Reconnecting to live updates…

ThreatFox IOCs for 2026-04-25

Severity: mediumType: malware

AI Analysis

Technical Summary

The ThreatFox IOCs dated 2026-04-25 describe malware-related threat intelligence focused on OSINT and network-based payload delivery. The data lacks specific affected software versions or detailed exploit information. The threat is assessed with a medium severity and a threat level of 2, indicating moderate concern but no active exploitation or patch availability. The report serves primarily as situational awareness rather than a direct vulnerability or exploit advisory.

Potential Impact

The impact is currently limited to awareness of potential malware activity without confirmed exploitation or direct vulnerability to specific products. No active exploits or affected versions are reported, indicating no immediate operational impact requiring urgent patching or mitigation.

Mitigation Recommendations

No patch is available for this threat. Since no specific vulnerabilities or exploits are identified, no targeted remediation actions can be recommended. Security teams should incorporate these IOCs into their detection and monitoring tools as part of routine threat intelligence updates.

Indicators of Compromise

domain: talvaleet.histori-pneumonia.in.net
domain: binaryboost.histori-pneumonia.in.net
domain: cl.distritovagas.com
domain: cryst0-core.histori-pneumonia.in.net
domain: sprdec.histori-pneumonia.in.net
url: http://sonra.eutialyson.com/inst24.msi
domain: absshop-ping.xyz
domain: acre-sagahill.xyz
domain: shirela.pitifrube1la.in.net
domain: zfvhht.pitifrube1la.in.net
domain: tbfnru68.arapnik-nosog.in.net
domain: nivo.arapnik-nosog.in.net
file: 176.65.139.59
hash: 1337
domain: lbwtqscv.arapnik-nosog.in.net
domain: nuevaprodeciencia.club
domain: vmi3003111.contaboserver.net
url: https://pastebin.com/raw/0rmxqy57
url: https://nuevaprodeciencia.club/br77b/iayjaskyeiagds.php
domain: dark-star-4.limbe7revolut.in.net
url: http://45.77.60.153/%2bu2qpcwlb0teek0y%2bthl1q%3d%3d
url: http://217.69.8.40/63rbxcmtbopzhfyuqusnda%3d%3d
url: http://45.77.60.153/get_arhive_npm/zi2wmapzcno8ev9qy%2bqqxq%3d%3d
url: http://217.69.8.40/get_arhive_npm/jcbp9cvu%2b%2b%2fczotwvxfjbq%3d%3d
url: http://45.77.60.153/darwin-universal/s4%2becczupy7jrkr7qbsmng%3d%3d?wallet=trezor
url: http://45.77.60.153/darwin-universal/s4%2becczupy7jrkr7qbsmng%3d%3d?wallet=ledger
url: http://217.69.8.40/darwin-universal/wjcjmfcy4f4sxngll5o0cq%3d%3d?wallet=trezor
url: http://217.69.8.40/darwin-universal/wjcjmfcy4f4sxngll5o0cq%3d%3d?wallet=ledger
url: http://45.32.150.251/g/63rbxcmtbopzhfyuqusnda%3d%3d
domain: noir-8.limbe7revolut.in.net
domain: holz-berg-5.presidium-spike.in.net
domain: petit-fire-6.presidium-spike.in.net
url: https://quiglgy.com/file.js
domain: quiglgy.com
url: https://quiglgy.com/t
url: https://quiglgy.com/g
url: https://quiglgy.com/c
domain: bleu-5.dua1ismmatron.in.net
domain: rouge-4.fixt-turbine.in.net
domain: dark-berg-2.fixt-turbine.in.net
domain: vert-3.ales1ine.in.net
domain: zenmetrics-software.com
file: 144.31.215.205
hash: 443
file: 198.251.88.136
hash: 443
url: https://zenmetrics-software.com/api/devices/register
url: https://zenmetrics-software.com/api/ws/monitor/
url: https://zenmetrics-software.com/api/telegram-loggers/mine
domain: zenmetrics.io
domain: holz-baum-8.ales1ine.in.net
domain: windows-telemetry.cc
url: https://windows-telemetry.cc/api/submit
domain: adverbrequire.com
domain: zeit-9.ales1ine.in.net
domain: api.uioplerixtem.com
domain: pa-portal.benningtonspringsmhp.com
domain: fast-berg-4.archit-physiol.in.net
domain: gold-5.archit-physiol.in.net
domain: soft-fire-6q.archit-physiol.in.net
domain: haus-2.archit-physiol.in.net
domain: rouge-8.slanikt7ay.in.net
domain: noir-6.slanikt7ay.in.net
domain: koishi.rs
domain: holz-berg-4b.slanikt7ay.in.net
domain: laptoprefurbish.com
domain: open-9.slanikt7ay.in.net
domain: larrywilson.cyber-demo-client-website2.com
domain: leapindustries.co.in
domain: fast-zeit-5k.cicada-tkacki.in.net
domain: kacmazbilisim.com
domain: vert-2.cicada-tkacki.in.net
domain: letnaturehelp.co.uk
domain: kalt-wald-8.cicada-tkacki.in.net
domain: bleu-4.cicada-tkacki.in.net
domain: gold-mond-9z.cicada-tkacki.in.net
domain: haus-1.cicada-tkacki.in.net
domain: iron-star-2n.caissonnarc0m.in.net
domain: marketingcomdende.com.br
domain: rouge-6.caissonnarc0m.in.net
file: 176.65.139.141
hash: 1024
domain: edaciousedacioussewcomfortless.com
domain: soft-land-4.caissonnarc0m.in.net
domain: noir-7.caissonnarc0m.in.net
domain: petit-berg-5p.caissonnarc0m.in.net
url: https://peafamqe.cyou
domain: open-3.caissonnarc0m.in.net
domain: blue-fire-8x.excavat-toponym.in.net
domain: zeit-1.excavat-toponym.in.net
domain: holz-baum-4.excavat-toponym.in.net
url: https://deepnoxa.com/update.zip
url: https://deepnoxa.com/q
domain: deepnoxa.com
url: https://chimefusion.com/u/
domain: chimefusion.com
hash: 0642708ec7c25dec3168f1ab275a29bfd3cf69fe3afc3d5c6eadfa6750102883
hash: d942e9cfc0ca32a3d66ec690090ee22dca74953efed6889fb2292de36f5e39fd
domain: dark-6.excavat-toponym.in.net
domain: fast-land-9c.excavat-toponym.in.net
domain: gold-2.excavat-toponym.in.net
domain: dsf2.excavat-toponym.in.net
domain: dffer.excavat-toponym.in.net
domain: solafirmw.miv7sorel.in.net
domain: tri-fluxa.miv7sorel.in.net
domain: basicret.miv7sorel.in.net
domain: bark-line.miv7sorel.in.net
domain: surv3y7-plate.miv7sorel.in.net
domain: growthcircui.miv7sorel.in.net
domain: segmentash.dex3lavan.in.net
domain: tracesound.dex3lavan.in.net
domain: norspireos3.dex3lavan.in.net
domain: jz8ef5.dex3lavan.in.net
domain: svvift5-trace.dex3lavan.in.net
domain: proto-str34m.dex3lavan.in.net
domain: publish2-mount.bexla9rin.in.net
domain: vorforge7al.bexla9rin.in.net
domain: theormot.bexla9rin.in.net
domain: echoloa.bexla9rin.in.net
url: https://coca.com.sg/
url: https://nutrionline.club/
url: https://cleanpoweraustralia.com.au/
url: https://congresswcc.com/
file: 172.67.208.215
hash: 443
domain: canopystor.bexla9rin.in.net
domain: sc88884.com
domain: theponzu.com
domain: 7fsk.bexla9rin.in.net
domain: passiv-reage.qiv2moren.in.net
domain: gf2rfd.qiv2moren.in.net
domain: cultureengine.qiv2moren.in.net
domain: motif4-vector.qiv2moren.in.net
domain: ollowgl.qiv2moren.in.net
domain: audittiny.qiv2moren.in.net
url: https://asoandes.org/
url: https://leslieporterfield.com/
url: https://lauricoco.com.br/
url: https://praiahall.com.br/
url: https://loja.lauricoco.com.br/
url: https://sergemoulypeintre.fr/
domain: 72z5.zex8liron.in.net
domain: vorcrestix.zex8liron.in.net
domain: radiationoncologycare.com
domain: kkdho.zex8liron.in.net
domain: raica.ind.br
domain: sub-n3uron.zex8liron.in.net
domain: ultra-f1rmvva.zex8liron.in.net
domain: reforcelog.com.br
domain: dyn-tideis.zex8liron.in.net
domain: reklamniplochytabor.cz
domain: rightbrainiacs.com
domain: starwinter.rax4pavel.in.net
domain: vellithal3.rax4pavel.in.net
domain: jkdraj.rax4pavel.in.net
domain: rosemarie.zerosoft.in
domain: ru.bergstreisser.com
domain: forrn7-panel.rax4pavel.in.net
domain: rvbconsult.com.br
domain: salamancacooperativa.es
domain: sales.wilderness-explorers.com
domain: falforma.rax4pavel.in.net
domain: sernexor8.rax4pavel.in.net
domain: saraj.ba
domain: vorlithen4.sylo6mer.in.net
domain: satavina.vn
domain: argrs.sylo6mer.in.net
domain: screenox.in
domain: 25eap9f.sylo6mer.in.net
domain: servidomestico.es
domain: gentl-snow.sylo6mer.in.net
domain: shaurarodgers.com
domain: amber-mon.sylo6mer.in.net
domain: signnscanpdf.com
domain: hdf358xa.sylo6mer.in.net
domain: small-devices.com
domain: sklep.wisen.pl
domain: server-scar.to9varon.in.net
domain: atomicextract.to9varon.in.net
domain: rntfvps.to9varon.in.net
domain: smarketing.pe
domain: somandodestinos.com.br
domain: bytefore.to9varon.in.net
domain: neo-cornput.to9varon.in.net
domain: ash-leaf.to9varon.in.net
domain: inkraven.kymle1rax.in.net
domain: tercheck.kymle1rax.in.net
domain: auto-update.tx-wealth.com
domain: thick8-signal.kymle1rax.in.net
domain: veltide4a.kymle1rax.in.net
url: http://24.152.36.241:8080
domain: geo-1c3.kymle1rax.in.net
domain: emidb.kymle1rax.in.net
domain: psy.gessoflex.com.br
url: https://psy.gessoflex.com.br/
domain: atom1-span.nov3liren.in.net
domain: vor-spireos.nov3liren.in.net
file: 172.67.159.51
hash: 443
file: 104.21.9.66
hash: 443
domain: tasheelbd.com
domain: serven5um.nov3liren.in.net
domain: airtellwireless.it.com
domain: techel.co.ke
domain: springledg.nov3liren.in.net
domain: clust1-dock.nov3liren.in.net
domain: systelaun.nov3liren.in.net
domain: 84gxvrtf.miv7sorel.in.net
domain: bbc.in.net
domain: syashop.uk.com
domain: conv3r5-glow.dex3lavan.in.net
domain: focusflame.bexla9rin.in.net
domain: dpcr.qiv2moren.in.net
domain: mossphoto.zex8liron.in.net
domain: trigg-crest.rax4pavel.in.net
domain: bytehard.sylo6mer.in.net
domain: firmwa7-point.to9varon.in.net
file: 149.12.67.231
hash: 139
file: 119.167.191.229
hash: 10001
file: 151.241.88.172
hash: 443
file: 91.92.242.228
hash: 443
file: 83.142.209.58
hash: 8081
file: 173.211.46.145
hash: 9000
domain: rockconvoy.kymle1rax.in.net
domain: valehar.nov3liren.in.net
domain: fjtx.miv4soren.in.net
domain: hyper-inv0ice.miv4soren.in.net
domain: sknrzs3z.miv4soren.in.net
domain: zrkjvdly.podfdch.com
domain: gpfour4.miv4soren.in.net
domain: sermarkos.miv4soren.in.net
domain: validatorgri.miv4soren.in.net
domain: summiceda.dex7lavel.in.net
domain: del1v-graph.dex7lavel.in.net
domain: mer-meshis.dex7lavel.in.net
domain: kelcoreos9.dex7lavel.in.net
domain: kel-marken.dex7lavel.in.net
domain: workersolar.dex7lavel.in.net
domain: planrec.bexla2rin.in.net
domain: f0cu-grid.bexla2rin.in.net
domain: colocip.bexla2rin.in.net
domain: bundleform.bexla2rin.in.net
domain: bundleform.bexla2rin.in.net
domain: fl4rn2-phase.bexla2rin.in.net
domain: eamo.bexla2rin.in.net
domain: boostmanifest.qiv9moren.in.net
domain: wgw.gessoflex.com.br
url: https://wgw.gessoflex.com.br/
domain: 6z3dyra.qiv9moren.in.net
domain: www.tabaccheriadavino.com
domain: 3nzy-layer.qiv9moren.in.net
domain: sng2kb.qiv9moren.in.net
domain: quormesh1os.qiv9moren.in.net
domain: 4wjh4hoo.qiv9moren.in.net
domain: zakateksmaku.com
domain: publishbark.zex3liron.in.net
domain: velmesh7ix.zex3liron.in.net
domain: zeermoda.com
url: https://ledger.eu.com/ledger-live-desktop.exe
domain: igotnofriendsonlineorirl-imgonnakmslmao.skyhanni.cloud
domain: quorforgeet6.zex3liron.in.net
domain: tr4ck7-plate.zex3liron.in.net
domain: bradley.cyber-demo-client-website1.com
domain: pixe2-zone.zex3liron.in.net
domain: f4ct0ry-mark.zex3liron.in.net
domain: quorlineex.rax5pavel.in.net
domain: m17e.rax5pavel.in.net
domain: suapagina1.com.br
domain: formtrai.rax5pavel.in.net
domain: rain-line.rax5pavel.in.net
domain: campa-fla.rax5pavel.in.net
file: 124.222.75.188
hash: 443
file: 80.78.30.153
hash: 443
file: 107.189.17.214
hash: 443
file: 8.136.97.98
hash: 8081
file: 39.97.233.222
hash: 7777
file: 47.94.167.171
hash: 7777
domain: l1ch-mesh.rax5pavel.in.net
domain: dealparc.sylo8mer.in.net
domain: reagentcore.sylo8mer.in.net
domain: 80njj90.sylo8mer.in.net
file: 206.238.115.191
hash: 10086
domain: theorypin.sylo8mer.in.net
domain: ba5ic0-spark.sylo8mer.in.net
file: 163.61.183.112
hash: 9999
domain: vitalpur.sylo8mer.in.net
file: 91.92.241.102
hash: 443
domain: gon.gessoflex.com.br
url: https://gon.gessoflex.com.br/
domain: wfamakg.to2varon.in.net
file: 35.184.9.17
hash: 443
domain: unknown8482-51453.portmap.host
domain: ernbe-leaf.to2varon.in.net
file: 193.161.193.99
hash: 51453
domain: n0rt-crest.to2varon.in.net
domain: glos-rep.to2varon.in.net
domain: dustfix.to2varon.in.net
file: 156.239.14.132
hash: 6667
file: 156.239.14.132
hash: 6668
file: 65.19.178.79
hash: 4782
domain: x1ov.to2varon.in.net
domain: 3fgrll.nov7liren.in.net
domain: rx64iv.nov7liren.in.net
domain: hf89cj2.nov7liren.in.net
domain: mpla-clo.cc
domain: zencorear1.nov7liren.in.net
domain: sa1atik.cn
domain: pl4sm-flow.nov7liren.in.net
domain: landing.anticalcareposeidon.it
domain: bundle-sheet.nov7liren.in.net
domain: cp52.pav3lorex.in.net
domain: wave-netw.pav3lorex.in.net
domain: kchjc5x.pav3lorex.in.net
domain: noir-1.miv6soren.in.net
domain: gold-land-8x.miv6soren.in.net
domain: open-9.miv6soren.in.net
domain: dark-star-2v.dex2lavel.in.net
domain: rouge-7.dex2lavel.in.net
domain: kalt-berg-1m.dex2lavel.in.net
domain: soft-4.dex2lavel.in.net
domain: petit-mond-6.dex2lavel.in.net
url: https://newyork2026.northamericanskalcongress.com/
url: https://1homeinterior.com/
url: https://joyeles.com.mx/
url: https://legadodistillery.com/
domain: iron-8.dex2lavel.in.net
domain: blue-fire-9w.bexla8rin.in.net
domain: haus-3.bexla8rin.in.net
domain: zeit-land-5.bexla8rin.in.net
domain: bleu-2k.bexla8rin.in.net
domain: wald-baum-7.bexla8rin.in.net
domain: gold-star-4s.qiv5moren.in.net
domain: vert-9.qiv5moren.in.net
domain: holz-berg-2.qiv5moren.in.net
domain: busy-sunni.digital
url: https://busy-sunni.digital/script.sh
domain: dig-circling.digital
url: https://dig-circling.digital/script.sh
domain: kakaduthr2sh.digital
url: https://kakaduthr2sh.digital/script.sh
domain: taranta-blow.digital
domain: noir-5x.qiv5moren.in.net
url: https://taranta-blow.digital/script.sh
domain: openclaws.it.com
url: https://openclaws.it.com
url: http://91.199.133.178/u/setup.exe
domain: petit-zeit-8.qiv5moren.in.net
domain: doc-docsign.cyou
url: https://doc-docsign.cyou/edocusign.php
domain: open-3.qiv5moren.in.net
url: https://doc-docsign.cyou/e-sign.php
url: https://doc-docsign.cyou/download.php
domain: viewsession.live
url: http://www.viewsession.live/e-sign.php
url: http://www.viewsession.live/download.php
domain: usoffweb69.top
url: https://usoffweb69.top/doc/e-sign.php
url: https://usoffweb69.top/doc/download.php
domain: rouge-6.zex1liron.in.net
domain: soft-wald-4.zex1liron.in.net
domain: kalt-7.zex1liron.in.net
domain: doc.lauraice.xyz
url: https://doc.lauraice.xyz/index.php
url: https://doc.lauraice.xyz/index.php/update.php
domain: haus-5.zex1liron.in.net
url: https://doc.lauraice.xyz/update.php
url: https://doc.lauraice.xyz/process.php
url: https://jugbphm.click/user
domain: docusign.my.googlejoininvite.click
url: https://www.docusign.my.googlejoininvite.click/edocusign.php
url: https://www.docusign.my.googlejoininvite.click/e-sign.php
domain: blue-mond-9k.rax7pavel.in.net
url: https://www.docusign.my.googlejoininvite.click/download.php
domain: meetingisliveatgooglemeett.top
url: https://meetingisliveatgooglemeett.top/windows/
url: https://meetingisliveatgooglemeett.top/windows/microsoft-store.php
domain: zoomlive.us
url: https://zoomlive.us/windows/invite.php
url: https://zoomlive.us/windows/zoomworkspace.bat
url: http://pixeldrain.com/api/file/tv7mrype
domain: zoommcall.com
url: https://zoommcall.com/windows/invite.php
url: http://zoommcall.com/windows/microsoft-store.php
url: http://zoommcall.com/windows/download.php
url: http://zoommcall.com/windows/install-guide.php
domain: quickbase-assist.com
url: https://quickbase-assist.com/windows/statement.php
url: https://quickbase-assist.com/windows/viewpdf.php
url: https://quickbase-assist.com/windows/download.php
domain: ivangay.bond
url: https://ivangay.bond/cf.js
url: https://ivangay.bond/api/index.php
url: https://ivangay.bond/log.php
domain: open-8.rax7pavel.in.net
domain: petit-star-6z.sylo3mer.in.net
domain: quilborne.org
url: https://quilborne.org/file.js
url: https://quilborne.org/t
url: https://quilborne.org/g
url: https://quilborne.org/c
domain: holz-berg-9.sylo3mer.in.net
domain: dark-wald-5v.sylo3mer.in.net
domain: connectweb.chat
url: https://connectweb.chat/verify.html
url: https://connectweb.chat/secure.msi
domain: haus-1.sylo3mer.in.net
domain: pulsegraph.xyz
url: https://pulsegraph.xyz/t.js
url: https://pulsegraph.xyz/ext-b.58316c304236.js
url: https://pulsegraph.xyz/ext.0ff2555835d3.js
url: https://pulsegraph.xyz/t.188cfd3975db.js
domain: rouge-3.nov2liren.in.net
domain: soft-land-1.nov2liren.in.net
domain: zeit-berg-4n.nov2liren.in.net
domain: open-9.nov2liren.in.net
domain: jakartaupdate.online
domain: fast-star-2x.miv8soren.in.net
domain: noir-6.miv8soren.in.net
domain: vert-1.miv8soren.in.net
domain: haus-3.miv8soren.in.net
domain: trucklinesfm.com
domain: dark-land-7b.dex1lavel.in.net
domain: www.adrianmiller.co.za
domain: bleu-4.dex1lavel.in.net
domain: petit-fire-1.dex1lavel.in.net
domain: rouge-9.dex1lavel.in.net
domain: soft-berg-6p.dex1lavel.in.net
file: 87.106.168.15
hash: 7004
domain: comp-os4d.mivonex-serv.in.net
domain: onli6sp.mivonex-serv.in.net
domain: haus-mp.mivonex-serv.in.net
domain: enfa1p13.mivonex-serv.in.net

ThreatFox IOCs for 2026-04-25

Severity: medium

Type: malware

ThreatFox IOCs for 2026-04-25

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

domain: talvaleet.histori-pneumonia.in.net
domain: binaryboost.histori-pneumonia.in.net
domain: cl.distritovagas.com
domain: cryst0-core.histori-pneumonia.in.net
domain: sprdec.histori-pneumonia.in.net
url: http://sonra.eutialyson.com/inst24.msi
domain: absshop-ping.xyz
domain: acre-sagahill.xyz
domain: shirela.pitifrube1la.in.net
domain: zfvhht.pitifrube1la.in.net
domain: tbfnru68.arapnik-nosog.in.net
domain: nivo.arapnik-nosog.in.net
file: 176.65.139.59
hash: 1337
domain: lbwtqscv.arapnik-nosog.in.net
domain: nuevaprodeciencia.club
domain: vmi3003111.contaboserver.net
url: https://pastebin.com/raw/0rmxqy57
url: https://nuevaprodeciencia.club/br77b/iayjaskyeiagds.php
domain: dark-star-4.limbe7revolut.in.net
url: http://45.77.60.153/%2bu2qpcwlb0teek0y%2bthl1q%3d%3d
url: http://217.69.8.40/63rbxcmtbopzhfyuqusnda%3d%3d
url: http://45.77.60.153/get_arhive_npm/zi2wmapzcno8ev9qy%2bqqxq%3d%3d
url: http://217.69.8.40/get_arhive_npm/jcbp9cvu%2b%2b%2fczotwvxfjbq%3d%3d
url: http://45.77.60.153/darwin-universal/s4%2becczupy7jrkr7qbsmng%3d%3d?wallet=trezor
url: http://45.77.60.153/darwin-universal/s4%2becczupy7jrkr7qbsmng%3d%3d?wallet=ledger
url: http://217.69.8.40/darwin-universal/wjcjmfcy4f4sxngll5o0cq%3d%3d?wallet=trezor
url: http://217.69.8.40/darwin-universal/wjcjmfcy4f4sxngll5o0cq%3d%3d?wallet=ledger
url: http://45.32.150.251/g/63rbxcmtbopzhfyuqusnda%3d%3d
domain: noir-8.limbe7revolut.in.net
domain: holz-berg-5.presidium-spike.in.net
domain: petit-fire-6.presidium-spike.in.net
url: https://quiglgy.com/file.js
domain: quiglgy.com
url: https://quiglgy.com/t
url: https://quiglgy.com/g
url: https://quiglgy.com/c
domain: bleu-5.dua1ismmatron.in.net
domain: rouge-4.fixt-turbine.in.net
domain: dark-berg-2.fixt-turbine.in.net
domain: vert-3.ales1ine.in.net
domain: zenmetrics-software.com
file: 144.31.215.205
hash: 443
file: 198.251.88.136
hash: 443
url: https://zenmetrics-software.com/api/devices/register
url: https://zenmetrics-software.com/api/ws/monitor/
url: https://zenmetrics-software.com/api/telegram-loggers/mine
domain: zenmetrics.io
domain: holz-baum-8.ales1ine.in.net
domain: windows-telemetry.cc
url: https://windows-telemetry.cc/api/submit
domain: adverbrequire.com
domain: zeit-9.ales1ine.in.net
domain: api.uioplerixtem.com
domain: pa-portal.benningtonspringsmhp.com
domain: fast-berg-4.archit-physiol.in.net
domain: gold-5.archit-physiol.in.net
domain: soft-fire-6q.archit-physiol.in.net
domain: haus-2.archit-physiol.in.net
domain: rouge-8.slanikt7ay.in.net
domain: noir-6.slanikt7ay.in.net
domain: koishi.rs
domain: holz-berg-4b.slanikt7ay.in.net
domain: laptoprefurbish.com
domain: open-9.slanikt7ay.in.net
domain: larrywilson.cyber-demo-client-website2.com
domain: leapindustries.co.in
domain: fast-zeit-5k.cicada-tkacki.in.net
domain: kacmazbilisim.com
domain: vert-2.cicada-tkacki.in.net
domain: letnaturehelp.co.uk
domain: kalt-wald-8.cicada-tkacki.in.net
domain: bleu-4.cicada-tkacki.in.net
domain: gold-mond-9z.cicada-tkacki.in.net
domain: haus-1.cicada-tkacki.in.net
domain: iron-star-2n.caissonnarc0m.in.net
domain: marketingcomdende.com.br
domain: rouge-6.caissonnarc0m.in.net
file: 176.65.139.141
hash: 1024
domain: edaciousedacioussewcomfortless.com
domain: soft-land-4.caissonnarc0m.in.net
domain: noir-7.caissonnarc0m.in.net
domain: petit-berg-5p.caissonnarc0m.in.net
url: https://peafamqe.cyou
domain: open-3.caissonnarc0m.in.net
domain: blue-fire-8x.excavat-toponym.in.net
domain: zeit-1.excavat-toponym.in.net
domain: holz-baum-4.excavat-toponym.in.net
url: https://deepnoxa.com/update.zip
url: https://deepnoxa.com/q
domain: deepnoxa.com
url: https://chimefusion.com/u/
domain: chimefusion.com
hash: 0642708ec7c25dec3168f1ab275a29bfd3cf69fe3afc3d5c6eadfa6750102883
hash: d942e9cfc0ca32a3d66ec690090ee22dca74953efed6889fb2292de36f5e39fd
domain: dark-6.excavat-toponym.in.net
domain: fast-land-9c.excavat-toponym.in.net
domain: gold-2.excavat-toponym.in.net
domain: dsf2.excavat-toponym.in.net
domain: dffer.excavat-toponym.in.net
domain: solafirmw.miv7sorel.in.net
domain: tri-fluxa.miv7sorel.in.net
domain: basicret.miv7sorel.in.net
domain: bark-line.miv7sorel.in.net
domain: surv3y7-plate.miv7sorel.in.net
domain: growthcircui.miv7sorel.in.net
domain: segmentash.dex3lavan.in.net
domain: tracesound.dex3lavan.in.net
domain: norspireos3.dex3lavan.in.net
domain: jz8ef5.dex3lavan.in.net
domain: svvift5-trace.dex3lavan.in.net
domain: proto-str34m.dex3lavan.in.net
domain: publish2-mount.bexla9rin.in.net
domain: vorforge7al.bexla9rin.in.net
domain: theormot.bexla9rin.in.net
domain: echoloa.bexla9rin.in.net
url: https://coca.com.sg/
url: https://nutrionline.club/
url: https://cleanpoweraustralia.com.au/
url: https://congresswcc.com/
file: 172.67.208.215
hash: 443
domain: canopystor.bexla9rin.in.net
domain: sc88884.com
domain: theponzu.com
domain: 7fsk.bexla9rin.in.net
domain: passiv-reage.qiv2moren.in.net
domain: gf2rfd.qiv2moren.in.net
domain: cultureengine.qiv2moren.in.net
domain: motif4-vector.qiv2moren.in.net
domain: ollowgl.qiv2moren.in.net
domain: audittiny.qiv2moren.in.net
url: https://asoandes.org/
url: https://leslieporterfield.com/
url: https://lauricoco.com.br/
url: https://praiahall.com.br/
url: https://loja.lauricoco.com.br/
url: https://sergemoulypeintre.fr/
domain: 72z5.zex8liron.in.net
domain: vorcrestix.zex8liron.in.net
domain: radiationoncologycare.com
domain: kkdho.zex8liron.in.net
domain: raica.ind.br
domain: sub-n3uron.zex8liron.in.net
domain: ultra-f1rmvva.zex8liron.in.net
domain: reforcelog.com.br
domain: dyn-tideis.zex8liron.in.net
domain: reklamniplochytabor.cz
domain: rightbrainiacs.com
domain: starwinter.rax4pavel.in.net
domain: vellithal3.rax4pavel.in.net
domain: jkdraj.rax4pavel.in.net
domain: rosemarie.zerosoft.in
domain: ru.bergstreisser.com
domain: forrn7-panel.rax4pavel.in.net
domain: rvbconsult.com.br
domain: salamancacooperativa.es
domain: sales.wilderness-explorers.com
domain: falforma.rax4pavel.in.net
domain: sernexor8.rax4pavel.in.net
domain: saraj.ba
domain: vorlithen4.sylo6mer.in.net
domain: satavina.vn
domain: argrs.sylo6mer.in.net
domain: screenox.in
domain: 25eap9f.sylo6mer.in.net
domain: servidomestico.es
domain: gentl-snow.sylo6mer.in.net
domain: shaurarodgers.com
domain: amber-mon.sylo6mer.in.net
domain: signnscanpdf.com
domain: hdf358xa.sylo6mer.in.net
domain: small-devices.com
domain: sklep.wisen.pl
domain: server-scar.to9varon.in.net
domain: atomicextract.to9varon.in.net
domain: rntfvps.to9varon.in.net
domain: smarketing.pe
domain: somandodestinos.com.br
domain: bytefore.to9varon.in.net
domain: neo-cornput.to9varon.in.net
domain: ash-leaf.to9varon.in.net
domain: inkraven.kymle1rax.in.net
domain: tercheck.kymle1rax.in.net
domain: auto-update.tx-wealth.com
domain: thick8-signal.kymle1rax.in.net
domain: veltide4a.kymle1rax.in.net
url: http://24.152.36.241:8080
domain: geo-1c3.kymle1rax.in.net
domain: emidb.kymle1rax.in.net
domain: psy.gessoflex.com.br
url: https://psy.gessoflex.com.br/
domain: atom1-span.nov3liren.in.net
domain: vor-spireos.nov3liren.in.net
file: 172.67.159.51
hash: 443
file: 104.21.9.66
hash: 443
domain: tasheelbd.com
domain: serven5um.nov3liren.in.net
domain: airtellwireless.it.com
domain: techel.co.ke
domain: springledg.nov3liren.in.net
domain: clust1-dock.nov3liren.in.net
domain: systelaun.nov3liren.in.net
domain: 84gxvrtf.miv7sorel.in.net
domain: bbc.in.net
domain: syashop.uk.com
domain: conv3r5-glow.dex3lavan.in.net
domain: focusflame.bexla9rin.in.net
domain: dpcr.qiv2moren.in.net
domain: mossphoto.zex8liron.in.net
domain: trigg-crest.rax4pavel.in.net
domain: bytehard.sylo6mer.in.net
domain: firmwa7-point.to9varon.in.net
file: 149.12.67.231
hash: 139
file: 119.167.191.229
hash: 10001
file: 151.241.88.172
hash: 443
file: 91.92.242.228
hash: 443
file: 83.142.209.58
hash: 8081
file: 173.211.46.145
hash: 9000
domain: rockconvoy.kymle1rax.in.net
domain: valehar.nov3liren.in.net
domain: fjtx.miv4soren.in.net
domain: hyper-inv0ice.miv4soren.in.net
domain: sknrzs3z.miv4soren.in.net
domain: zrkjvdly.podfdch.com
domain: gpfour4.miv4soren.in.net
domain: sermarkos.miv4soren.in.net
domain: validatorgri.miv4soren.in.net
domain: summiceda.dex7lavel.in.net
domain: del1v-graph.dex7lavel.in.net
domain: mer-meshis.dex7lavel.in.net
domain: kelcoreos9.dex7lavel.in.net
domain: kel-marken.dex7lavel.in.net
domain: workersolar.dex7lavel.in.net
domain: planrec.bexla2rin.in.net
domain: f0cu-grid.bexla2rin.in.net
domain: colocip.bexla2rin.in.net
domain: bundleform.bexla2rin.in.net
domain: bundleform.bexla2rin.in.net
domain: fl4rn2-phase.bexla2rin.in.net
domain: eamo.bexla2rin.in.net
domain: boostmanifest.qiv9moren.in.net
domain: wgw.gessoflex.com.br
url: https://wgw.gessoflex.com.br/
domain: 6z3dyra.qiv9moren.in.net
domain: www.tabaccheriadavino.com
domain: 3nzy-layer.qiv9moren.in.net
domain: sng2kb.qiv9moren.in.net
domain: quormesh1os.qiv9moren.in.net
domain: 4wjh4hoo.qiv9moren.in.net
domain: zakateksmaku.com
domain: publishbark.zex3liron.in.net
domain: velmesh7ix.zex3liron.in.net
domain: zeermoda.com
url: https://ledger.eu.com/ledger-live-desktop.exe
domain: igotnofriendsonlineorirl-imgonnakmslmao.skyhanni.cloud
domain: quorforgeet6.zex3liron.in.net
domain: tr4ck7-plate.zex3liron.in.net
domain: bradley.cyber-demo-client-website1.com
domain: pixe2-zone.zex3liron.in.net
domain: f4ct0ry-mark.zex3liron.in.net
domain: quorlineex.rax5pavel.in.net
domain: m17e.rax5pavel.in.net
domain: suapagina1.com.br
domain: formtrai.rax5pavel.in.net
domain: rain-line.rax5pavel.in.net
domain: campa-fla.rax5pavel.in.net
file: 124.222.75.188
hash: 443
file: 80.78.30.153
hash: 443
file: 107.189.17.214
hash: 443
file: 8.136.97.98
hash: 8081
file: 39.97.233.222
hash: 7777
file: 47.94.167.171
hash: 7777
domain: l1ch-mesh.rax5pavel.in.net
domain: dealparc.sylo8mer.in.net
domain: reagentcore.sylo8mer.in.net
domain: 80njj90.sylo8mer.in.net
file: 206.238.115.191
hash: 10086
domain: theorypin.sylo8mer.in.net
domain: ba5ic0-spark.sylo8mer.in.net
file: 163.61.183.112
hash: 9999
domain: vitalpur.sylo8mer.in.net
file: 91.92.241.102
hash: 443
domain: gon.gessoflex.com.br
url: https://gon.gessoflex.com.br/
domain: wfamakg.to2varon.in.net
file: 35.184.9.17
hash: 443
domain: unknown8482-51453.portmap.host
domain: ernbe-leaf.to2varon.in.net
file: 193.161.193.99
hash: 51453
domain: n0rt-crest.to2varon.in.net
domain: glos-rep.to2varon.in.net
domain: dustfix.to2varon.in.net
file: 156.239.14.132
hash: 6667
file: 156.239.14.132
hash: 6668
file: 65.19.178.79
hash: 4782
domain: x1ov.to2varon.in.net
domain: 3fgrll.nov7liren.in.net
domain: rx64iv.nov7liren.in.net
domain: hf89cj2.nov7liren.in.net
domain: mpla-clo.cc
domain: zencorear1.nov7liren.in.net
domain: sa1atik.cn
domain: pl4sm-flow.nov7liren.in.net
domain: landing.anticalcareposeidon.it
domain: bundle-sheet.nov7liren.in.net
domain: cp52.pav3lorex.in.net
domain: wave-netw.pav3lorex.in.net
domain: kchjc5x.pav3lorex.in.net
domain: noir-1.miv6soren.in.net
domain: gold-land-8x.miv6soren.in.net
domain: open-9.miv6soren.in.net
domain: dark-star-2v.dex2lavel.in.net
domain: rouge-7.dex2lavel.in.net
domain: kalt-berg-1m.dex2lavel.in.net
domain: soft-4.dex2lavel.in.net
domain: petit-mond-6.dex2lavel.in.net
url: https://newyork2026.northamericanskalcongress.com/
url: https://1homeinterior.com/
url: https://joyeles.com.mx/
url: https://legadodistillery.com/
domain: iron-8.dex2lavel.in.net
domain: blue-fire-9w.bexla8rin.in.net
domain: haus-3.bexla8rin.in.net
domain: zeit-land-5.bexla8rin.in.net
domain: bleu-2k.bexla8rin.in.net
domain: wald-baum-7.bexla8rin.in.net
domain: gold-star-4s.qiv5moren.in.net
domain: vert-9.qiv5moren.in.net
domain: holz-berg-2.qiv5moren.in.net
domain: busy-sunni.digital
url: https://busy-sunni.digital/script.sh
domain: dig-circling.digital
url: https://dig-circling.digital/script.sh
domain: kakaduthr2sh.digital
url: https://kakaduthr2sh.digital/script.sh
domain: taranta-blow.digital
domain: noir-5x.qiv5moren.in.net
url: https://taranta-blow.digital/script.sh
domain: openclaws.it.com
url: https://openclaws.it.com
url: http://91.199.133.178/u/setup.exe
domain: petit-zeit-8.qiv5moren.in.net
domain: doc-docsign.cyou
url: https://doc-docsign.cyou/edocusign.php
domain: open-3.qiv5moren.in.net
url: https://doc-docsign.cyou/e-sign.php
url: https://doc-docsign.cyou/download.php
domain: viewsession.live
url: http://www.viewsession.live/e-sign.php
url: http://www.viewsession.live/download.php
domain: usoffweb69.top
url: https://usoffweb69.top/doc/e-sign.php
url: https://usoffweb69.top/doc/download.php
domain: rouge-6.zex1liron.in.net
domain: soft-wald-4.zex1liron.in.net
domain: kalt-7.zex1liron.in.net
domain: doc.lauraice.xyz
url: https://doc.lauraice.xyz/index.php
url: https://doc.lauraice.xyz/index.php/update.php
domain: haus-5.zex1liron.in.net
url: https://doc.lauraice.xyz/update.php
url: https://doc.lauraice.xyz/process.php
url: https://jugbphm.click/user
domain: docusign.my.googlejoininvite.click
url: https://www.docusign.my.googlejoininvite.click/edocusign.php
url: https://www.docusign.my.googlejoininvite.click/e-sign.php
domain: blue-mond-9k.rax7pavel.in.net
url: https://www.docusign.my.googlejoininvite.click/download.php
domain: meetingisliveatgooglemeett.top
url: https://meetingisliveatgooglemeett.top/windows/
url: https://meetingisliveatgooglemeett.top/windows/microsoft-store.php
domain: zoomlive.us
url: https://zoomlive.us/windows/invite.php
url: https://zoomlive.us/windows/zoomworkspace.bat
url: http://pixeldrain.com/api/file/tv7mrype
domain: zoommcall.com
url: https://zoommcall.com/windows/invite.php
url: http://zoommcall.com/windows/microsoft-store.php
url: http://zoommcall.com/windows/download.php
url: http://zoommcall.com/windows/install-guide.php
domain: quickbase-assist.com
url: https://quickbase-assist.com/windows/statement.php
url: https://quickbase-assist.com/windows/viewpdf.php
url: https://quickbase-assist.com/windows/download.php
domain: ivangay.bond
url: https://ivangay.bond/cf.js
url: https://ivangay.bond/api/index.php
url: https://ivangay.bond/log.php
domain: open-8.rax7pavel.in.net
domain: petit-star-6z.sylo3mer.in.net
domain: quilborne.org
url: https://quilborne.org/file.js
url: https://quilborne.org/t
url: https://quilborne.org/g
url: https://quilborne.org/c
domain: holz-berg-9.sylo3mer.in.net
domain: dark-wald-5v.sylo3mer.in.net
domain: connectweb.chat
url: https://connectweb.chat/verify.html
url: https://connectweb.chat/secure.msi
domain: haus-1.sylo3mer.in.net
domain: pulsegraph.xyz
url: https://pulsegraph.xyz/t.js
url: https://pulsegraph.xyz/ext-b.58316c304236.js
url: https://pulsegraph.xyz/ext.0ff2555835d3.js
url: https://pulsegraph.xyz/t.188cfd3975db.js
domain: rouge-3.nov2liren.in.net
domain: soft-land-1.nov2liren.in.net
domain: zeit-berg-4n.nov2liren.in.net
domain: open-9.nov2liren.in.net
domain: jakartaupdate.online
domain: fast-star-2x.miv8soren.in.net
domain: noir-6.miv8soren.in.net
domain: vert-1.miv8soren.in.net
domain: haus-3.miv8soren.in.net
domain: trucklinesfm.com
domain: dark-land-7b.dex1lavel.in.net
domain: www.adrianmiller.co.za
domain: bleu-4.dex1lavel.in.net
domain: petit-fire-1.dex1lavel.in.net
domain: rouge-9.dex1lavel.in.net
domain: soft-berg-6p.dex1lavel.in.net
file: 87.106.168.15
hash: 7004
domain: comp-os4d.mivonex-serv.in.net
domain: onli6sp.mivonex-serv.in.net
domain: haus-mp.mivonex-serv.in.net
domain: enfa1p13.mivonex-serv.in.net

Source: ThreatFox MISP Feed

Published: Sat Apr 25 2026

ThreatFox IOCs for 2026-04-25

Medium

Malwaretype:osint tlp:white

Published: Sat Apr 25 2026 (04/25/2026, 00:00:00 UTC)

Source: ThreatFox MISP Feed

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2026-04-25

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 04/26/2026, 00:06:00 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: 7641566d-bd4d-48be-9c2a-87dbbe323fbe
Original Timestamp: 1777161786

Indicators of Compromise

Domain

Value	Description	Copy
domaintalvaleet.histori-pneumonia.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbinaryboost.histori-pneumonia.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincl.distritovagas.com	ClearFake payload delivery domain (confidence level: 100%)
domaincryst0-core.histori-pneumonia.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsprdec.histori-pneumonia.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainabsshop-ping.xyz	Unknown RAT botnet C2 domain (confidence level: 75%)
domainacre-sagahill.xyz	Unknown RAT botnet C2 domain (confidence level: 75%)
domainshirela.pitifrube1la.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainzfvhht.pitifrube1la.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaintbfnru68.arapnik-nosog.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainnivo.arapnik-nosog.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainlbwtqscv.arapnik-nosog.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainnuevaprodeciencia.club	Unknown malware botnet C2 domain (confidence level: 49%)
domainvmi3003111.contaboserver.net	Unknown malware botnet C2 domain (confidence level: 49%)
domaindark-star-4.limbe7revolut.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainnoir-8.limbe7revolut.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainholz-berg-5.presidium-spike.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainpetit-fire-6.presidium-spike.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainquiglgy.com	KongTuke payload delivery domain (confidence level: 100%)
domainbleu-5.dua1ismmatron.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainrouge-4.fixt-turbine.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindark-berg-2.fixt-turbine.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainvert-3.ales1ine.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainzenmetrics-software.com	Unknown malware botnet C2 domain (confidence level: 90%)
domainzenmetrics.io	Unknown malware botnet C2 domain (confidence level: 65%)
domainholz-baum-8.ales1ine.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainwindows-telemetry.cc	CountLoader botnet C2 domain (confidence level: 100%)
domainadverbrequire.com	FAKEUPDATES payload delivery domain (confidence level: 50%)
domainzeit-9.ales1ine.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainapi.uioplerixtem.com	FAKEUPDATES payload delivery domain (confidence level: 50%)
domainpa-portal.benningtonspringsmhp.com	FAKEUPDATES payload delivery domain (confidence level: 50%)
domainfast-berg-4.archit-physiol.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaingold-5.archit-physiol.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsoft-fire-6q.archit-physiol.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainhaus-2.archit-physiol.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainrouge-8.slanikt7ay.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainnoir-6.slanikt7ay.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainkoishi.rs	StrelaStealer payload delivery domain (confidence level: 100%)
domainholz-berg-4b.slanikt7ay.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainlaptoprefurbish.com	StrelaStealer payload delivery domain (confidence level: 100%)
domainopen-9.slanikt7ay.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainlarrywilson.cyber-demo-client-website2.com	StrelaStealer payload delivery domain (confidence level: 100%)
domainleapindustries.co.in	StrelaStealer payload delivery domain (confidence level: 100%)
domainfast-zeit-5k.cicada-tkacki.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainkacmazbilisim.com	StrelaStealer payload delivery domain (confidence level: 100%)
domainvert-2.cicada-tkacki.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainletnaturehelp.co.uk	StrelaStealer payload delivery domain (confidence level: 100%)
domainkalt-wald-8.cicada-tkacki.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbleu-4.cicada-tkacki.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaingold-mond-9z.cicada-tkacki.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainhaus-1.cicada-tkacki.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainiron-star-2n.caissonnarc0m.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainmarketingcomdende.com.br	StrelaStealer payload delivery domain (confidence level: 100%)
domainrouge-6.caissonnarc0m.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainedaciousedacioussewcomfortless.com	FAKEUPDATES payload delivery domain (confidence level: 50%)
domainsoft-land-4.caissonnarc0m.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainnoir-7.caissonnarc0m.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainpetit-berg-5p.caissonnarc0m.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainopen-3.caissonnarc0m.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainblue-fire-8x.excavat-toponym.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainzeit-1.excavat-toponym.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainholz-baum-4.excavat-toponym.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindeepnoxa.com	Unknown malware payload delivery domain (confidence level: 100%)
domainchimefusion.com	Unknown malware botnet C2 domain (confidence level: 100%)
domaindark-6.excavat-toponym.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainfast-land-9c.excavat-toponym.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaingold-2.excavat-toponym.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindsf2.excavat-toponym.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindffer.excavat-toponym.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsolafirmw.miv7sorel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaintri-fluxa.miv7sorel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbasicret.miv7sorel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbark-line.miv7sorel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsurv3y7-plate.miv7sorel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaingrowthcircui.miv7sorel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsegmentash.dex3lavan.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaintracesound.dex3lavan.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainnorspireos3.dex3lavan.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainjz8ef5.dex3lavan.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsvvift5-trace.dex3lavan.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainproto-str34m.dex3lavan.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainpublish2-mount.bexla9rin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainvorforge7al.bexla9rin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaintheormot.bexla9rin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainecholoa.bexla9rin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincanopystor.bexla9rin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsc88884.com	Nanocore RAT botnet C2 domain (confidence level: 75%)
domaintheponzu.com	Nanocore RAT botnet C2 domain (confidence level: 75%)
domain7fsk.bexla9rin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainpassiv-reage.qiv2moren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaingf2rfd.qiv2moren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincultureengine.qiv2moren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainmotif4-vector.qiv2moren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainollowgl.qiv2moren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainaudittiny.qiv2moren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain72z5.zex8liron.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainvorcrestix.zex8liron.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainradiationoncologycare.com	StrelaStealer payload delivery domain (confidence level: 100%)
domainkkdho.zex8liron.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainraica.ind.br	StrelaStealer payload delivery domain (confidence level: 100%)
domainsub-n3uron.zex8liron.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainultra-f1rmvva.zex8liron.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainreforcelog.com.br	StrelaStealer payload delivery domain (confidence level: 100%)
domaindyn-tideis.zex8liron.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainreklamniplochytabor.cz	StrelaStealer payload delivery domain (confidence level: 100%)
domainrightbrainiacs.com	StrelaStealer payload delivery domain (confidence level: 100%)
domainstarwinter.rax4pavel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainvellithal3.rax4pavel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainjkdraj.rax4pavel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainrosemarie.zerosoft.in	StrelaStealer payload delivery domain (confidence level: 100%)
domainru.bergstreisser.com	StrelaStealer payload delivery domain (confidence level: 100%)
domainforrn7-panel.rax4pavel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainrvbconsult.com.br	StrelaStealer payload delivery domain (confidence level: 100%)
domainsalamancacooperativa.es	StrelaStealer payload delivery domain (confidence level: 100%)
domainsales.wilderness-explorers.com	StrelaStealer payload delivery domain (confidence level: 100%)
domainfalforma.rax4pavel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsernexor8.rax4pavel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsaraj.ba	StrelaStealer payload delivery domain (confidence level: 100%)
domainvorlithen4.sylo6mer.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsatavina.vn	StrelaStealer payload delivery domain (confidence level: 100%)
domainargrs.sylo6mer.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainscreenox.in	StrelaStealer payload delivery domain (confidence level: 100%)
domain25eap9f.sylo6mer.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainservidomestico.es	StrelaStealer payload delivery domain (confidence level: 100%)
domaingentl-snow.sylo6mer.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainshaurarodgers.com	StrelaStealer payload delivery domain (confidence level: 100%)
domainamber-mon.sylo6mer.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsignnscanpdf.com	StrelaStealer payload delivery domain (confidence level: 100%)
domainhdf358xa.sylo6mer.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsmall-devices.com	StrelaStealer payload delivery domain (confidence level: 100%)
domainsklep.wisen.pl	StrelaStealer payload delivery domain (confidence level: 100%)
domainserver-scar.to9varon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainatomicextract.to9varon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainrntfvps.to9varon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsmarketing.pe	StrelaStealer payload delivery domain (confidence level: 100%)
domainsomandodestinos.com.br	StrelaStealer payload delivery domain (confidence level: 100%)
domainbytefore.to9varon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainneo-cornput.to9varon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainash-leaf.to9varon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaininkraven.kymle1rax.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaintercheck.kymle1rax.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainauto-update.tx-wealth.com	FAKEUPDATES botnet C2 domain (confidence level: 100%)
domainthick8-signal.kymle1rax.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainveltide4a.kymle1rax.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaingeo-1c3.kymle1rax.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainemidb.kymle1rax.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainpsy.gessoflex.com.br	Vidar botnet C2 domain (confidence level: 100%)
domainatom1-span.nov3liren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainvor-spireos.nov3liren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaintasheelbd.com	StrelaStealer payload delivery domain (confidence level: 100%)
domainserven5um.nov3liren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainairtellwireless.it.com	Nanocore RAT botnet C2 domain (confidence level: 75%)
domaintechel.co.ke	StrelaStealer payload delivery domain (confidence level: 100%)
domainspringledg.nov3liren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainclust1-dock.nov3liren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsystelaun.nov3liren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain84gxvrtf.miv7sorel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbbc.in.net	Nanocore RAT botnet C2 domain (confidence level: 75%)
domainsyashop.uk.com	Nanocore RAT botnet C2 domain (confidence level: 75%)
domainconv3r5-glow.dex3lavan.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainfocusflame.bexla9rin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindpcr.qiv2moren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainmossphoto.zex8liron.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaintrigg-crest.rax4pavel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbytehard.sylo6mer.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainfirmwa7-point.to9varon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainrockconvoy.kymle1rax.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainvalehar.nov3liren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainfjtx.miv4soren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainhyper-inv0ice.miv4soren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsknrzs3z.miv4soren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainzrkjvdly.podfdch.com	FAKEUPDATES payload delivery domain (confidence level: 50%)
domaingpfour4.miv4soren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsermarkos.miv4soren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainvalidatorgri.miv4soren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsummiceda.dex7lavel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindel1v-graph.dex7lavel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainmer-meshis.dex7lavel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainkelcoreos9.dex7lavel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainkel-marken.dex7lavel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainworkersolar.dex7lavel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainplanrec.bexla2rin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainf0cu-grid.bexla2rin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincolocip.bexla2rin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbundleform.bexla2rin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbundleform.bexla2rin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainfl4rn2-phase.bexla2rin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaineamo.bexla2rin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainboostmanifest.qiv9moren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainwgw.gessoflex.com.br	Vidar botnet C2 domain (confidence level: 100%)
domain6z3dyra.qiv9moren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainwww.tabaccheriadavino.com	StrelaStealer payload delivery domain (confidence level: 100%)
domain3nzy-layer.qiv9moren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsng2kb.qiv9moren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainquormesh1os.qiv9moren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain4wjh4hoo.qiv9moren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainzakateksmaku.com	StrelaStealer payload delivery domain (confidence level: 100%)
domainpublishbark.zex3liron.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainvelmesh7ix.zex3liron.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainzeermoda.com	StrelaStealer payload delivery domain (confidence level: 100%)
domainigotnofriendsonlineorirl-imgonnakmslmao.skyhanni.cloud	Unknown malware botnet C2 domain (confidence level: 49%)
domainquorforgeet6.zex3liron.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaintr4ck7-plate.zex3liron.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbradley.cyber-demo-client-website1.com	StrelaStealer payload delivery domain (confidence level: 100%)
domainpixe2-zone.zex3liron.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainf4ct0ry-mark.zex3liron.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainquorlineex.rax5pavel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainm17e.rax5pavel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsuapagina1.com.br	StrelaStealer payload delivery domain (confidence level: 100%)
domainformtrai.rax5pavel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainrain-line.rax5pavel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincampa-fla.rax5pavel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainl1ch-mesh.rax5pavel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindealparc.sylo8mer.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainreagentcore.sylo8mer.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain80njj90.sylo8mer.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaintheorypin.sylo8mer.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainba5ic0-spark.sylo8mer.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainvitalpur.sylo8mer.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaingon.gessoflex.com.br	Vidar botnet C2 domain (confidence level: 100%)
domainwfamakg.to2varon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainunknown8482-51453.portmap.host	Quasar RAT botnet C2 domain (confidence level: 100%)
domainernbe-leaf.to2varon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainn0rt-crest.to2varon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainglos-rep.to2varon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindustfix.to2varon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainx1ov.to2varon.in.net	ClearFake payload delivery domain (confidence level: 100%)
domain3fgrll.nov7liren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainrx64iv.nov7liren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainhf89cj2.nov7liren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainmpla-clo.cc	Unknown malware botnet C2 domain (confidence level: 100%)
domainzencorear1.nov7liren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsa1atik.cn	SalatStealer botnet C2 domain (confidence level: 100%)
domainpl4sm-flow.nov7liren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainlanding.anticalcareposeidon.it	StrelaStealer payload delivery domain (confidence level: 100%)
domainbundle-sheet.nov7liren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincp52.pav3lorex.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainwave-netw.pav3lorex.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainkchjc5x.pav3lorex.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainnoir-1.miv6soren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaingold-land-8x.miv6soren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainopen-9.miv6soren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindark-star-2v.dex2lavel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainrouge-7.dex2lavel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainkalt-berg-1m.dex2lavel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsoft-4.dex2lavel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainpetit-mond-6.dex2lavel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainiron-8.dex2lavel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainblue-fire-9w.bexla8rin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainhaus-3.bexla8rin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainzeit-land-5.bexla8rin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbleu-2k.bexla8rin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainwald-baum-7.bexla8rin.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaingold-star-4s.qiv5moren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainvert-9.qiv5moren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainholz-berg-2.qiv5moren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainbusy-sunni.digital	Unknown malware payload delivery domain (confidence level: 100%)
domaindig-circling.digital	Unknown malware payload delivery domain (confidence level: 100%)
domainkakaduthr2sh.digital	Unknown malware payload delivery domain (confidence level: 100%)
domaintaranta-blow.digital	Unknown malware payload delivery domain (confidence level: 100%)
domainnoir-5x.qiv5moren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainopenclaws.it.com	Unknown malware payload delivery domain (confidence level: 100%)
domainpetit-zeit-8.qiv5moren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindoc-docsign.cyou	Unknown malware payload delivery domain (confidence level: 100%)
domainopen-3.qiv5moren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainviewsession.live	Unknown malware payload delivery domain (confidence level: 100%)
domainusoffweb69.top	Unknown malware payload delivery domain (confidence level: 100%)
domainrouge-6.zex1liron.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsoft-wald-4.zex1liron.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainkalt-7.zex1liron.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindoc.lauraice.xyz	Unknown malware payload delivery domain (confidence level: 100%)
domainhaus-5.zex1liron.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindocusign.my.googlejoininvite.click	Unknown malware payload delivery domain (confidence level: 100%)
domainblue-mond-9k.rax7pavel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainmeetingisliveatgooglemeett.top	Unknown malware payload delivery domain (confidence level: 100%)
domainzoomlive.us	Unknown malware payload delivery domain (confidence level: 100%)
domainzoommcall.com	Unknown malware payload delivery domain (confidence level: 100%)
domainquickbase-assist.com	Unknown malware payload delivery domain (confidence level: 100%)
domainivangay.bond	Unknown malware payload delivery domain (confidence level: 100%)
domainopen-8.rax7pavel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainpetit-star-6z.sylo3mer.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainquilborne.org	KongTuke payload delivery domain (confidence level: 100%)
domainholz-berg-9.sylo3mer.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaindark-wald-5v.sylo3mer.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainconnectweb.chat	Unknown malware payload delivery domain (confidence level: 100%)
domainhaus-1.sylo3mer.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainpulsegraph.xyz	Unknown malware payload delivery domain (confidence level: 100%)
domainrouge-3.nov2liren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsoft-land-1.nov2liren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainzeit-berg-4n.nov2liren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainopen-9.nov2liren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainjakartaupdate.online	StrelaStealer payload delivery domain (confidence level: 100%)
domainfast-star-2x.miv8soren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainnoir-6.miv8soren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainvert-1.miv8soren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainhaus-3.miv8soren.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaintrucklinesfm.com	StrelaStealer payload delivery domain (confidence level: 100%)
domaindark-land-7b.dex1lavel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainwww.adrianmiller.co.za	StrelaStealer payload delivery domain (confidence level: 100%)
domainbleu-4.dex1lavel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainpetit-fire-1.dex1lavel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainrouge-9.dex1lavel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainsoft-berg-6p.dex1lavel.in.net	ClearFake payload delivery domain (confidence level: 100%)
domaincomp-os4d.mivonex-serv.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainonli6sp.mivonex-serv.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainhaus-mp.mivonex-serv.in.net	ClearFake payload delivery domain (confidence level: 100%)
domainenfa1p13.mivonex-serv.in.net	ClearFake payload delivery domain (confidence level: 100%)

Url

Value	Description	Copy
urlhttp://sonra.eutialyson.com/inst24.msi	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://pastebin.com/raw/0rmxqy57	Unknown malware botnet C2 (confidence level: 49%)
urlhttps://nuevaprodeciencia.club/br77b/iayjaskyeiagds.php	Unknown malware botnet C2 (confidence level: 49%)
urlhttp://45.77.60.153/%2bu2qpcwlb0teek0y%2bthl1q%3d%3d	GlassWorm payload delivery URL (confidence level: 100%)
urlhttp://217.69.8.40/63rbxcmtbopzhfyuqusnda%3d%3d	GlassWorm payload delivery URL (confidence level: 100%)
urlhttp://45.77.60.153/get_arhive_npm/zi2wmapzcno8ev9qy%2bqqxq%3d%3d	GlassWorm payload delivery URL (confidence level: 100%)
urlhttp://217.69.8.40/get_arhive_npm/jcbp9cvu%2b%2b%2fczotwvxfjbq%3d%3d	GlassWorm payload delivery URL (confidence level: 100%)
urlhttp://45.77.60.153/darwin-universal/s4%2becczupy7jrkr7qbsmng%3d%3d?wallet=trezor	GlassWorm payload delivery URL (confidence level: 100%)
urlhttp://45.77.60.153/darwin-universal/s4%2becczupy7jrkr7qbsmng%3d%3d?wallet=ledger	GlassWorm payload delivery URL (confidence level: 100%)
urlhttp://217.69.8.40/darwin-universal/wjcjmfcy4f4sxngll5o0cq%3d%3d?wallet=trezor	GlassWorm payload delivery URL (confidence level: 100%)
urlhttp://217.69.8.40/darwin-universal/wjcjmfcy4f4sxngll5o0cq%3d%3d?wallet=ledger	GlassWorm payload delivery URL (confidence level: 100%)
urlhttp://45.32.150.251/g/63rbxcmtbopzhfyuqusnda%3d%3d	GlassWorm botnet C2 (confidence level: 100%)
urlhttps://quiglgy.com/file.js	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://quiglgy.com/t	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://quiglgy.com/g	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://quiglgy.com/c	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://zenmetrics-software.com/api/devices/register	Unknown malware botnet C2 (confidence level: 70%)
urlhttps://zenmetrics-software.com/api/ws/monitor/	Unknown malware botnet C2 (confidence level: 70%)
urlhttps://zenmetrics-software.com/api/telegram-loggers/mine	Unknown malware botnet C2 (confidence level: 70%)
urlhttps://windows-telemetry.cc/api/submit	CountLoader botnet C2 (confidence level: 100%)
urlhttps://peafamqe.cyou	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://deepnoxa.com/update.zip	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://deepnoxa.com/q	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://chimefusion.com/u/	Unknown malware botnet C2 (confidence level: 100%)
urlhttps://coca.com.sg/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://nutrionline.club/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://cleanpoweraustralia.com.au/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://congresswcc.com/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://asoandes.org/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://leslieporterfield.com/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://lauricoco.com.br/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://praiahall.com.br/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://loja.lauricoco.com.br/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://sergemoulypeintre.fr/	Vidar payload delivery URL (confidence level: 75%)
urlhttp://24.152.36.241:8080	Unknown malware botnet C2 (confidence level: 49%)
urlhttps://psy.gessoflex.com.br/	Vidar botnet C2 (confidence level: 100%)
urlhttps://wgw.gessoflex.com.br/	Vidar botnet C2 (confidence level: 100%)
urlhttps://ledger.eu.com/ledger-live-desktop.exe	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://gon.gessoflex.com.br/	Vidar botnet C2 (confidence level: 100%)
urlhttps://newyork2026.northamericanskalcongress.com/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://1homeinterior.com/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://joyeles.com.mx/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://legadodistillery.com/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://busy-sunni.digital/script.sh	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://dig-circling.digital/script.sh	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://kakaduthr2sh.digital/script.sh	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://taranta-blow.digital/script.sh	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://openclaws.it.com	Unknown malware payload delivery URL (confidence level: 100%)
urlhttp://91.199.133.178/u/setup.exe	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://doc-docsign.cyou/edocusign.php	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://doc-docsign.cyou/e-sign.php	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://doc-docsign.cyou/download.php	Unknown malware payload delivery URL (confidence level: 100%)
urlhttp://www.viewsession.live/e-sign.php	Unknown malware payload delivery URL (confidence level: 100%)
urlhttp://www.viewsession.live/download.php	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://usoffweb69.top/doc/e-sign.php	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://usoffweb69.top/doc/download.php	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://doc.lauraice.xyz/index.php	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://doc.lauraice.xyz/index.php/update.php	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://doc.lauraice.xyz/update.php	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://doc.lauraice.xyz/process.php	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://jugbphm.click/user	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://www.docusign.my.googlejoininvite.click/edocusign.php	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://www.docusign.my.googlejoininvite.click/e-sign.php	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://www.docusign.my.googlejoininvite.click/download.php	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://meetingisliveatgooglemeett.top/windows/	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://meetingisliveatgooglemeett.top/windows/microsoft-store.php	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://zoomlive.us/windows/invite.php	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://zoomlive.us/windows/zoomworkspace.bat	Unknown malware payload delivery URL (confidence level: 100%)
urlhttp://pixeldrain.com/api/file/tv7mrype	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://zoommcall.com/windows/invite.php	Unknown malware payload delivery URL (confidence level: 100%)
urlhttp://zoommcall.com/windows/microsoft-store.php	Unknown malware payload delivery URL (confidence level: 100%)
urlhttp://zoommcall.com/windows/download.php	Unknown malware payload delivery URL (confidence level: 100%)
urlhttp://zoommcall.com/windows/install-guide.php	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://quickbase-assist.com/windows/statement.php	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://quickbase-assist.com/windows/viewpdf.php	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://quickbase-assist.com/windows/download.php	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://ivangay.bond/cf.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://ivangay.bond/api/index.php	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://ivangay.bond/log.php	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://quilborne.org/file.js	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://quilborne.org/t	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://quilborne.org/g	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://quilborne.org/c	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://connectweb.chat/verify.html	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://connectweb.chat/secure.msi	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://pulsegraph.xyz/t.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://pulsegraph.xyz/ext-b.58316c304236.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://pulsegraph.xyz/ext.0ff2555835d3.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://pulsegraph.xyz/t.188cfd3975db.js	Unknown malware payload delivery URL (confidence level: 100%)

File

Value	Description	Copy
file176.65.139.59	Mirai botnet C2 server (confidence level: 80%)
file144.31.215.205	Unknown malware botnet C2 server (confidence level: 85%)
file198.251.88.136	Unknown malware botnet C2 server (confidence level: 80%)
file176.65.139.141	Mirai botnet C2 server (confidence level: 80%)
file172.67.208.215	Nanocore RAT botnet C2 server (confidence level: 100%)
file172.67.159.51	Nanocore RAT botnet C2 server (confidence level: 100%)
file104.21.9.66	Nanocore RAT botnet C2 server (confidence level: 100%)
file149.12.67.231	Xtreme RAT botnet C2 server (confidence level: 100%)
file119.167.191.229	Xtreme RAT botnet C2 server (confidence level: 100%)
file151.241.88.172	Cobalt Strike botnet C2 server (confidence level: 100%)
file91.92.242.228	Remcos botnet C2 server (confidence level: 75%)
file83.142.209.58	Remcos botnet C2 server (confidence level: 75%)
file173.211.46.145	SectopRAT botnet C2 server (confidence level: 75%)
file124.222.75.188	Cobalt Strike botnet C2 server (confidence level: 100%)
file80.78.30.153	Cobalt Strike botnet C2 server (confidence level: 100%)
file107.189.17.214	Cobalt Strike botnet C2 server (confidence level: 100%)
file8.136.97.98	Cobalt Strike botnet C2 server (confidence level: 100%)
file39.97.233.222	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.94.167.171	Cobalt Strike botnet C2 server (confidence level: 100%)
file206.238.115.191	Ghost RAT botnet C2 server (confidence level: 75%)
file163.61.183.112	Quasar RAT botnet C2 server (confidence level: 75%)
file91.92.241.102	SectopRAT botnet C2 server (confidence level: 75%)
file35.184.9.17	MetaStealer botnet C2 server (confidence level: 75%)
file193.161.193.99	Quasar RAT botnet C2 server (confidence level: 75%)
file156.239.14.132	ValleyRAT botnet C2 server (confidence level: 75%)
file156.239.14.132	ValleyRAT botnet C2 server (confidence level: 75%)
file65.19.178.79	Quasar RAT botnet C2 server (confidence level: 75%)
file87.106.168.15	XWorm botnet C2 server (confidence level: 75%)

Hash

Value	Description	Copy
hash1337	Mirai botnet C2 server (confidence level: 80%)
hash443	Unknown malware botnet C2 server (confidence level: 85%)
hash443	Unknown malware botnet C2 server (confidence level: 80%)
hash1024	Mirai botnet C2 server (confidence level: 80%)
hash0642708ec7c25dec3168f1ab275a29bfd3cf69fe3afc3d5c6eadfa6750102883	Unknown malware payload (confidence level: 100%)
hashd942e9cfc0ca32a3d66ec690090ee22dca74953efed6889fb2292de36f5e39fd	Unknown malware payload (confidence level: 100%)
hash443	Nanocore RAT botnet C2 server (confidence level: 100%)
hash443	Nanocore RAT botnet C2 server (confidence level: 100%)
hash443	Nanocore RAT botnet C2 server (confidence level: 100%)
hash139	Xtreme RAT botnet C2 server (confidence level: 100%)
hash10001	Xtreme RAT botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Remcos botnet C2 server (confidence level: 75%)
hash8081	Remcos botnet C2 server (confidence level: 75%)
hash9000	SectopRAT botnet C2 server (confidence level: 75%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8081	Cobalt Strike botnet C2 server (confidence level: 100%)
hash7777	Cobalt Strike botnet C2 server (confidence level: 100%)
hash7777	Cobalt Strike botnet C2 server (confidence level: 100%)
hash10086	Ghost RAT botnet C2 server (confidence level: 75%)
hash9999	Quasar RAT botnet C2 server (confidence level: 75%)
hash443	SectopRAT botnet C2 server (confidence level: 75%)
hash443	MetaStealer botnet C2 server (confidence level: 75%)
hash51453	Quasar RAT botnet C2 server (confidence level: 75%)
hash6667	ValleyRAT botnet C2 server (confidence level: 75%)
hash6668	ValleyRAT botnet C2 server (confidence level: 75%)
hash4782	Quasar RAT botnet C2 server (confidence level: 75%)
hash7004	XWorm botnet C2 server (confidence level: 75%)

Threat ID: 69ed56e387115cfb6859f41c

Added to database: 4/26/2026, 12:05:55 AM

Last enriched: 4/26/2026, 12:06:00 AM

Last updated: 4/26/2026, 8:14:13 AM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited

View courses

ThreatFox IOCs for 2026-04-25

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

ThreatFox IOCs for 2026-04-25

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Technical Details

Indicators of Compromise

Domain

Url

File

Hash

Community Reviews

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility

ThreatFox IOCs for 2026-04-25

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

ThreatFox IOCs for 2026-04-25

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Technical Details

Indicators of Compromise

Domain

Url

File

Hash

Community Reviews

Related Threats

Maltrail IOC for 2026-04-25

Maltrail IOC for 2026-04-24

ThreatFox IOCs for 2026-04-24

US Federal Agency’s Cisco Firewall Infected With ‘Firestarter’ Backdoor

DinDoor Backdoor: Deno Runtime Abuse and 20 Active C2 Servers

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility