge
domain: fast-1.there5econd.in.net
domain: bleu-holz-5c.after-coordinat.in.net
domain: zeit-8.after-coordinat.in.net
domain: dark-land-3.after-coordinat.in.net
domain: berg-4k.after-coordinat.in.net
domain: rouge-star-1.after-coordinat.in.net
domain: www.jejaringsumsel.com
domain: open-6.after-coordinat.in.net
domain: iron-9v.melting-torrent.in.net
file: 8.148.70.23
hash: 13903
domain: vert-2.melting-torrent.in.net
domain: petit-wind-5.melting-torrent.in.net
domain: gold-4m.melting-torrent.in.net
domain: kalt-mond-8.melting-torrent.in.net
domain: haus-1.melting-torrent.in.net
domain: noir-zeit-3s.godn2strich.in.net
domain: fast-9.godn2strich.in.net
domain: atmconstruct.com
domain: holz-baum-4.godn2strich.in.net
domain: bleu-2x.godn2strich.in.net
domain: dark-open-5.godn2strich.in.net
domain: auto-shopping.l0gik.com.br
file: 223.26.62.116
hash: 7880
domain: land-1.godn2strich.in.net
domain: cold-9q.geor8eharvest.in.net
domain: vert-4.geor8eharvest.in.net
domain: soft-wald-2.geor8eharvest.in.net
domain: rouge-7v.geor8eharvest.in.net
domain: petit-berg-1.geor8eharvest.in.net
domain: haus-5.geor8eharvest.in.net
domain: blue-holz-8.jazz-password.in.net
domain: zeit-4k.jazz-password.in.net
domain: dark-star-6.jazz-password.in.net
domain: fast-3v.jazz-password.in.net
domain: noir-land-5.jazz-password.in.net
domain: gold-2.jazz-password.in.net
domain: wind-3p.dometo1ochy.in.net
domain: bleu-7.dometo1ochy.in.net
domain: open-haus-4.dometo1ochy.in.net
domain: kalt-9.dometo1ochy.in.net
domain: petit-mond-1.dometo1ochy.in.net
domain: berg-5x.dometo1ochy.in.net
file: 103.227.176.9
hash: 4782
file: 104.21.31.21
hash: 4782
file: 104.21.31.21
hash: 64
file: 172.67.174.168
hash: 4782
file: 172.67.174.168
hash: 64
file: 188.114.96.3
hash: 4782
file: 188.114.97.3
hash: 4782
domain: iron-zeit-8.inject-mitroph.in.net
domain: rouge-4.inject-mitroph.in.net
domain: wald-baum-6w.inject-mitroph.in.net
domain: clang-outrag.digital
url: https://clang-outrag.digital/script.sh
domain: soft-1.inject-mitroph.in.net
domain: noir-land-3.inject-mitroph.in.net
domain: fast-7k.inject-mitroph.in.net
domain: document-share-id382929992933.sisregcel.com
url: https://www.document-share-id382929992933.sisregcel.com
url: http://172.94.9.44/2.txt
url: http://172.94.9.44/1.txt
domain: sku4jn.1zoravel.in.net
url: http://172.94.9.44/build.exe
url: http://172.94.9.44/build2.exe
domain: my-googlemeeting.com
url: https://my-googlemeeting.com/microsoft-store.html
domain: p1a5-watch.1zoravel.in.net
url: https://my-googlemeeting.com/download.php
domain: livemeetgooogle.com
url: https://livemeetgooogle.com/microsoft-store.html
url: https://livemeetgooogle.com/metro/download.php
domain: balcg.1zoravel.in.net
domain: mymeetinggoogle.com
url: https://mymeetinggoogle.com/microsoft-store.html
url: https://mymeetinggoogle.com/download.php
domain: mymeetingtoday.com
url: https://mymeetingtoday.com/microsoft-store.html
domain: www.wildnor.com
url: https://mymeetingtoday.com/download.php
domain: alt-f1eet.1zoravel.in.net
domain: c4st-layer.1zoravel.in.net
domain: azure-sharp.1zoravel.in.net
url: https://185.56.45.50/
url: https://178.104.213.40/
url: https://185.56.45.79/
url: https://178.105.3.9/
url: https://178.105.15.180/
file: 185.56.45.50
hash: 443
file: 178.104.213.40
hash: 443
file: 185.56.45.79
hash: 443
file: 178.105.3.9
hash: 443
file: 178.105.15.180
hash: 443
domain: ark-forgeon.ra6ximel.in.net
domain: sunauth.ra6ximel.in.net
domain: velcrestar5.ra6ximel.in.net
domain: b4nd-signal.ra6ximel.in.net
domain: jakej.ra6ximel.in.net
file: 141.98.10.115
hash: 1430
domain: 5pru4-mark.ra6ximel.in.net
domain: adapt1-line.sylov4en.in.net
domain: lgjov.sylov4en.in.net
domain: bosquedocerrado.com.br
domain: hublistener.sylov4en.in.net
domain: bsblink.com.br
domain: clucrawl.sylov4en.in.net
domain: measu8-drive.sylov4en.in.net
domain: bursaforum.net
domain: cloudfront-021.s3.us-west-2.amazonaws.com
domain: domainaudit.checkmarx.cx
domain: audit.checkmarx.cx
file: 45.192.219.152
hash: 443
file: 31.56.209.78
hash: 443
file: 141.11.197.63
hash: 9000
domain: triggerdispatch.sylov4en.in.net
file: 149.12.67.156
hash: 6379
domain: business.adalinki.com
file: 195.201.253.58
hash: 443
file: 171.249.228.186
hash: 5001
domain: cl52qlla.to9varil.in.net
domain: bydrealestate.com.au
domain: processlis.to9varil.in.net
domain: p4rse-forge.to9varil.in.net
domain: camscocare.co.uk
domain: canhkinhvietnhatshome.com
domain: qc3zfzu.to9varil.in.net
domain: cario.gr
domain: jsonapi.biz
domain: jsonserv.biz
domain: jsonserv.xyz
url: https://api.github.com/search/commits?q=longlivetheresistanceagainstmachines
url: https://audit.checkmarx.cx/v1/telemetry
url: https://api.github.com/search/commits?q=beautifulcastle
domain: rs9y.to9varil.in.net
file: 192.238.184.153
hash: 557
domain: carrascotransportesymas.com
domain: vinecarg.to9varil.in.net
domain: carritech.dfk-ms.info
file: 188.137.242.69
hash: 9000
file: 192.238.184.153
hash: 558
domain: mossbra.kymle2rax.in.net
domain: casadasaguas.ufes.br
domain: rjhmik2i.kymle2rax.in.net
domain: cats-gion-kyoto.com
domain: lw92.kymle2rax.in.net
domain: dynforgeal.kymle2rax.in.net
domain: igix.kymle2rax.in.net
domain: ajvo1s.po7vaxel.in.net
domain: jch52q.po7vaxel.in.net
domain: tricoreos5.po7vaxel.in.net
domain: loadermin.wi3sorin.in.net
domain: st80et3.wi3sorin.in.net
domain: talspireos.wi3sorin.in.net
domain: planodeescala.com.br
domain: ku193bt.wi3sorin.in.net
domain: fallbasic.wi3sorin.in.net
domain: pastusout.wi3sorin.in.net
domain: d34l-node.po7vaxel.in.net
domain: pixobs.po7vaxel.in.net
domain: docyl.po7vaxel.in.net
domain: meta-b4rk.9zorexal.in.net
domain: geo-1atti.9zorexal.in.net
domain: conferencia.misau.gov.mz
domain: cascad5-cache.9zorexal.in.net
domain: scriptruntime.9zorexal.in.net
domain: hmhfs.9zorexal.in.net
domain: ultra-g0ld.9zorexal.in.net
domain: ungljmv.qi4mavel.in.net
domain: shipdat.qi4mavel.in.net
file: 193.161.193.99
hash: 59315
domain: vellith4en.qi4mavel.in.net
domain: otter0-array.qi4mavel.in.net
domain: electrum.gr.com
file: 130.12.181.93
hash: 3000
domain: nzsrghd.qi4mavel.in.net
domain: reed-pla.qi4mavel.in.net
domain: ihsk.de8xamel.in.net
domain: talnex4on.de8xamel.in.net
domain: nhmud1dx.de8xamel.in.net
domain: c0ol6-field.de8xamel.in.net
domain: 33prnco.de8xamel.in.net
domain: hkez.de8xamel.in.net
domain: anciesto.boa7dswim.in.net
domain: broad4-grid.boa7dswim.in.net
domain: emroz.boa7dswim.in.net
domain: fleequot.boa7dswim.in.net
domain: ten5or-point.boa7dswim.in.net
domain: pthq.boa7dswim.in.net
domain: sandboxrev.blockad-creak.in.net
domain: courwind.blockad-creak.in.net
url: https://wilconetworks.net/demo/wp-content/plugins/responsive-countdown/lib/tls/
url: https://office-lexware.org/de/
url: https://office-lexware.org/de/download.php
domain: bis.dutraloc.com.br
url: https://bis.dutraloc.com.br/
domain: bis.flise-mesteren.dk
url: https://bis.flise-mesteren.dk/
file: 193.138.195.187
hash: 8443
domain: grmj9oyb.blockad-creak.in.net
domain: profit-guide.blockad-creak.in.net
domain: zenfluxum.blockad-creak.in.net
domain: lummarkar5.blockad-creak.in.net
domain: catalogue2020.artissima.it
domain: rrdfp.extrav5achkovit.in.net
domain: kelmeshos7.extrav5achkovit.in.net
file: 203.202.232.132
hash: 2828
domain: supplyalpha.extrav5achkovit.in.net
domain: images.california-wealth.com
domain: geo-byt3.extrav5achkovit.in.net
domain: gv6cwq.extrav5achkovit.in.net
domain: netw0r4-panel.extrav5achkovit.in.net
url: http://cf396743.tw1.ru/l1nc0in.php
domain: partnertra.foam-take.in.net
url: https://hegmaen.com/file.js
domain: hegmaen.com
url: https://hegmaen.com/t
url: https://hegmaen.com/g
url: https://hegmaen.com/c
url: https://86hg23aljj9.com/d
domain: 86hg23aljj9.com
domain: sol-coreis.foam-take.in.net
domain: newproject-newworld.info
file: 193.202.84.17
hash: 443
file: 89.46.237.138
hash: 443
url: http://msnf.us.com/simpletokncar
url: http://msnf.us.com/userid48236957
domain: msnf.us.com
domain: silent-harvester.cc
domain: valleymount.foam-take.in.net
domain: falconshift.foam-take.in.net
domain: innercoupon.foam-take.in.net
domain: arkvale6os.foam-take.in.net
url: https://cmfilms.it/
url: https://lavie-spa.com/
url: https://psy.dutraloc.com.br/
domain: psy.dutraloc.com.br
url: https://psy.flise-mesteren.dk/
domain: psy.flise-mesteren.dk
domain: tonecalm.clo5etterebeat.in.net
domain: dev.eumeca.ro
domain: labelparc.clo5etterebeat.in.net
domain: dev.guildfaith.ro
domain: dev.tech360group.com
domain: 3df7.clo5etterebeat.in.net
domain: dev.www.mas10.ar
domain: denseink.clo5etterebeat.in.net
domain: zenvale2on.clo5etterebeat.in.net
domain: moraltin.clo5etterebeat.in.net
domain: draftroya.acquisit-batper.in.net
domain: directionchurchtx.dioramtech.com
domain: sipzix.acquisit-batper.in.net
domain: directiontraining.com.au
domain: f0rrn4-logic.acquisit-batper.in.net
url: https://cuttingedgeslicers.com/
url: https://smashclubburgers.com/
domain: dkmtravels.com
domain: tracfiel.acquisit-batper.in.net
domain: doctoracristinachacon.com
domain: 8cq295yx.acquisit-batper.in.net
domain: beautylizz.com.br
domain: meta-irnpor.acquisit-batper.in.net
domain: dominguezyasociados.com
domain: switoken.drumf1esh.in.net
domain: urbanscarle.drumf1esh.in.net
file: 193.161.193.99
hash: 53890
domain: memofreigh.drumf1esh.in.net
domain: downtownladentalcare.yoursmarthost.net
domain: secu-line.drumf1esh.in.net
domain: duandep.vn
domain: duocphamhd.com
domain: easysoundhealing.com
domain: gu1de-signal.drumf1esh.in.net
url: https://mundialpostos.com.br/
url: https://soareintl.com/
url: https://pliage.ru/
domain: eau-services.org
domain: p82lmc.drumf1esh.in.net
domain: edyunay.com
domain: dynamo.it.com
domain: wttppq.uk.com
domain: arkdraos4.histori-pneumonia.in.net
file: 185.225.17.132
hash: 1717
domain: hiddqueue.histori-pneumonia.in.net
domain: musglcb.pitifrube1la.in.net
domain: talfluxor3.pitifrube1la.in.net
domain: jzojka.pitifrube1la.in.net
domain: english-studies.net
domain: 51lent-route.pitifrube1la.in.net
domain: pine2-branch.arapnik-nosog.in.net
url: http://cj597826.tw1.ru/l1nc0in.php
domain: p4rt3-lab.arapnik-nosog.in.net
domain: va11dat-spark.arapnik-nosog.in.net
domain: zeit-2k.limbe7revolut.in.net
domain: rouge-mond-7.limbe7revolut.in.net
domain: fast-5.limbe7revolut.in.net
domain: gold-wald-1v.limbe7revolut.in.net
domain: open-land-3x.presidium-spike.in.net
domain: vert-9.presidium-spike.in.net
domain: kalt-2c.presidium-spike.in.net
domain: soft-4.presidium-spike.in.net
domain: blue-mond-1m.dua1ismmatron.in.net
domain: haus-7.dua1ismmatron.in.net
domain: iron-star-3.dua1ismmatron.in.net
domain: zeit-land-8v.dua1ismmatron.in.net
domain: fast-2.dua1ismmatron.in.net
domain: gold-fire-9w.fixt-turbine.in.net
domain: soft-6.fixt-turbine.in.net
url: https://amphibgz.cyou
domain: petit-wald-7k.fixt-turbine.in.net
domain: open-1.fixt-turbine.in.net
domain: noir-land-5s.ales1ine.in.net
domain: impactunified.com
domain: info.usdatacorporation.com
domain: kalt-4.ales1ine.in.net
domain: blue-star-2m.ales1ine.in.net
domain: iptvb1g.com
domain: iron-mond-7x.archit-physiol.in.net
domain: italianmedtranslations.com
domain: jademountains.net
domain: bleu-1.archit-physiol.in.net
domain: juelsminde-tennisklub.dk
file: 192.169.69.25
hash: 3852
domain: jovilodge.com
domain: kampoenghijau.com
domain: keeninfocomm.com
domain: dark-star-3v.slanikt7ay.in.net
domain: keliahealthcare.co.uk
domain: khalsacarbazar.com
domain: petit-land-1.slanikt7ay.in.net
domain: klik7tv.co.id

ThreatFox IOCs for 2026-04-24

Severity: medium

Type: malware

ThreatFox IOCs for 2026-04-24

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

domain: use-claude.com
url: https://use-claude.com/install.ps1
domain: cpanel.eastcoast-wealth.com
domain: carrolc.com
domain: cwrtwright.com
file: 45.61.136.30
hash: 443
hash: fb3630822b70bacb56aa4cec29b5a0e3e9acb3920809e70310a4003385a6d34a
hash: 6316e735a026e0421e4ee274e36594bb510afbf8798e767f6a082d827b5082a0
hash: 59e3c4cb06331b4f2d78a9a0592f3747e573bd01c5a7650c26361d1e25520712
file: 176.65.148.212
hash: 38241
domain: 176.65.148.212.ptr.pfcloud.network
file: 104.248.200.241
hash: 25001
file: 167.172.34.157
hash: 25001
file: 165.232.91.237
hash: 25001
file: 45.61.186.36
hash: 8001
file: 154.9.237.158
hash: 8888
domain: afejoed.cyou
domain: analipr.cyou
domain: brorgma.cyou
domain: coneogz.cyou
domain: driplin.cyou
domain: famiszp.cyou
domain: elgccyx.cyou
domain: genuoei.cyou
domain: leypuuq.cyou
domain: obnusho.cyou
domain: plitofa.cyou
domain: thuqxer.cyou
domain: tramoqj.cyou
domain: vidtihe.cyou
domain: jugbphm.click
domain: longmbx.click
domain: decrnoj.club
domain: tangmwp.club
domain: strikql.shop
domain: ulmudhw.shop
url: https://dhnsdns.beer/api/index.php
url: https://dhnsdns.beer/api/7z.exe
file: 178.16.52.101
hash: 443
hash: b25dedf5906840ddb19f96c27fae06abb08872b4b931466cc63ac1e9436b1270
file: 45.131.108.107
hash: 1302
url: http://206.82.6.110:8888/supershell/login/
file: 206.82.6.110
hash: 8888
file: 45.135.193.118
hash: 1995
domain: fast-zeit-3.ma8nemezzan.in.net
domain: noir-7.ma8nemezzan.in.net
domain: bachiller.uct.cl
url: https://awgwindowcleaning.com/
url: https://dominion.pk/
domain: bleu-land-1v.ma8nemezzan.in.net
domain: holz-5.ma8nemezzan.in.net
domain: dark-star-9k.ma8nemezzan.in.net
domain: vert-2.ma8nemezzan.in.net
domain: soft-4z.accustom-unrecog.in.net
domain: rouge-3.accustom-unrecog.in.net
domain: one.gayenk.site
domain: dummy-tf-test-dummy-2t4navcd.example
domain: dummy-tf-test-dummy-rfnsp2ni.example
domain: kalt-berg-6.accustom-unrecog.in.net
domain: baum-w1.accustom-unrecog.in.net
url: https://claude-desktop.gitlab.io/dev/
domain: open-petit-8.accustom-unrecog.in.net
domain: wind-5.accustom-unrecog.in.net
domain: gold-mond-2m.there5econd.in.net
domain: haus-9.there5econd.in.net
domain: apgmja.pk
domain: cold-fire-4.there5econd.in.net
domain: apmotopart.com
domain: noir-3x.there5econd.in.net
domain: app.esinfinitamentereciclable.com
domain: wald-petit-7.there5econd.in.net
domain: appraisal.ge
domain: fast-1.there5econd.in.net
domain: bleu-holz-5c.after-coordinat.in.net
domain: zeit-8.after-coordinat.in.net
domain: dark-land-3.after-coordinat.in.net
domain: berg-4k.after-coordinat.in.net
domain: rouge-star-1.after-coordinat.in.net
domain: www.jejaringsumsel.com
domain: open-6.after-coordinat.in.net
domain: iron-9v.melting-torrent.in.net
file: 8.148.70.23
hash: 13903
domain: vert-2.melting-torrent.in.net
domain: petit-wind-5.melting-torrent.in.net
domain: gold-4m.melting-torrent.in.net
domain: kalt-mond-8.melting-torrent.in.net
domain: haus-1.melting-torrent.in.net
domain: noir-zeit-3s.godn2strich.in.net
domain: fast-9.godn2strich.in.net
domain: atmconstruct.com
domain: holz-baum-4.godn2strich.in.net
domain: bleu-2x.godn2strich.in.net
domain: dark-open-5.godn2strich.in.net
domain: auto-shopping.l0gik.com.br
file: 223.26.62.116
hash: 7880
domain: land-1.godn2strich.in.net
domain: cold-9q.geor8eharvest.in.net
domain: vert-4.geor8eharvest.in.net
domain: soft-wald-2.geor8eharvest.in.net
domain: rouge-7v.geor8eharvest.in.net
domain: petit-berg-1.geor8eharvest.in.net
domain: haus-5.geor8eharvest.in.net
domain: blue-holz-8.jazz-password.in.net
domain: zeit-4k.jazz-password.in.net
domain: dark-star-6.jazz-password.in.net
domain: fast-3v.jazz-password.in.net
domain: noir-land-5.jazz-password.in.net
domain: gold-2.jazz-password.in.net
domain: wind-3p.dometo1ochy.in.net
domain: bleu-7.dometo1ochy.in.net
domain: open-haus-4.dometo1ochy.in.net
domain: kalt-9.dometo1ochy.in.net
domain: petit-mond-1.dometo1ochy.in.net
domain: berg-5x.dometo1ochy.in.net
file: 103.227.176.9
hash: 4782
file: 104.21.31.21
hash: 4782
file: 104.21.31.21
hash: 64
file: 172.67.174.168
hash: 4782
file: 172.67.174.168
hash: 64
file: 188.114.96.3
hash: 4782
file: 188.114.97.3
hash: 4782
domain: iron-zeit-8.inject-mitroph.in.net
domain: rouge-4.inject-mitroph.in.net
domain: wald-baum-6w.inject-mitroph.in.net
domain: clang-outrag.digital
url: https://clang-outrag.digital/script.sh
domain: soft-1.inject-mitroph.in.net
domain: noir-land-3.inject-mitroph.in.net
domain: fast-7k.inject-mitroph.in.net
domain: document-share-id382929992933.sisregcel.com
url: https://www.document-share-id382929992933.sisregcel.com
url: http://172.94.9.44/2.txt
url: http://172.94.9.44/1.txt
domain: sku4jn.1zoravel.in.net
url: http://172.94.9.44/build.exe
url: http://172.94.9.44/build2.exe
domain: my-googlemeeting.com
url: https://my-googlemeeting.com/microsoft-store.html
domain: p1a5-watch.1zoravel.in.net
url: https://my-googlemeeting.com/download.php
domain: livemeetgooogle.com
url: https://livemeetgooogle.com/microsoft-store.html
url: https://livemeetgooogle.com/metro/download.php
domain: balcg.1zoravel.in.net
domain: mymeetinggoogle.com
url: https://mymeetinggoogle.com/microsoft-store.html
url: https://mymeetinggoogle.com/download.php
domain: mymeetingtoday.com
url: https://mymeetingtoday.com/microsoft-store.html
domain: www.wildnor.com
url: https://mymeetingtoday.com/download.php
domain: alt-f1eet.1zoravel.in.net
domain: c4st-layer.1zoravel.in.net
domain: azure-sharp.1zoravel.in.net
url: https://185.56.45.50/
url: https://178.104.213.40/
url: https://185.56.45.79/
url: https://178.105.3.9/
url: https://178.105.15.180/
file: 185.56.45.50
hash: 443
file: 178.104.213.40
hash: 443
file: 185.56.45.79
hash: 443
file: 178.105.3.9
hash: 443
file: 178.105.15.180
hash: 443
domain: ark-forgeon.ra6ximel.in.net
domain: sunauth.ra6ximel.in.net
domain: velcrestar5.ra6ximel.in.net
domain: b4nd-signal.ra6ximel.in.net
domain: jakej.ra6ximel.in.net
file: 141.98.10.115
hash: 1430
domain: 5pru4-mark.ra6ximel.in.net
domain: adapt1-line.sylov4en.in.net
domain: lgjov.sylov4en.in.net
domain: bosquedocerrado.com.br
domain: hublistener.sylov4en.in.net
domain: bsblink.com.br
domain: clucrawl.sylov4en.in.net
domain: measu8-drive.sylov4en.in.net
domain: bursaforum.net
domain: cloudfront-021.s3.us-west-2.amazonaws.com
domain: domainaudit.checkmarx.cx
domain: audit.checkmarx.cx
file: 45.192.219.152
hash: 443
file: 31.56.209.78
hash: 443
file: 141.11.197.63
hash: 9000
domain: triggerdispatch.sylov4en.in.net
file: 149.12.67.156
hash: 6379
domain: business.adalinki.com
file: 195.201.253.58
hash: 443
file: 171.249.228.186
hash: 5001
domain: cl52qlla.to9varil.in.net
domain: bydrealestate.com.au
domain: processlis.to9varil.in.net
domain: p4rse-forge.to9varil.in.net
domain: camscocare.co.uk
domain: canhkinhvietnhatshome.com
domain: qc3zfzu.to9varil.in.net
domain: cario.gr
domain: jsonapi.biz
domain: jsonserv.biz
domain: jsonserv.xyz
url: https://api.github.com/search/commits?q=longlivetheresistanceagainstmachines
url: https://audit.checkmarx.cx/v1/telemetry
url: https://api.github.com/search/commits?q=beautifulcastle
domain: rs9y.to9varil.in.net
file: 192.238.184.153
hash: 557
domain: carrascotransportesymas.com
domain: vinecarg.to9varil.in.net
domain: carritech.dfk-ms.info
file: 188.137.242.69
hash: 9000
file: 192.238.184.153
hash: 558
domain: mossbra.kymle2rax.in.net
domain: casadasaguas.ufes.br
domain: rjhmik2i.kymle2rax.in.net
domain: cats-gion-kyoto.com
domain: lw92.kymle2rax.in.net
domain: dynforgeal.kymle2rax.in.net
domain: igix.kymle2rax.in.net
domain: ajvo1s.po7vaxel.in.net
domain: jch52q.po7vaxel.in.net
domain: tricoreos5.po7vaxel.in.net
domain: loadermin.wi3sorin.in.net
domain: st80et3.wi3sorin.in.net
domain: talspireos.wi3sorin.in.net
domain: planodeescala.com.br
domain: ku193bt.wi3sorin.in.net
domain: fallbasic.wi3sorin.in.net
domain: pastusout.wi3sorin.in.net
domain: d34l-node.po7vaxel.in.net
domain: pixobs.po7vaxel.in.net
domain: docyl.po7vaxel.in.net
domain: meta-b4rk.9zorexal.in.net
domain: geo-1atti.9zorexal.in.net
domain: conferencia.misau.gov.mz
domain: cascad5-cache.9zorexal.in.net
domain: scriptruntime.9zorexal.in.net
domain: hmhfs.9zorexal.in.net
domain: ultra-g0ld.9zorexal.in.net
domain: ungljmv.qi4mavel.in.net
domain: shipdat.qi4mavel.in.net
file: 193.161.193.99
hash: 59315
domain: vellith4en.qi4mavel.in.net
domain: otter0-array.qi4mavel.in.net
domain: electrum.gr.com
file: 130.12.181.93
hash: 3000
domain: nzsrghd.qi4mavel.in.net
domain: reed-pla.qi4mavel.in.net
domain: ihsk.de8xamel.in.net
domain: talnex4on.de8xamel.in.net
domain: nhmud1dx.de8xamel.in.net
domain: c0ol6-field.de8xamel.in.net
domain: 33prnco.de8xamel.in.net
domain: hkez.de8xamel.in.net
domain: anciesto.boa7dswim.in.net
domain: broad4-grid.boa7dswim.in.net
domain: emroz.boa7dswim.in.net
domain: fleequot.boa7dswim.in.net
domain: ten5or-point.boa7dswim.in.net
domain: pthq.boa7dswim.in.net
domain: sandboxrev.blockad-creak.in.net
domain: courwind.blockad-creak.in.net
url: https://wilconetworks.net/demo/wp-content/plugins/responsive-countdown/lib/tls/
url: https://office-lexware.org/de/
url: https://office-lexware.org/de/download.php
domain: bis.dutraloc.com.br
url: https://bis.dutraloc.com.br/
domain: bis.flise-mesteren.dk
url: https://bis.flise-mesteren.dk/
file: 193.138.195.187
hash: 8443
domain: grmj9oyb.blockad-creak.in.net
domain: profit-guide.blockad-creak.in.net
domain: zenfluxum.blockad-creak.in.net
domain: lummarkar5.blockad-creak.in.net
domain: catalogue2020.artissima.it
domain: rrdfp.extrav5achkovit.in.net
domain: kelmeshos7.extrav5achkovit.in.net
file: 203.202.232.132
hash: 2828
domain: supplyalpha.extrav5achkovit.in.net
domain: images.california-wealth.com
domain: geo-byt3.extrav5achkovit.in.net
domain: gv6cwq.extrav5achkovit.in.net
domain: netw0r4-panel.extrav5achkovit.in.net
url: http://cf396743.tw1.ru/l1nc0in.php
domain: partnertra.foam-take.in.net
url: https://hegmaen.com/file.js
domain: hegmaen.com
url: https://hegmaen.com/t
url: https://hegmaen.com/g
url: https://hegmaen.com/c
url: https://86hg23aljj9.com/d
domain: 86hg23aljj9.com
domain: sol-coreis.foam-take.in.net
domain: newproject-newworld.info
file: 193.202.84.17
hash: 443
file: 89.46.237.138
hash: 443
url: http://msnf.us.com/simpletokncar
url: http://msnf.us.com/userid48236957
domain: msnf.us.com
domain: silent-harvester.cc
domain: valleymount.foam-take.in.net
domain: falconshift.foam-take.in.net
domain: innercoupon.foam-take.in.net
domain: arkvale6os.foam-take.in.net
url: https://cmfilms.it/
url: https://lavie-spa.com/
url: https://psy.dutraloc.com.br/
domain: psy.dutraloc.com.br
url: https://psy.flise-mesteren.dk/
domain: psy.flise-mesteren.dk
domain: tonecalm.clo5etterebeat.in.net
domain: dev.eumeca.ro
domain: labelparc.clo5etterebeat.in.net
domain: dev.guildfaith.ro
domain: dev.tech360group.com
domain: 3df7.clo5etterebeat.in.net
domain: dev.www.mas10.ar
domain: denseink.clo5etterebeat.in.net
domain: zenvale2on.clo5etterebeat.in.net
domain: moraltin.clo5etterebeat.in.net
domain: draftroya.acquisit-batper.in.net
domain: directionchurchtx.dioramtech.com
domain: sipzix.acquisit-batper.in.net
domain: directiontraining.com.au
domain: f0rrn4-logic.acquisit-batper.in.net
url: https://cuttingedgeslicers.com/
url: https://smashclubburgers.com/
domain: dkmtravels.com
domain: tracfiel.acquisit-batper.in.net
domain: doctoracristinachacon.com
domain: 8cq295yx.acquisit-batper.in.net
domain: beautylizz.com.br
domain: meta-irnpor.acquisit-batper.in.net
domain: dominguezyasociados.com
domain: switoken.drumf1esh.in.net
domain: urbanscarle.drumf1esh.in.net
file: 193.161.193.99
hash: 53890
domain: memofreigh.drumf1esh.in.net
domain: downtownladentalcare.yoursmarthost.net
domain: secu-line.drumf1esh.in.net
domain: duandep.vn
domain: duocphamhd.com
domain: easysoundhealing.com
domain: gu1de-signal.drumf1esh.in.net
url: https://mundialpostos.com.br/
url: https://soareintl.com/
url: https://pliage.ru/
domain: eau-services.org
domain: p82lmc.drumf1esh.in.net
domain: edyunay.com
domain: dynamo.it.com
domain: wttppq.uk.com
domain: arkdraos4.histori-pneumonia.in.net
file: 185.225.17.132
hash: 1717
domain: hiddqueue.histori-pneumonia.in.net
domain: musglcb.pitifrube1la.in.net
domain: talfluxor3.pitifrube1la.in.net
domain: jzojka.pitifrube1la.in.net
domain: english-studies.net
domain: 51lent-route.pitifrube1la.in.net
domain: pine2-branch.arapnik-nosog.in.net
url: http://cj597826.tw1.ru/l1nc0in.php
domain: p4rt3-lab.arapnik-nosog.in.net
domain: va11dat-spark.arapnik-nosog.in.net
domain: zeit-2k.limbe7revolut.in.net
domain: rouge-mond-7.limbe7revolut.in.net
domain: fast-5.limbe7revolut.in.net
domain: gold-wald-1v.limbe7revolut.in.net
domain: open-land-3x.presidium-spike.in.net
domain: vert-9.presidium-spike.in.net
domain: kalt-2c.presidium-spike.in.net
domain: soft-4.presidium-spike.in.net
domain: blue-mond-1m.dua1ismmatron.in.net
domain: haus-7.dua1ismmatron.in.net
domain: iron-star-3.dua1ismmatron.in.net
domain: zeit-land-8v.dua1ismmatron.in.net
domain: fast-2.dua1ismmatron.in.net
domain: gold-fire-9w.fixt-turbine.in.net
domain: soft-6.fixt-turbine.in.net
url: https://amphibgz.cyou
domain: petit-wald-7k.fixt-turbine.in.net
domain: open-1.fixt-turbine.in.net
domain: noir-land-5s.ales1ine.in.net
domain: impactunified.com
domain: info.usdatacorporation.com
domain: kalt-4.ales1ine.in.net
domain: blue-star-2m.ales1ine.in.net
domain: iptvb1g.com
domain: iron-mond-7x.archit-physiol.in.net
domain: italianmedtranslations.com
domain: jademountains.net
domain: bleu-1.archit-physiol.in.net
domain: juelsminde-tennisklub.dk
file: 192.169.69.25
hash: 3852
domain: jovilodge.com
domain: kampoenghijau.com
domain: keeninfocomm.com
domain: dark-star-3v.slanikt7ay.in.net
domain: keliahealthcare.co.uk
domain: khalsacarbazar.com
domain: petit-land-1.slanikt7ay.in.net
domain: klik7tv.co.id

Source: ThreatFox MISP Feed

Published: Fri Apr 24 2026

ThreatFox IOCs for 2026-04-24

Medium

Malwaretype:osint tlp:white

Published: Fri Apr 24 2026 (04/24/2026, 00:00:00 UTC)

Source: ThreatFox MISP Feed

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2026-04-24

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 04/25/2026, 00:06:01 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: a581d694-d03d-4890-9f6c-1b3ebeec7e8c
Original Timestamp: 1777075388

Indicators of Compromise

Domain

Value	Description	Copy
domainuse-claude.com	IClickFix payload delivery domain (confidence level: 100%)
domaincpanel.eastcoast-wealth.com	FAKEUPDATES botnet C2 domain (confidence level: 100%)
domaincarrolc.com	Havoc botnet C2 domain (confidence level: 90%)
domaincwrtwright.com	Havoc botnet C2 domain (confidence level: 90%)
domain176.65.148.212.ptr.pfcloud.network	Mirai botnet C2 domain (confidence level: 80%)
domainafejoed.cyou	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainanalipr.cyou	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainbrorgma.cyou	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainconeogz.cyou	Lumma Stealer botnet C2 domain (confidence level: 75%)
domaindriplin.cyou	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainfamiszp.cyou	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainelgccyx.cyou	Lumma Stealer botnet C2 domain (confidence level: 75%)
domaingenuoei.cyou	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainleypuuq.cyou	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainobnusho.cyou	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainplitofa.cyou	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainthuqxer.cyou	Lumma Stealer botnet C2 domain (confidence level: 75%)
domaintramoqj.cyou	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainvidtihe.cyou	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainjugbphm.click	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainlongmbx.click	Lumma Stealer botnet C2 domain (confidence level: 75%)
domaindecrnoj.club	Lumma Stealer botnet C2 domain (confidence level: 75%)
domaintangmwp.club	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainstrikql.shop	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainulmudhw.shop	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainfast-zeit-3.ma8nemezzan.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainnoir-7.ma8nemezzan.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbachiller.uct.cl	StrelaStealer payload delivery domain (confidence level: 100%)
domainbleu-land-1v.ma8nemezzan.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainholz-5.ma8nemezzan.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindark-star-9k.ma8nemezzan.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainvert-2.ma8nemezzan.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsoft-4z.accustom-unrecog.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainrouge-3.accustom-unrecog.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainone.gayenk.site	StrelaStealer payload delivery domain (confidence level: 100%)
domaindummy-tf-test-dummy-2t4navcd.example	FAKEUPDATES payload delivery domain (confidence level: 50%)
domaindummy-tf-test-dummy-rfnsp2ni.example	KongTuke payload delivery domain (confidence level: 50%)
domainkalt-berg-6.accustom-unrecog.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbaum-w1.accustom-unrecog.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainopen-petit-8.accustom-unrecog.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainwind-5.accustom-unrecog.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaingold-mond-2m.there5econd.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainhaus-9.there5econd.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainapgmja.pk	StrelaStealer payload delivery domain (confidence level: 100%)
domaincold-fire-4.there5econd.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainapmotopart.com	StrelaStealer payload delivery domain (confidence level: 100%)
domainnoir-3x.there5econd.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainapp.esinfinitamentereciclable.com	StrelaStealer payload delivery domain (confidence level: 100%)
domainwald-petit-7.there5econd.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainappraisal.ge	StrelaStealer payload delivery domain (confidence level: 100%)
domainfast-1.there5econd.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbleu-holz-5c.after-coordinat.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainzeit-8.after-coordinat.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindark-land-3.after-coordinat.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainberg-4k.after-coordinat.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainrouge-star-1.after-coordinat.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainwww.jejaringsumsel.com	StrelaStealer payload delivery domain (confidence level: 100%)
domainopen-6.after-coordinat.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainiron-9v.melting-torrent.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainvert-2.melting-torrent.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainpetit-wind-5.melting-torrent.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaingold-4m.melting-torrent.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainkalt-mond-8.melting-torrent.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainhaus-1.melting-torrent.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainnoir-zeit-3s.godn2strich.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainfast-9.godn2strich.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainatmconstruct.com	StrelaStealer payload delivery domain (confidence level: 100%)
domainholz-baum-4.godn2strich.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbleu-2x.godn2strich.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindark-open-5.godn2strich.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainauto-shopping.l0gik.com.br	StrelaStealer payload delivery domain (confidence level: 100%)
domainland-1.godn2strich.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincold-9q.geor8eharvest.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainvert-4.geor8eharvest.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsoft-wald-2.geor8eharvest.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainrouge-7v.geor8eharvest.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainpetit-berg-1.geor8eharvest.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainhaus-5.geor8eharvest.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainblue-holz-8.jazz-password.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainzeit-4k.jazz-password.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindark-star-6.jazz-password.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainfast-3v.jazz-password.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainnoir-land-5.jazz-password.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaingold-2.jazz-password.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainwind-3p.dometo1ochy.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbleu-7.dometo1ochy.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainopen-haus-4.dometo1ochy.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainkalt-9.dometo1ochy.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainpetit-mond-1.dometo1ochy.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainberg-5x.dometo1ochy.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainiron-zeit-8.inject-mitroph.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainrouge-4.inject-mitroph.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainwald-baum-6w.inject-mitroph.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainclang-outrag.digital	Unknown malware payload delivery domain (confidence level: 100%)
domainsoft-1.inject-mitroph.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainnoir-land-3.inject-mitroph.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainfast-7k.inject-mitroph.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindocument-share-id382929992933.sisregcel.com	Unknown malware payload delivery domain (confidence level: 100%)
domainsku4jn.1zoravel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainmy-googlemeeting.com	Unknown malware payload delivery domain (confidence level: 100%)
domainp1a5-watch.1zoravel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainlivemeetgooogle.com	Unknown malware payload delivery domain (confidence level: 100%)
domainbalcg.1zoravel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainmymeetinggoogle.com	Unknown malware payload delivery domain (confidence level: 100%)
domainmymeetingtoday.com	Unknown malware payload delivery domain (confidence level: 100%)
domainwww.wildnor.com	StrelaStealer payload delivery domain (confidence level: 100%)
domainalt-f1eet.1zoravel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainc4st-layer.1zoravel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainazure-sharp.1zoravel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainark-forgeon.ra6ximel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsunauth.ra6ximel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainvelcrestar5.ra6ximel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainb4nd-signal.ra6ximel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainjakej.ra6ximel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain5pru4-mark.ra6ximel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainadapt1-line.sylov4en.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainlgjov.sylov4en.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbosquedocerrado.com.br	StrelaStealer payload delivery domain (confidence level: 100%)
domainhublistener.sylov4en.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbsblink.com.br	StrelaStealer payload delivery domain (confidence level: 100%)
domainclucrawl.sylov4en.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainmeasu8-drive.sylov4en.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbursaforum.net	StrelaStealer payload delivery domain (confidence level: 100%)
domaincloudfront-021.s3.us-west-2.amazonaws.com	Unknown malware botnet C2 domain (confidence level: 49%)
domaindomainaudit.checkmarx.cx	Unknown malware botnet C2 domain (confidence level: 49%)
domainaudit.checkmarx.cx	Unknown malware botnet C2 domain (confidence level: 49%)
domaintriggerdispatch.sylov4en.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbusiness.adalinki.com	StrelaStealer payload delivery domain (confidence level: 100%)
domaincl52qlla.to9varil.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbydrealestate.com.au	StrelaStealer payload delivery domain (confidence level: 100%)
domainprocesslis.to9varil.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainp4rse-forge.to9varil.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincamscocare.co.uk	StrelaStealer payload delivery domain (confidence level: 100%)
domaincanhkinhvietnhatshome.com	StrelaStealer payload delivery domain (confidence level: 100%)
domainqc3zfzu.to9varil.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincario.gr	StrelaStealer payload delivery domain (confidence level: 100%)
domainjsonapi.biz	Unknown malware botnet C2 domain (confidence level: 49%)
domainjsonserv.biz	Unknown malware botnet C2 domain (confidence level: 49%)
domainjsonserv.xyz	Unknown malware botnet C2 domain (confidence level: 49%)
domainrs9y.to9varil.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincarrascotransportesymas.com	StrelaStealer payload delivery domain (confidence level: 100%)
domainvinecarg.to9varil.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincarritech.dfk-ms.info	StrelaStealer payload delivery domain (confidence level: 100%)
domainmossbra.kymle2rax.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincasadasaguas.ufes.br	StrelaStealer payload delivery domain (confidence level: 100%)
domainrjhmik2i.kymle2rax.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincats-gion-kyoto.com	StrelaStealer payload delivery domain (confidence level: 100%)
domainlw92.kymle2rax.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindynforgeal.kymle2rax.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainigix.kymle2rax.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainajvo1s.po7vaxel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainjch52q.po7vaxel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaintricoreos5.po7vaxel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainloadermin.wi3sorin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainst80et3.wi3sorin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaintalspireos.wi3sorin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainplanodeescala.com.br	StrelaStealer payload delivery domain (confidence level: 100%)
domainku193bt.wi3sorin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainfallbasic.wi3sorin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainpastusout.wi3sorin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaind34l-node.po7vaxel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainpixobs.po7vaxel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindocyl.po7vaxel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainmeta-b4rk.9zorexal.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaingeo-1atti.9zorexal.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainconferencia.misau.gov.mz	StrelaStealer payload delivery domain (confidence level: 100%)
domaincascad5-cache.9zorexal.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainscriptruntime.9zorexal.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainhmhfs.9zorexal.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainultra-g0ld.9zorexal.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainungljmv.qi4mavel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainshipdat.qi4mavel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainvellith4en.qi4mavel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainotter0-array.qi4mavel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainelectrum.gr.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainnzsrghd.qi4mavel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainreed-pla.qi4mavel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainihsk.de8xamel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaintalnex4on.de8xamel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainnhmud1dx.de8xamel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainc0ol6-field.de8xamel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain33prnco.de8xamel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainhkez.de8xamel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainanciesto.boa7dswim.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbroad4-grid.boa7dswim.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainemroz.boa7dswim.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainfleequot.boa7dswim.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainten5or-point.boa7dswim.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainpthq.boa7dswim.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsandboxrev.blockad-creak.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincourwind.blockad-creak.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbis.dutraloc.com.br	Vidar botnet C2 domain (confidence level: 100%)
domainbis.flise-mesteren.dk	Vidar botnet C2 domain (confidence level: 100%)
domaingrmj9oyb.blockad-creak.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainprofit-guide.blockad-creak.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainzenfluxum.blockad-creak.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainlummarkar5.blockad-creak.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincatalogue2020.artissima.it	StrelaStealer payload delivery domain (confidence level: 100%)
domainrrdfp.extrav5achkovit.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainkelmeshos7.extrav5achkovit.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsupplyalpha.extrav5achkovit.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainimages.california-wealth.com	FAKEUPDATES botnet C2 domain (confidence level: 100%)
domaingeo-byt3.extrav5achkovit.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaingv6cwq.extrav5achkovit.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainnetw0r4-panel.extrav5achkovit.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainpartnertra.foam-take.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainhegmaen.com	KongTuke payload delivery domain (confidence level: 100%)
domain86hg23aljj9.com	KongTuke payload delivery domain (confidence level: 100%)
domainsol-coreis.foam-take.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainnewproject-newworld.info	SantaStealer botnet C2 domain (confidence level: 100%)
domainmsnf.us.com	Unknown malware payload delivery domain (confidence level: 75%)
domainsilent-harvester.cc	Unknown malware botnet C2 domain (confidence level: 100%)
domainvalleymount.foam-take.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainfalconshift.foam-take.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaininnercoupon.foam-take.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainarkvale6os.foam-take.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainpsy.dutraloc.com.br	Vidar botnet C2 domain (confidence level: 75%)
domainpsy.flise-mesteren.dk	Vidar botnet C2 domain (confidence level: 75%)
domaintonecalm.clo5etterebeat.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindev.eumeca.ro	StrelaStealer payload delivery domain (confidence level: 100%)
domainlabelparc.clo5etterebeat.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindev.guildfaith.ro	StrelaStealer payload delivery domain (confidence level: 100%)
domaindev.tech360group.com	StrelaStealer payload delivery domain (confidence level: 100%)
domain3df7.clo5etterebeat.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindev.www.mas10.ar	StrelaStealer payload delivery domain (confidence level: 100%)
domaindenseink.clo5etterebeat.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainzenvale2on.clo5etterebeat.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainmoraltin.clo5etterebeat.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindraftroya.acquisit-batper.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindirectionchurchtx.dioramtech.com	StrelaStealer payload delivery domain (confidence level: 100%)
domainsipzix.acquisit-batper.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindirectiontraining.com.au	StrelaStealer payload delivery domain (confidence level: 100%)
domainf0rrn4-logic.acquisit-batper.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindkmtravels.com	StrelaStealer payload delivery domain (confidence level: 100%)
domaintracfiel.acquisit-batper.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindoctoracristinachacon.com	StrelaStealer payload delivery domain (confidence level: 100%)
domain8cq295yx.acquisit-batper.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbeautylizz.com.br	StrelaStealer payload delivery domain (confidence level: 100%)
domainmeta-irnpor.acquisit-batper.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindominguezyasociados.com	StrelaStealer payload delivery domain (confidence level: 100%)
domainswitoken.drumf1esh.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainurbanscarle.drumf1esh.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainmemofreigh.drumf1esh.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindowntownladentalcare.yoursmarthost.net	StrelaStealer payload delivery domain (confidence level: 100%)
domainsecu-line.drumf1esh.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainduandep.vn	StrelaStealer payload delivery domain (confidence level: 100%)
domainduocphamhd.com	StrelaStealer payload delivery domain (confidence level: 100%)
domaineasysoundhealing.com	StrelaStealer payload delivery domain (confidence level: 100%)
domaingu1de-signal.drumf1esh.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaineau-services.org	StrelaStealer payload delivery domain (confidence level: 100%)
domainp82lmc.drumf1esh.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainedyunay.com	StrelaStealer payload delivery domain (confidence level: 100%)
domaindynamo.it.com	Quasar RAT botnet C2 domain (confidence level: 75%)
domainwttppq.uk.com	Quasar RAT botnet C2 domain (confidence level: 75%)
domainarkdraos4.histori-pneumonia.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainhiddqueue.histori-pneumonia.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainmusglcb.pitifrube1la.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaintalfluxor3.pitifrube1la.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainjzojka.pitifrube1la.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainenglish-studies.net	StrelaStealer payload delivery domain (confidence level: 100%)
domain51lent-route.pitifrube1la.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainpine2-branch.arapnik-nosog.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainp4rt3-lab.arapnik-nosog.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainva11dat-spark.arapnik-nosog.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainzeit-2k.limbe7revolut.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainrouge-mond-7.limbe7revolut.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainfast-5.limbe7revolut.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaingold-wald-1v.limbe7revolut.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainopen-land-3x.presidium-spike.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainvert-9.presidium-spike.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainkalt-2c.presidium-spike.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsoft-4.presidium-spike.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainblue-mond-1m.dua1ismmatron.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainhaus-7.dua1ismmatron.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainiron-star-3.dua1ismmatron.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainzeit-land-8v.dua1ismmatron.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainfast-2.dua1ismmatron.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaingold-fire-9w.fixt-turbine.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsoft-6.fixt-turbine.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainpetit-wald-7k.fixt-turbine.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainopen-1.fixt-turbine.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainnoir-land-5s.ales1ine.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainimpactunified.com	StrelaStealer payload delivery domain (confidence level: 100%)
domaininfo.usdatacorporation.com	StrelaStealer payload delivery domain (confidence level: 100%)
domainkalt-4.ales1ine.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainblue-star-2m.ales1ine.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainiptvb1g.com	StrelaStealer payload delivery domain (confidence level: 100%)
domainiron-mond-7x.archit-physiol.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainitalianmedtranslations.com	StrelaStealer payload delivery domain (confidence level: 100%)
domainjademountains.net	StrelaStealer payload delivery domain (confidence level: 100%)
domainbleu-1.archit-physiol.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainjuelsminde-tennisklub.dk	StrelaStealer payload delivery domain (confidence level: 100%)
domainjovilodge.com	StrelaStealer payload delivery domain (confidence level: 100%)
domainkampoenghijau.com	StrelaStealer payload delivery domain (confidence level: 100%)
domainkeeninfocomm.com	StrelaStealer payload delivery domain (confidence level: 100%)
domaindark-star-3v.slanikt7ay.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainkeliahealthcare.co.uk	StrelaStealer payload delivery domain (confidence level: 100%)
domainkhalsacarbazar.com	StrelaStealer payload delivery domain (confidence level: 100%)
domainpetit-land-1.slanikt7ay.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainklik7tv.co.id	StrelaStealer payload delivery domain (confidence level: 100%)

Url

Value	Description	Copy
urlhttps://use-claude.com/install.ps1	Unknown Loader payload delivery URL (confidence level: 100%)
urlhttps://dhnsdns.beer/api/index.php	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://dhnsdns.beer/api/7z.exe	Unknown malware payload delivery URL (confidence level: 75%)
urlhttp://206.82.6.110:8888/supershell/login/	Unknown malware botnet C2 (confidence level: 100%)
urlhttps://awgwindowcleaning.com/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://dominion.pk/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://claude-desktop.gitlab.io/dev/	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://clang-outrag.digital/script.sh	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://www.document-share-id382929992933.sisregcel.com	Unknown malware payload delivery URL (confidence level: 100%)
urlhttp://172.94.9.44/2.txt	Unknown malware payload delivery URL (confidence level: 100%)
urlhttp://172.94.9.44/1.txt	Unknown malware payload delivery URL (confidence level: 100%)
urlhttp://172.94.9.44/build.exe	Unknown malware payload delivery URL (confidence level: 100%)
urlhttp://172.94.9.44/build2.exe	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://my-googlemeeting.com/microsoft-store.html	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://my-googlemeeting.com/download.php	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://livemeetgooogle.com/microsoft-store.html	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://livemeetgooogle.com/metro/download.php	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://mymeetinggoogle.com/microsoft-store.html	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://mymeetinggoogle.com/download.php	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://mymeetingtoday.com/microsoft-store.html	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://mymeetingtoday.com/download.php	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://185.56.45.50/	Vidar botnet C2 (confidence level: 100%)
urlhttps://178.104.213.40/	Vidar botnet C2 (confidence level: 100%)
urlhttps://185.56.45.79/	Vidar botnet C2 (confidence level: 100%)
urlhttps://178.105.3.9/	Vidar botnet C2 (confidence level: 100%)
urlhttps://178.105.15.180/	Vidar botnet C2 (confidence level: 100%)
urlhttps://api.github.com/search/commits?q=longlivetheresistanceagainstmachines	Shai-Hulud botnet C2 (confidence level: 49%)
urlhttps://audit.checkmarx.cx/v1/telemetry	Unknown malware botnet C2 (confidence level: 49%)
urlhttps://api.github.com/search/commits?q=beautifulcastle	Unknown malware botnet C2 (confidence level: 49%)
urlhttps://wilconetworks.net/demo/wp-content/plugins/responsive-countdown/lib/tls/	PureRAT payload delivery URL (confidence level: 100%)
urlhttps://office-lexware.org/de/	PureRAT payload delivery URL (confidence level: 100%)
urlhttps://office-lexware.org/de/download.php	PureRAT payload delivery URL (confidence level: 100%)
urlhttps://bis.dutraloc.com.br/	Vidar botnet C2 (confidence level: 100%)
urlhttps://bis.flise-mesteren.dk/	Vidar botnet C2 (confidence level: 100%)
urlhttp://cf396743.tw1.ru/l1nc0in.php	DCRat botnet C2 (confidence level: 100%)
urlhttps://hegmaen.com/file.js	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://hegmaen.com/t	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://hegmaen.com/g	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://hegmaen.com/c	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://86hg23aljj9.com/d	KongTuke payload delivery URL (confidence level: 100%)
urlhttp://msnf.us.com/simpletokncar	Unknown malware payload delivery URL (confidence level: 75%)
urlhttp://msnf.us.com/userid48236957	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://cmfilms.it/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://lavie-spa.com/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://psy.dutraloc.com.br/	Vidar botnet C2 (confidence level: 75%)
urlhttps://psy.flise-mesteren.dk/	Vidar botnet C2 (confidence level: 75%)
urlhttps://cuttingedgeslicers.com/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://smashclubburgers.com/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://mundialpostos.com.br/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://soareintl.com/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://pliage.ru/	Vidar payload delivery URL (confidence level: 75%)
urlhttp://cj597826.tw1.ru/l1nc0in.php	DCRat botnet C2 (confidence level: 100%)
urlhttps://amphibgz.cyou	Lumma Stealer botnet C2 (confidence level: 75%)

File

Value	Description	Copy
file45.61.136.30	Havoc botnet C2 server (confidence level: 90%)
file176.65.148.212	Mirai botnet C2 server (confidence level: 80%)
file104.248.200.241	Kimwolf botnet C2 server (confidence level: 100%)
file167.172.34.157	Kimwolf botnet C2 server (confidence level: 100%)
file165.232.91.237	Kimwolf botnet C2 server (confidence level: 100%)
file45.61.186.36	Aisuru botnet C2 server (confidence level: 100%)
file154.9.237.158	Unknown malware payload delivery server (confidence level: 100%)
file178.16.52.101	Unknown malware payload delivery server (confidence level: 75%)
file45.131.108.107	Mirai botnet C2 server (confidence level: 80%)
file206.82.6.110	Unknown malware botnet C2 server (confidence level: 100%)
file45.135.193.118	Mirai botnet C2 server (confidence level: 80%)
file8.148.70.23	NjRAT botnet C2 server (confidence level: 100%)
file223.26.62.116	ValleyRAT botnet C2 server (confidence level: 100%)
file103.227.176.9	Quasar RAT botnet C2 server (confidence level: 75%)
file104.21.31.21	Quasar RAT botnet C2 server (confidence level: 75%)
file104.21.31.21	Quasar RAT botnet C2 server (confidence level: 75%)
file172.67.174.168	Quasar RAT botnet C2 server (confidence level: 75%)
file172.67.174.168	Quasar RAT botnet C2 server (confidence level: 75%)
file188.114.96.3	Quasar RAT botnet C2 server (confidence level: 75%)
file188.114.97.3	Quasar RAT botnet C2 server (confidence level: 75%)
file185.56.45.50	Vidar botnet C2 server (confidence level: 100%)
file178.104.213.40	Vidar botnet C2 server (confidence level: 100%)
file185.56.45.79	Vidar botnet C2 server (confidence level: 100%)
file178.105.3.9	Vidar botnet C2 server (confidence level: 100%)
file178.105.15.180	Vidar botnet C2 server (confidence level: 100%)
file141.98.10.115	XOR DDoS botnet C2 server (confidence level: 75%)
file45.192.219.152	Ghost RAT botnet C2 server (confidence level: 100%)
file31.56.209.78	Remcos botnet C2 server (confidence level: 75%)
file141.11.197.63	SectopRAT botnet C2 server (confidence level: 75%)
file149.12.67.156	Xtreme RAT botnet C2 server (confidence level: 75%)
file195.201.253.58	Vidar botnet C2 server (confidence level: 75%)
file171.249.228.186	Venom RAT botnet C2 server (confidence level: 75%)
file192.238.184.153	ValleyRAT botnet C2 server (confidence level: 100%)
file188.137.242.69	SectopRAT botnet C2 server (confidence level: 75%)
file192.238.184.153	ValleyRAT botnet C2 server (confidence level: 75%)
file193.161.193.99	RatonRAT botnet C2 server (confidence level: 100%)
file130.12.181.93	Remcos botnet C2 server (confidence level: 75%)
file193.138.195.187	PureRAT botnet C2 server (confidence level: 75%)
file203.202.232.132	XWorm botnet C2 server (confidence level: 75%)
file193.202.84.17	Unknown malware payload delivery server (confidence level: 75%)
file89.46.237.138	Unknown malware payload delivery server (confidence level: 75%)
file193.161.193.99	RatonRAT botnet C2 server (confidence level: 100%)
file185.225.17.132	Remcos botnet C2 server (confidence level: 75%)
file192.169.69.25	NetWire RC botnet C2 server (confidence level: 100%)

Hash

Value	Description	Copy
hash443	Havoc botnet C2 server (confidence level: 90%)
hashfb3630822b70bacb56aa4cec29b5a0e3e9acb3920809e70310a4003385a6d34a	Havoc payload (confidence level: 90%)
hash6316e735a026e0421e4ee274e36594bb510afbf8798e767f6a082d827b5082a0	KongTuke payload (confidence level: 90%)
hash59e3c4cb06331b4f2d78a9a0592f3747e573bd01c5a7650c26361d1e25520712	Havoc payload (confidence level: 60%)
hash38241	Mirai botnet C2 server (confidence level: 80%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash8001	Aisuru botnet C2 server (confidence level: 100%)
hash8888	Unknown malware payload delivery server (confidence level: 100%)
hash443	Unknown malware payload delivery server (confidence level: 75%)
hashb25dedf5906840ddb19f96c27fae06abb08872b4b931466cc63ac1e9436b1270	Unknown malware payload (confidence level: 75%)
hash1302	Mirai botnet C2 server (confidence level: 80%)
hash8888	Unknown malware botnet C2 server (confidence level: 100%)
hash1995	Mirai botnet C2 server (confidence level: 80%)
hash13903	NjRAT botnet C2 server (confidence level: 100%)
hash7880	ValleyRAT botnet C2 server (confidence level: 100%)
hash4782	Quasar RAT botnet C2 server (confidence level: 75%)
hash4782	Quasar RAT botnet C2 server (confidence level: 75%)
hash64	Quasar RAT botnet C2 server (confidence level: 75%)
hash4782	Quasar RAT botnet C2 server (confidence level: 75%)
hash64	Quasar RAT botnet C2 server (confidence level: 75%)
hash4782	Quasar RAT botnet C2 server (confidence level: 75%)
hash4782	Quasar RAT botnet C2 server (confidence level: 75%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash1430	XOR DDoS botnet C2 server (confidence level: 75%)
hash443	Ghost RAT botnet C2 server (confidence level: 100%)
hash443	Remcos botnet C2 server (confidence level: 75%)
hash9000	SectopRAT botnet C2 server (confidence level: 75%)
hash6379	Xtreme RAT botnet C2 server (confidence level: 75%)
hash443	Vidar botnet C2 server (confidence level: 75%)
hash5001	Venom RAT botnet C2 server (confidence level: 75%)
hash557	ValleyRAT botnet C2 server (confidence level: 100%)
hash9000	SectopRAT botnet C2 server (confidence level: 75%)
hash558	ValleyRAT botnet C2 server (confidence level: 75%)
hash59315	RatonRAT botnet C2 server (confidence level: 100%)
hash3000	Remcos botnet C2 server (confidence level: 75%)
hash8443	PureRAT botnet C2 server (confidence level: 75%)
hash2828	XWorm botnet C2 server (confidence level: 75%)
hash443	Unknown malware payload delivery server (confidence level: 75%)
hash443	Unknown malware payload delivery server (confidence level: 75%)
hash53890	RatonRAT botnet C2 server (confidence level: 100%)
hash1717	Remcos botnet C2 server (confidence level: 75%)
hash3852	NetWire RC botnet C2 server (confidence level: 100%)

Threat ID: 69ec056387115cfb68817142

Added to database: 4/25/2026, 12:05:55 AM

Last enriched: 4/25/2026, 12:06:01 AM

Last updated: 4/25/2026, 5:44:50 AM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited

View courses

ThreatFox IOCs for 2026-04-24

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

ThreatFox IOCs for 2026-04-24

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Technical Details

Indicators of Compromise

Domain

Url

File

Hash

Community Reviews

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility

ThreatFox IOCs for 2026-04-24

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

ThreatFox IOCs for 2026-04-24

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Technical Details

Indicators of Compromise

Domain

Url

File

Hash

Community Reviews

Related Threats

Maltrail IOC for 2026-04-24

US Federal Agency’s Cisco Firewall Infected With ‘Firestarter’ Backdoor

DinDoor Backdoor: Deno Runtime Abuse and 20 Active C2 Servers

Snow Flurries: How UNC6692 Employed Social Engineering to Deploy a Custom Malware Suite

GopherWhisper: A burrow full of malware

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility