Reconnecting to live updates…

ThreatFox IOCs for 2026-04-29

Severity: mediumType: malware

AI Analysis

Technical Summary

The data represents a collection of malware-related IOCs published on 2026-04-29 by ThreatFox, an OSINT source. It is classified as malware with a medium severity level and involves payload delivery and network activity. No specific software versions are affected, and no known exploits or patches exist. The technical details show moderate threat and distribution levels but limited analysis depth. This information is primarily for situational awareness and threat intelligence enrichment rather than immediate incident response.

Potential Impact

The impact is currently limited due to the absence of known exploits in the wild and lack of affected product versions. The medium severity suggests potential risk if these IOCs are leveraged in attacks, but no direct exploitation or damage is documented in the provided data.

Mitigation Recommendations

No patches or official fixes are available for this threat. Since it is an OSINT feed providing IOCs, organizations should integrate these indicators into their detection and monitoring systems as appropriate. No urgent remediation actions are indicated based on the current information.

Indicators of Compromise

domain: prism6hostunit.quartzprismcloud.garden
domain: flintpathgate.quartzprismcloud.garden
url: https://barsows.com/file.js
domain: barsows.com
url: https://barsows.com/t
url: https://barsows.com/g
url: https://barsows.com/c
domain: drift2logicnet.tundraflowunit.garden
domain: frosthostbase.tundraflowunit.garden
domain: galesync7zone.tundraflowunit.garden
domain: iron9siteview.basaltlogicnode.garden
domain: screenly.cam
domain: xtrafftrck.net
file: 70.34.205.43
hash: 443
hash: 45c8cbaeb5c7708e7b8030e701747c65203958e82eddc41f39e0ca93bd36c114
hash: 2b8d4f042daf703b7f152d146bfc892500f436279b0d1866995735998f267af0
hash: d2e1ab10d5a0c16a724aeda8acb46b38f551ade58137969c3bc3c9cdc0a12425
hash: 75961f1208581c5154324ebe12f01673248374f3aa67317fe79a06fcd2fb9da5
hash: b450e893aafd94f2a81e2b70047e6d2faf20cf4056d39cfc17b69ee78912f8b2
hash: 10d1c6165f86237950eaff9c19e87eaa3eb5045afedcc7e4db5ba1188e3911fe
hash: ba041a2dcf88f9ba5e4f9dd0f6e39679f394e6b1d97c6ee765bace9dad247317
hash: 0ea172359ddfe89be701d8f80acb4f179ca56af2a214a46a2843367e7b05aa16
hash: b7b9d77c527e8c2588bfd5bcc573167bb6e83b68250b009aaa68dcd3ed0a21de
url: https://screenly.cam/s/f38c71
url: https://screenly.cam/s/14867a
url: https://screenly.cam/s/f5888f
url: https://screenly.cam/s/048688
url: https://screenly.cam/s/430d52
url: https://screenly.cam/s/c13673
url: https://screenly.cam/s/bb1452
url: https://screenly.cam/s/b6e159
url: https://screenly.cam/s/d240b0
url: https://screenly.cam/s/bb358d
url: https://screenly.cam/s/78188a
url: https://screenly.cam/s/ce1620
url: https://xtrafftrck.net/files/updater.ocx
domain: solidpathlink.basaltlogicnode.garden
domain: sand6tasksys.canyonsyncgate.garden
domain: aridlogicnode.canyonsyncgate.garden
file: 172.235.163.133
hash: 25001
file: 172.235.163.86
hash: 25001
file: 172.235.163.98
hash: 25001
file: 172.235.163.113
hash: 25001
file: 172.235.163.71
hash: 25001
file: 172.235.163.127
hash: 25001
domain: edgehostunit.vertexurbanhub.garden
file: 172.235.163.114
hash: 25001
file: 172.235.163.83
hash: 25001
file: 172.235.163.122
hash: 25001
file: 172.235.163.102
hash: 25001
domain: wave4zoneyview.oceanicmeshbit.garden
domain: tall5logicnet.pylonstaticnet.garden
domain: pure8siteview.marblewavebase.garden
file: 176.65.139.152
hash: 7716
domain: sifthostunit.silicapathsys.garden
domain: old3logicgate.fossilcryptoweb.garden
domain: bone7taskhub.fossilcryptoweb.garden
domain: hardhostunit.fossilcryptoweb.garden
url: https://spesiarecruitment.job-bank.co.uk/
url: https://upsetamerican.com/
url: https://andlaw.vn/
url: https://chart.infoik.com/
url: https://fotovoltaicapolaris.com/
url: https://jenishchamling.com/
url: https://mobilemarketco.online/
url: https://old.franchise.anemoneindonesia.com/
url: https://peachtreecapitalllc.com/
url: https://rockwoodepoxy.com/
url: https://scoreboardd.com/
url: https://swallowinternational.com/
url: https://trianglepaintinganddrywallllc.com/
url: https://banglachannel.net/
url: https://residence.co.il/
url: https://globalrvsales.com.au/
url: https://ecombustibil.ro/
domain: past4pathgate.fossilcryptoweb.garden
domain: clay8siteview.fossilcryptoweb.garden
domain: proxyblue8wave.nebulafluxbase.garden
domain: smartmeshpath.nebulafluxbase.garden
file: 104.248.85.23
hash: 25001
file: 142.93.143.216
hash: 25001
file: 64.225.66.108
hash: 25001
domain: clear3logicgate.nebulafluxbase.garden
domain: hostunit9site.nebulafluxbase.garden
domain: boldfluxsync.nebulafluxbase.garden
domain: trendnodeview.nebulafluxbase.garden
domain: apex7stormweb.vectorstarcity.garden
domain: neogatewayhub.vectorstarcity.garden
domain: wild2pathbase.vectorstarcity.garden
domain: grand6nodeunit.vectorstarcity.garden
domain: hgn.trbombom.com
url: https://hgn.trbombom.com/
domain: hgn.jornaltribunadearaxa.com.br
url: https://hgn.jornaltribunadearaxa.com.br/
domain: freetasklink.vectorstarcity.garden
domain: coolmeshbit5.vectorstarcity.garden
domain: stellarbit4sys.marinergridhub.garden
domain: vastlogicnode.marinergridhub.garden
domain: radiantpath9.marinergridhub.garden
url: https://purplefeetwines.monster
file: 91.92.243.111
hash: 8041
url: https://sites.google.com/view/brewpage
domain: smartmesh1unit.marinergridhub.garden
domain: urbanhostgate.marinergridhub.garden
domain: blue3zonepath.marinergridhub.garden
domain: gravitflux2box.titanmeshflow.garden
domain: solarpointnet.titanmeshflow.garden
domain: lunarwaveunit.titanmeshflow.garden
url: https://macosforguide.gitlab.io/crw/
domain: tempohost8link.titanmeshflow.garden
domain: macro6siteview.titanmeshflow.garden
domain: atlasgrid4flow.titanmeshflow.garden
domain: frost9taskunit.pulsarlogicnet.garden
domain: embermeshnode.pulsarlogicnet.garden
domain: iron5logicway.pulsarlogicnet.garden
domain: puresyncbase1.pulsarlogicnet.garden
domain: deltahostgate.pulsarlogicnet.garden
domain: rapid8wavenet.pulsarlogicnet.garden
domain: silicon7point.zenithdockunit.garden
domain: carbonmeshnode.zenithdockunit.garden
domain: neon2logicgate.zenithdockunit.garden
domain: goldunitpath5.zenithdockunit.garden
domain: zincflowbase.zenithdockunit.garden
domain: lead4tasksys.zenithdockunit.garden
domain: vector3sitehub.cobaltpathsys.garden
domain: matrix6pathway.cobaltpathsys.garden
domain: linehostunit1.cobaltpathsys.garden
file: 176.65.139.59
hash: 3000
domain: scalezoneyview.cobaltpathsys.garden
domain: planemeshlogic.cobaltpathsys.garden
domain: point8fluxsys.cobaltpathsys.garden
domain: quant9wavegate.ferrumgateweb.garden
domain: orbitmeshpath.ferrumgateweb.garden
domain: atom2logicnet.ferrumgateweb.garden
domain: corehostunit5.ferrumgateweb.garden
domain: myremnew.duckdns.org
domain: newupdaterem.duckdns.org
domain: pulse8sitebox.ferrumgateweb.garden
domain: staticflowsys.ferrumgateweb.garden
domain: blablatst12345.net
url: http://45.151.91.187/pa.php
domain: sad4w7h913-b4a57f9c36eb.herokuapp.com
url: wss://sad4w7h913-b4a57f9c36eb.herokuapp.com:443/ws
file: 86.54.24.26
hash: 4433
file: 156.245.147.101
hash: 9010
file: 46.137.196.122
hash: 443
domain: sonic4wavehub.astrolinkview.garden
file: 170.75.170.59
hash: 443
file: 170.75.162.74
hash: 443
domain: nsserdns.beer
file: 206.166.251.249
hash: 1604
url: https://nsserdns.beer/api/css.js
domain: nsbdnscloud.beer
url: https://nsbdnscloud.beer/api/css.js
domain: claudesave.beer
file: 94.156.155.42
hash: 80
url: https://claudesave.beer/api/css.js
file: 151.246.238.186
hash: 9000
file: 185.158.250.188
hash: 80
file: 31.57.38.106
hash: 443
file: 31.56.209.119
hash: 443
file: 154.41.194.67
hash: 6379
domain: audiomeshbase.astrolinkview.garden
domain: tonelogicgate7.astrolinkview.garden
url: http://172.86.116.178:5918
url: http://redlandcpu.mywire.org:8000/is-ready
file: 48.220.32.238
hash: 1177
domain: freq6taskunit.astrolinkview.garden
url: http://a1161272.xsph.ru/2d54b470.php
url: http://62.109.20.226/secureauthwindowsflower.php
file: 193.181.46.11
hash: 8000
domain: almendrawinery.com
domain: www.m88sut.com
domain: pitchzoneyview.astrolinkview.garden
file: 8.136.155.237
hash: 80
file: 47.122.147.35
hash: 80
domain: echo2pathnode.astrolinkview.garden
domain: trendscan8meta.kinetichostbit.garden
domain: shieldpurelink.kinetichostbit.garden
domain: bright3nodeview.kinetichostbit.garden
domain: proxyfastzone.kinetichostbit.garden
domain: deepcloud9base.kinetichostbit.garden
domain: signalwestport.kinetichostbit.garden
domain: photonstage.verd1ya.garden
domain: lumfluxor.verd1ya.garden
domain: taldraa.verd1ya.garden
domain: slowprim.verd1ya.garden
domain: 1aun0-zone.verd1ya.garden
domain: yqql69g.grove5s.garden
domain: r1dge2-stream.grove5s.garden
domain: ser-venet.grove5s.garden
domain: scan.aquasecurtiy.org
domain: soltide9is.grove5s.garden
url: https://mpla-clo.cc
url: https://cloback.icu
domain: vkl2j.grove5s.garden
file: 79.124.59.142
hash: 80
domain: loose-mesh.grove5s.garden
domain: zenforgeos3.peta1un.garden
domain: lum-forgeal.peta1un.garden
domain: vdlk32.peta1un.garden
url: https://ip-address-check-mo.vercel.app/api/settings/linux
url: https://ip-address-check-mo.vercel.app/api/settings/mac
url: https://ip-address-check-mo.vercel.app/api/settings/windows
domain: vscode-address-checking-mo.vercel.app
domain: ip-address-check1.vercel.app.vercel.app
domain: iclu.peta1un.garden
domain: vscode-ip-checking-nine.vercel.app
domain: ip-address-vscode-checking.vercel.app
domain: vscode-ipaddress-checking-nine.vercel.app
domain: vscode-ipaddress-checking.vercel.app
domain: vscode-ip-address-checking-ten.vercel.app
domain: vscode-ip-address-checking.vercel-ten.app
domain: vscode-ip-address-checking.vercel.app
domain: vscode-ip-addess-checking.vercel.app
domain: vscode-settings-tasks-227.vercel.app
domain: vscode-ipchecking.vercel.app
domain: vscode-settings-tasks-json.vercel.app
domain: vscodesetting-task.vercel.app
domain: vscodesettingtask.vercel.app
domain: ip-address-check-mo.vercel.app
hash: 5cb088f8471cad861d18e64c9cf2b692236813e982fb04ab9283f4cf7b5ee11f
hash: 5c11e97aaa968cd1d654512f473a26fa7387cb1a2f5a0cb17a96175e28fd6359
hash: 1c1f3fcd2a0dde248f4d4060a2b1067e46377ab192a09c02a4f6a798a273ad1d
hash: 5dd771ee7565f3bc7b66af82102a9408caca6039794807fc52bd2b671bae4e8c
hash: 8a9f86b08e4ebca7c627ef45a9fbc98a25565e3dd581218800a9e1db4a89264b
hash: d8ef1fc9bc5a8eb55d1e34ea48ffc221d8f6e8c29b712c3dbf1e4e6dde43fe23
hash: b8dd2e60a096daff498d77c01f24b7760e2b23385089f02759b8fa6c5be371e5
hash: 773ece9712b6b329273710fe39df5847cc2537c2ce22ae291c9de995ce0c1a84
hash: 363b03a66ccf5d6f8e1632ee33dd37d6e8c4998ac00c8b7d60edcfb6b1dac505
hash: a5ddfa8f2127e6f89278d7bff4cc7dec5249b284a2b9512406bdd265a4ab75ca
hash: 5f70dd06715b95b3bedacd06a37e051611901e56246af05fa3ed9f734082de43
hash: a7cd162c691ad71a4c0c5955765d8f7a60d8b7b9a92b277b1ae74b280644cdf8
hash: ceff282f32aae9ce3dea6a9b00212e6de90669646180cb5e5bb6bf5353527bbd
hash: 22d5d04000915603c7f144fde8e31b451fb814588b5f18bb4840c8ddf14793f3
hash: 9d777720bafc548807a94ae67489baf2342c78fcb3d469032523ea2f94973d54
domain: rivspectr.peta1un.garden
file: 47.109.20.107
hash: 80
domain: y-hazel-ten.vercel.app
url: https://y-hazel-ten.vercel.app/api
hash: cc9e443872d99b07e4bf5f6baa6144fbe0fd24bc610e58340d9b8c755df17fce
hash: b6987d7732888b73a836c7320fbdc0c0fe5d1238584be66f68371481dc3667ab
domain: xeft5.peta1un.garden
domain: mar.yutikeyu.com
url: https://mar.yutikeyu.com/
domain: mar.nossamidia.net.br
url: https://mar.nossamidia.net.br/
domain: cargovolt.so1aver.garden
domain: iuizmq.so1aver.garden
domain: falconext.so1aver.garden
domain: icq8nz9.so1aver.garden
domain: 5ort-line.so1aver.garden
domain: oasis5-well.so1aver.garden
domain: mercore0or.mistbr1a.garden
domain: fa9n.mistbr1a.garden
domain: shieldnoble.mistbr1a.garden
domain: geo-br4nch.mistbr1a.garden
domain: 307clahr.mistbr1a.garden
url: https://rapidlogiclab.top/trace/principal-core.php
domain: rapidlogiclab.top
url: https://rapidlogiclab.top/trace/rate-core.js
url: https://truenexor.com/document
domain: truenexor.com
domain: trad3-hinge.mistbr1a.garden
url: https://logicallinks.ca/
domain: yluumg.lunave5.garden
domain: wu97b.lunave5.garden
domain: igsh.lunave5.garden
domain: arkven3ix.lunave5.garden
domain: tr4il7-watch.lunave5.garden
domain: update.updatemicfosoft.com
domain: theoryviraleliminate.com
domain: monkey.kyun.li
domain: codeinecrazy.xyz
domain: cherrymixtureinstrument.com
domain: lummeshet3.lunave5.garden
domain: cinemscript.th0rniva.garden
domain: barkhidden.th0rniva.garden
domain: tyvvpe4.th0rniva.garden
domain: dyn-lithum.th0rniva.garden
url: https://morfometal.gr/
domain: 3jf88h.th0rniva.garden
domain: sample9-field.th0rniva.garden
domain: cheeshoumreciple.com
domain: brionter.com
url: https://brionter.com/4ba0af68-0037-5f6e-afd1-64f89fc0f554/loc1
url: https://brionter.com/4ba0af68-0037-5f6e-afd1-64f89fc0f554/v1
hash: a9d46f61cf10a1fa83560bd68b077bbc1a149bfc6aad7a237b5d2244a7240c02
hash: b0c9c8c3a10b966873e8cb54b9aa07d0c0e07520b6cf2f23ed790a6eb4c0ea45
domain: eds122il.ve1ori.garden
domain: ycgyxlt2.ve1ori.garden
domain: socia-dri.ve1ori.garden
domain: qhyo.ve1ori.garden
domain: dynfluxon5.ve1ori.garden
domain: sercrestar.ve1ori.garden
domain: vordraon9.g1enmor.garden
url: https://kovkcek.com/file.js
domain: kovkcek.com
url: https://kovkcek.com/t
url: https://kovkcek.com/g
url: https://kovkcek.com/c
url: https://rs2y15sungu.com/d
domain: rs2y15sungu.com
domain: pilot-brave.g1enmor.garden
domain: meadow-cast.g1enmor.garden
domain: juvobd.g1enmor.garden
domain: extractquant.g1enmor.garden
file: 117.50.71.2
hash: 6666
domain: cedspoo.g1enmor.garden
domain: microsoftcdn.accesscam.org
file: 100.113.210.8
hash: 8081
file: 156.245.147.98
hash: 9010
file: 217.154.212.25
hash: 8081
file: 46.137.196.122
hash: 8000
file: 82.156.62.131
hash: 80
domain: mujqm85.glen4mora.garden
domain: ee1ewv3.glen4mora.garden
file: 45.9.168.219
hash: 2404
domain: 3u02msh.glen4mora.garden
domain: wtn.yutikeyu.com
url: https://wtn.yutikeyu.com/
domain: wtn.nossamidia.net.br
url: https://wtn.nossamidia.net.br/
domain: zr4ipb.glen4mora.garden
domain: calm-bir.glen4mora.garden
domain: gate1-forge.ve7loria.garden
file: 103.140.238.45
hash: 31337
file: 152.53.103.201
hash: 31337
url: https://labo.univ-msila.dz/
domain: nor-tideum.ve7loria.garden
domain: dynvenet7.ve7loria.garden
domain: equ1t-spark.ve7loria.garden
domain: sharpnoti.ve7loria.garden
domain: xqjrhdwm.thorni2va.garden
domain: glac-vector.thorni2va.garden
domain: glowmedaesthetics.com
domain: fuq05rzs.little-spoken.digital
domain: xh2vawpt.little-spoken.digital
domain: insigh-pro.thorni2va.garden
domain: o3fs4mi0.little-spoken.digital
domain: seering5outh.digital
domain: jh27i1hs.seering5outh.digital
domain: dynmesh5or.thorni2va.garden
domain: zcvxwp.thorni2va.garden
domain: nggau.lunav8era.garden
domain: z3ebwqw0.seering5outh.digital
domain: w674qftb.seering5outh.digital
url: https://green-buildingsrl.it/
url: https://seabelleyachtservices.com/
domain: arkmarkar2.lunav8era.garden
domain: neo-tr3nd.lunav8era.garden
domain: sub-l1ght.lunav8era.garden
domain: 16z4okne.seering5outh.digital
domain: h6gmmo5g.seering5outh.digital
domain: lxkedtm4.lunav8era.garden
domain: velcrest2en.mist3briar.garden
domain: serlithos.mist3briar.garden
domain: vel-valeis.mist3briar.garden
domain: lwmbun.mist3briar.garden
domain: 0njmhe52.mist3briar.garden
domain: banner-stack.so6lavern.garden
domain: bundlfilter.so6lavern.garden
url: https://springvc.cyou
domain: urbandeep.so6lavern.garden
domain: dyncorear.so6lavern.garden
domain: fj0r8-chain.so6lavern.garden
domain: meta-rnass1v.petalu1ne.garden
domain: hqyqbe.petalu1ne.garden
domain: mnt.yutikeyu.com
url: https://mnt.yutikeyu.com/
domain: mnt.nossamidia.net.br
url: https://mnt.nossamidia.net.br/
domain: ultra-rnetr1.petalu1ne.garden
domain: zen-coreet.petalu1ne.garden
domain: microbeforest.petalu1ne.garden
domain: out13-stream.grov9essa.garden
domain: vupvuar8.grov9essa.garden
domain: 9takl.grov9essa.garden
domain: vine-lab.flo5renth.garden
domain: l6ms.flo5renth.garden
domain: image-hold.flo5renth.garden
domain: frameworkjsbns.beer
domain: cliff2-vault.verda7lya.garden
domain: hyper-fund.verda7lya.garden
domain: vtc3eae.verda7lya.garden
file: 104.168.70.158
hash: 2404
file: 104.168.70.158
hash: 5000
domain: odds8logicnet.dra7vexa.bet
domain: riskmeshnode.dra7vexa.bet
url: https://nig.nossamidia.net.br/
domain: nig.nossamidia.net.br
domain: cardhostunit.dra7vexa.bet
domain: deck5pathgate.dra7vexa.bet
domain: luck9siteview.dra7vexa.bet
url: https://yutikeyu.com/
domain: ogicway.lo4miren.bet
domain: dealmeshsite.lo4miren.bet
domain: fold7taskhub.lo4miren.bet
domain: bankhostunit.lo4miren.bet
domain: ante4pathgate.lo4miren.bet
domain: rollmeshnode.thora9xel.bet
domain: face2taskhub.thora9xel.bet
domain: edgehostunit.thora9xel.bet
domain: drop9siteview.thora9xel.bet
domain: voidmeshsite.niva2ron.bet
domain: null7taskhub.niva2ron.bet
domain: free3pathgate.niva2ron.bet
url: https://financialexpress.com.au/
domain: open8siteview.niva2ron.bet
domain: game5logicnet.mist5qora.bet
domain: playmeshnode.mist5qora.bet
domain: lasthostunit.mist5qora.bet
domain: fast7siteview.mist5qora.bet
domain: rank3logicway.so8laven.bet

ThreatFox IOCs for 2026-04-29

Severity: medium

Type: malware

ThreatFox IOCs for 2026-04-29

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

domain: prism6hostunit.quartzprismcloud.garden
domain: flintpathgate.quartzprismcloud.garden
url: https://barsows.com/file.js
domain: barsows.com
url: https://barsows.com/t
url: https://barsows.com/g
url: https://barsows.com/c
domain: drift2logicnet.tundraflowunit.garden
domain: frosthostbase.tundraflowunit.garden
domain: galesync7zone.tundraflowunit.garden
domain: iron9siteview.basaltlogicnode.garden
domain: screenly.cam
domain: xtrafftrck.net
file: 70.34.205.43
hash: 443
hash: 45c8cbaeb5c7708e7b8030e701747c65203958e82eddc41f39e0ca93bd36c114
hash: 2b8d4f042daf703b7f152d146bfc892500f436279b0d1866995735998f267af0
hash: d2e1ab10d5a0c16a724aeda8acb46b38f551ade58137969c3bc3c9cdc0a12425
hash: 75961f1208581c5154324ebe12f01673248374f3aa67317fe79a06fcd2fb9da5
hash: b450e893aafd94f2a81e2b70047e6d2faf20cf4056d39cfc17b69ee78912f8b2
hash: 10d1c6165f86237950eaff9c19e87eaa3eb5045afedcc7e4db5ba1188e3911fe
hash: ba041a2dcf88f9ba5e4f9dd0f6e39679f394e6b1d97c6ee765bace9dad247317
hash: 0ea172359ddfe89be701d8f80acb4f179ca56af2a214a46a2843367e7b05aa16
hash: b7b9d77c527e8c2588bfd5bcc573167bb6e83b68250b009aaa68dcd3ed0a21de
url: https://screenly.cam/s/f38c71
url: https://screenly.cam/s/14867a
url: https://screenly.cam/s/f5888f
url: https://screenly.cam/s/048688
url: https://screenly.cam/s/430d52
url: https://screenly.cam/s/c13673
url: https://screenly.cam/s/bb1452
url: https://screenly.cam/s/b6e159
url: https://screenly.cam/s/d240b0
url: https://screenly.cam/s/bb358d
url: https://screenly.cam/s/78188a
url: https://screenly.cam/s/ce1620
url: https://xtrafftrck.net/files/updater.ocx
domain: solidpathlink.basaltlogicnode.garden
domain: sand6tasksys.canyonsyncgate.garden
domain: aridlogicnode.canyonsyncgate.garden
file: 172.235.163.133
hash: 25001
file: 172.235.163.86
hash: 25001
file: 172.235.163.98
hash: 25001
file: 172.235.163.113
hash: 25001
file: 172.235.163.71
hash: 25001
file: 172.235.163.127
hash: 25001
domain: edgehostunit.vertexurbanhub.garden
file: 172.235.163.114
hash: 25001
file: 172.235.163.83
hash: 25001
file: 172.235.163.122
hash: 25001
file: 172.235.163.102
hash: 25001
domain: wave4zoneyview.oceanicmeshbit.garden
domain: tall5logicnet.pylonstaticnet.garden
domain: pure8siteview.marblewavebase.garden
file: 176.65.139.152
hash: 7716
domain: sifthostunit.silicapathsys.garden
domain: old3logicgate.fossilcryptoweb.garden
domain: bone7taskhub.fossilcryptoweb.garden
domain: hardhostunit.fossilcryptoweb.garden
url: https://spesiarecruitment.job-bank.co.uk/
url: https://upsetamerican.com/
url: https://andlaw.vn/
url: https://chart.infoik.com/
url: https://fotovoltaicapolaris.com/
url: https://jenishchamling.com/
url: https://mobilemarketco.online/
url: https://old.franchise.anemoneindonesia.com/
url: https://peachtreecapitalllc.com/
url: https://rockwoodepoxy.com/
url: https://scoreboardd.com/
url: https://swallowinternational.com/
url: https://trianglepaintinganddrywallllc.com/
url: https://banglachannel.net/
url: https://residence.co.il/
url: https://globalrvsales.com.au/
url: https://ecombustibil.ro/
domain: past4pathgate.fossilcryptoweb.garden
domain: clay8siteview.fossilcryptoweb.garden
domain: proxyblue8wave.nebulafluxbase.garden
domain: smartmeshpath.nebulafluxbase.garden
file: 104.248.85.23
hash: 25001
file: 142.93.143.216
hash: 25001
file: 64.225.66.108
hash: 25001
domain: clear3logicgate.nebulafluxbase.garden
domain: hostunit9site.nebulafluxbase.garden
domain: boldfluxsync.nebulafluxbase.garden
domain: trendnodeview.nebulafluxbase.garden
domain: apex7stormweb.vectorstarcity.garden
domain: neogatewayhub.vectorstarcity.garden
domain: wild2pathbase.vectorstarcity.garden
domain: grand6nodeunit.vectorstarcity.garden
domain: hgn.trbombom.com
url: https://hgn.trbombom.com/
domain: hgn.jornaltribunadearaxa.com.br
url: https://hgn.jornaltribunadearaxa.com.br/
domain: freetasklink.vectorstarcity.garden
domain: coolmeshbit5.vectorstarcity.garden
domain: stellarbit4sys.marinergridhub.garden
domain: vastlogicnode.marinergridhub.garden
domain: radiantpath9.marinergridhub.garden
url: https://purplefeetwines.monster
file: 91.92.243.111
hash: 8041
url: https://sites.google.com/view/brewpage
domain: smartmesh1unit.marinergridhub.garden
domain: urbanhostgate.marinergridhub.garden
domain: blue3zonepath.marinergridhub.garden
domain: gravitflux2box.titanmeshflow.garden
domain: solarpointnet.titanmeshflow.garden
domain: lunarwaveunit.titanmeshflow.garden
url: https://macosforguide.gitlab.io/crw/
domain: tempohost8link.titanmeshflow.garden
domain: macro6siteview.titanmeshflow.garden
domain: atlasgrid4flow.titanmeshflow.garden
domain: frost9taskunit.pulsarlogicnet.garden
domain: embermeshnode.pulsarlogicnet.garden
domain: iron5logicway.pulsarlogicnet.garden
domain: puresyncbase1.pulsarlogicnet.garden
domain: deltahostgate.pulsarlogicnet.garden
domain: rapid8wavenet.pulsarlogicnet.garden
domain: silicon7point.zenithdockunit.garden
domain: carbonmeshnode.zenithdockunit.garden
domain: neon2logicgate.zenithdockunit.garden
domain: goldunitpath5.zenithdockunit.garden
domain: zincflowbase.zenithdockunit.garden
domain: lead4tasksys.zenithdockunit.garden
domain: vector3sitehub.cobaltpathsys.garden
domain: matrix6pathway.cobaltpathsys.garden
domain: linehostunit1.cobaltpathsys.garden
file: 176.65.139.59
hash: 3000
domain: scalezoneyview.cobaltpathsys.garden
domain: planemeshlogic.cobaltpathsys.garden
domain: point8fluxsys.cobaltpathsys.garden
domain: quant9wavegate.ferrumgateweb.garden
domain: orbitmeshpath.ferrumgateweb.garden
domain: atom2logicnet.ferrumgateweb.garden
domain: corehostunit5.ferrumgateweb.garden
domain: myremnew.duckdns.org
domain: newupdaterem.duckdns.org
domain: pulse8sitebox.ferrumgateweb.garden
domain: staticflowsys.ferrumgateweb.garden
domain: blablatst12345.net
url: http://45.151.91.187/pa.php
domain: sad4w7h913-b4a57f9c36eb.herokuapp.com
url: wss://sad4w7h913-b4a57f9c36eb.herokuapp.com:443/ws
file: 86.54.24.26
hash: 4433
file: 156.245.147.101
hash: 9010
file: 46.137.196.122
hash: 443
domain: sonic4wavehub.astrolinkview.garden
file: 170.75.170.59
hash: 443
file: 170.75.162.74
hash: 443
domain: nsserdns.beer
file: 206.166.251.249
hash: 1604
url: https://nsserdns.beer/api/css.js
domain: nsbdnscloud.beer
url: https://nsbdnscloud.beer/api/css.js
domain: claudesave.beer
file: 94.156.155.42
hash: 80
url: https://claudesave.beer/api/css.js
file: 151.246.238.186
hash: 9000
file: 185.158.250.188
hash: 80
file: 31.57.38.106
hash: 443
file: 31.56.209.119
hash: 443
file: 154.41.194.67
hash: 6379
domain: audiomeshbase.astrolinkview.garden
domain: tonelogicgate7.astrolinkview.garden
url: http://172.86.116.178:5918
url: http://redlandcpu.mywire.org:8000/is-ready
file: 48.220.32.238
hash: 1177
domain: freq6taskunit.astrolinkview.garden
url: http://a1161272.xsph.ru/2d54b470.php
url: http://62.109.20.226/secureauthwindowsflower.php
file: 193.181.46.11
hash: 8000
domain: almendrawinery.com
domain: www.m88sut.com
domain: pitchzoneyview.astrolinkview.garden
file: 8.136.155.237
hash: 80
file: 47.122.147.35
hash: 80
domain: echo2pathnode.astrolinkview.garden
domain: trendscan8meta.kinetichostbit.garden
domain: shieldpurelink.kinetichostbit.garden
domain: bright3nodeview.kinetichostbit.garden
domain: proxyfastzone.kinetichostbit.garden
domain: deepcloud9base.kinetichostbit.garden
domain: signalwestport.kinetichostbit.garden
domain: photonstage.verd1ya.garden
domain: lumfluxor.verd1ya.garden
domain: taldraa.verd1ya.garden
domain: slowprim.verd1ya.garden
domain: 1aun0-zone.verd1ya.garden
domain: yqql69g.grove5s.garden
domain: r1dge2-stream.grove5s.garden
domain: ser-venet.grove5s.garden
domain: scan.aquasecurtiy.org
domain: soltide9is.grove5s.garden
url: https://mpla-clo.cc
url: https://cloback.icu
domain: vkl2j.grove5s.garden
file: 79.124.59.142
hash: 80
domain: loose-mesh.grove5s.garden
domain: zenforgeos3.peta1un.garden
domain: lum-forgeal.peta1un.garden
domain: vdlk32.peta1un.garden
url: https://ip-address-check-mo.vercel.app/api/settings/linux
url: https://ip-address-check-mo.vercel.app/api/settings/mac
url: https://ip-address-check-mo.vercel.app/api/settings/windows
domain: vscode-address-checking-mo.vercel.app
domain: ip-address-check1.vercel.app.vercel.app
domain: iclu.peta1un.garden
domain: vscode-ip-checking-nine.vercel.app
domain: ip-address-vscode-checking.vercel.app
domain: vscode-ipaddress-checking-nine.vercel.app
domain: vscode-ipaddress-checking.vercel.app
domain: vscode-ip-address-checking-ten.vercel.app
domain: vscode-ip-address-checking.vercel-ten.app
domain: vscode-ip-address-checking.vercel.app
domain: vscode-ip-addess-checking.vercel.app
domain: vscode-settings-tasks-227.vercel.app
domain: vscode-ipchecking.vercel.app
domain: vscode-settings-tasks-json.vercel.app
domain: vscodesetting-task.vercel.app
domain: vscodesettingtask.vercel.app
domain: ip-address-check-mo.vercel.app
hash: 5cb088f8471cad861d18e64c9cf2b692236813e982fb04ab9283f4cf7b5ee11f
hash: 5c11e97aaa968cd1d654512f473a26fa7387cb1a2f5a0cb17a96175e28fd6359
hash: 1c1f3fcd2a0dde248f4d4060a2b1067e46377ab192a09c02a4f6a798a273ad1d
hash: 5dd771ee7565f3bc7b66af82102a9408caca6039794807fc52bd2b671bae4e8c
hash: 8a9f86b08e4ebca7c627ef45a9fbc98a25565e3dd581218800a9e1db4a89264b
hash: d8ef1fc9bc5a8eb55d1e34ea48ffc221d8f6e8c29b712c3dbf1e4e6dde43fe23
hash: b8dd2e60a096daff498d77c01f24b7760e2b23385089f02759b8fa6c5be371e5
hash: 773ece9712b6b329273710fe39df5847cc2537c2ce22ae291c9de995ce0c1a84
hash: 363b03a66ccf5d6f8e1632ee33dd37d6e8c4998ac00c8b7d60edcfb6b1dac505
hash: a5ddfa8f2127e6f89278d7bff4cc7dec5249b284a2b9512406bdd265a4ab75ca
hash: 5f70dd06715b95b3bedacd06a37e051611901e56246af05fa3ed9f734082de43
hash: a7cd162c691ad71a4c0c5955765d8f7a60d8b7b9a92b277b1ae74b280644cdf8
hash: ceff282f32aae9ce3dea6a9b00212e6de90669646180cb5e5bb6bf5353527bbd
hash: 22d5d04000915603c7f144fde8e31b451fb814588b5f18bb4840c8ddf14793f3
hash: 9d777720bafc548807a94ae67489baf2342c78fcb3d469032523ea2f94973d54
domain: rivspectr.peta1un.garden
file: 47.109.20.107
hash: 80
domain: y-hazel-ten.vercel.app
url: https://y-hazel-ten.vercel.app/api
hash: cc9e443872d99b07e4bf5f6baa6144fbe0fd24bc610e58340d9b8c755df17fce
hash: b6987d7732888b73a836c7320fbdc0c0fe5d1238584be66f68371481dc3667ab
domain: xeft5.peta1un.garden
domain: mar.yutikeyu.com
url: https://mar.yutikeyu.com/
domain: mar.nossamidia.net.br
url: https://mar.nossamidia.net.br/
domain: cargovolt.so1aver.garden
domain: iuizmq.so1aver.garden
domain: falconext.so1aver.garden
domain: icq8nz9.so1aver.garden
domain: 5ort-line.so1aver.garden
domain: oasis5-well.so1aver.garden
domain: mercore0or.mistbr1a.garden
domain: fa9n.mistbr1a.garden
domain: shieldnoble.mistbr1a.garden
domain: geo-br4nch.mistbr1a.garden
domain: 307clahr.mistbr1a.garden
url: https://rapidlogiclab.top/trace/principal-core.php
domain: rapidlogiclab.top
url: https://rapidlogiclab.top/trace/rate-core.js
url: https://truenexor.com/document
domain: truenexor.com
domain: trad3-hinge.mistbr1a.garden
url: https://logicallinks.ca/
domain: yluumg.lunave5.garden
domain: wu97b.lunave5.garden
domain: igsh.lunave5.garden
domain: arkven3ix.lunave5.garden
domain: tr4il7-watch.lunave5.garden
domain: update.updatemicfosoft.com
domain: theoryviraleliminate.com
domain: monkey.kyun.li
domain: codeinecrazy.xyz
domain: cherrymixtureinstrument.com
domain: lummeshet3.lunave5.garden
domain: cinemscript.th0rniva.garden
domain: barkhidden.th0rniva.garden
domain: tyvvpe4.th0rniva.garden
domain: dyn-lithum.th0rniva.garden
url: https://morfometal.gr/
domain: 3jf88h.th0rniva.garden
domain: sample9-field.th0rniva.garden
domain: cheeshoumreciple.com
domain: brionter.com
url: https://brionter.com/4ba0af68-0037-5f6e-afd1-64f89fc0f554/loc1
url: https://brionter.com/4ba0af68-0037-5f6e-afd1-64f89fc0f554/v1
hash: a9d46f61cf10a1fa83560bd68b077bbc1a149bfc6aad7a237b5d2244a7240c02
hash: b0c9c8c3a10b966873e8cb54b9aa07d0c0e07520b6cf2f23ed790a6eb4c0ea45
domain: eds122il.ve1ori.garden
domain: ycgyxlt2.ve1ori.garden
domain: socia-dri.ve1ori.garden
domain: qhyo.ve1ori.garden
domain: dynfluxon5.ve1ori.garden
domain: sercrestar.ve1ori.garden
domain: vordraon9.g1enmor.garden
url: https://kovkcek.com/file.js
domain: kovkcek.com
url: https://kovkcek.com/t
url: https://kovkcek.com/g
url: https://kovkcek.com/c
url: https://rs2y15sungu.com/d
domain: rs2y15sungu.com
domain: pilot-brave.g1enmor.garden
domain: meadow-cast.g1enmor.garden
domain: juvobd.g1enmor.garden
domain: extractquant.g1enmor.garden
file: 117.50.71.2
hash: 6666
domain: cedspoo.g1enmor.garden
domain: microsoftcdn.accesscam.org
file: 100.113.210.8
hash: 8081
file: 156.245.147.98
hash: 9010
file: 217.154.212.25
hash: 8081
file: 46.137.196.122
hash: 8000
file: 82.156.62.131
hash: 80
domain: mujqm85.glen4mora.garden
domain: ee1ewv3.glen4mora.garden
file: 45.9.168.219
hash: 2404
domain: 3u02msh.glen4mora.garden
domain: wtn.yutikeyu.com
url: https://wtn.yutikeyu.com/
domain: wtn.nossamidia.net.br
url: https://wtn.nossamidia.net.br/
domain: zr4ipb.glen4mora.garden
domain: calm-bir.glen4mora.garden
domain: gate1-forge.ve7loria.garden
file: 103.140.238.45
hash: 31337
file: 152.53.103.201
hash: 31337
url: https://labo.univ-msila.dz/
domain: nor-tideum.ve7loria.garden
domain: dynvenet7.ve7loria.garden
domain: equ1t-spark.ve7loria.garden
domain: sharpnoti.ve7loria.garden
domain: xqjrhdwm.thorni2va.garden
domain: glac-vector.thorni2va.garden
domain: glowmedaesthetics.com
domain: fuq05rzs.little-spoken.digital
domain: xh2vawpt.little-spoken.digital
domain: insigh-pro.thorni2va.garden
domain: o3fs4mi0.little-spoken.digital
domain: seering5outh.digital
domain: jh27i1hs.seering5outh.digital
domain: dynmesh5or.thorni2va.garden
domain: zcvxwp.thorni2va.garden
domain: nggau.lunav8era.garden
domain: z3ebwqw0.seering5outh.digital
domain: w674qftb.seering5outh.digital
url: https://green-buildingsrl.it/
url: https://seabelleyachtservices.com/
domain: arkmarkar2.lunav8era.garden
domain: neo-tr3nd.lunav8era.garden
domain: sub-l1ght.lunav8era.garden
domain: 16z4okne.seering5outh.digital
domain: h6gmmo5g.seering5outh.digital
domain: lxkedtm4.lunav8era.garden
domain: velcrest2en.mist3briar.garden
domain: serlithos.mist3briar.garden
domain: vel-valeis.mist3briar.garden
domain: lwmbun.mist3briar.garden
domain: 0njmhe52.mist3briar.garden
domain: banner-stack.so6lavern.garden
domain: bundlfilter.so6lavern.garden
url: https://springvc.cyou
domain: urbandeep.so6lavern.garden
domain: dyncorear.so6lavern.garden
domain: fj0r8-chain.so6lavern.garden
domain: meta-rnass1v.petalu1ne.garden
domain: hqyqbe.petalu1ne.garden
domain: mnt.yutikeyu.com
url: https://mnt.yutikeyu.com/
domain: mnt.nossamidia.net.br
url: https://mnt.nossamidia.net.br/
domain: ultra-rnetr1.petalu1ne.garden
domain: zen-coreet.petalu1ne.garden
domain: microbeforest.petalu1ne.garden
domain: out13-stream.grov9essa.garden
domain: vupvuar8.grov9essa.garden
domain: 9takl.grov9essa.garden
domain: vine-lab.flo5renth.garden
domain: l6ms.flo5renth.garden
domain: image-hold.flo5renth.garden
domain: frameworkjsbns.beer
domain: cliff2-vault.verda7lya.garden
domain: hyper-fund.verda7lya.garden
domain: vtc3eae.verda7lya.garden
file: 104.168.70.158
hash: 2404
file: 104.168.70.158
hash: 5000
domain: odds8logicnet.dra7vexa.bet
domain: riskmeshnode.dra7vexa.bet
url: https://nig.nossamidia.net.br/
domain: nig.nossamidia.net.br
domain: cardhostunit.dra7vexa.bet
domain: deck5pathgate.dra7vexa.bet
domain: luck9siteview.dra7vexa.bet
url: https://yutikeyu.com/
domain: ogicway.lo4miren.bet
domain: dealmeshsite.lo4miren.bet
domain: fold7taskhub.lo4miren.bet
domain: bankhostunit.lo4miren.bet
domain: ante4pathgate.lo4miren.bet
domain: rollmeshnode.thora9xel.bet
domain: face2taskhub.thora9xel.bet
domain: edgehostunit.thora9xel.bet
domain: drop9siteview.thora9xel.bet
domain: voidmeshsite.niva2ron.bet
domain: null7taskhub.niva2ron.bet
domain: free3pathgate.niva2ron.bet
url: https://financialexpress.com.au/
domain: open8siteview.niva2ron.bet
domain: game5logicnet.mist5qora.bet
domain: playmeshnode.mist5qora.bet
domain: lasthostunit.mist5qora.bet
domain: fast7siteview.mist5qora.bet
domain: rank3logicway.so8laven.bet

Source: ThreatFox MISP Feed

Published: Wed Apr 29 2026

ThreatFox IOCs for 2026-04-29

Medium

Malwaretype:osint tlp:white

Published: Wed Apr 29 2026 (04/29/2026, 00:00:00 UTC)

Source: ThreatFox MISP Feed

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2026-04-29

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 04/30/2026, 00:06:21 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: 0b5a5e5d-2713-4b54-bf7b-0e1632ebaa24
Original Timestamp: 1777507412

Indicators of Compromise

Domain

Value	Description	Copy
domainprism6hostunit.quartzprismcloud.garden	ClearFake payload delivery domain (confidence level: 100%)
domainflintpathgate.quartzprismcloud.garden	ClearFake payload delivery domain (confidence level: 100%)
domainbarsows.com	KongTuke payload delivery domain (confidence level: 100%)
domaindrift2logicnet.tundraflowunit.garden	ClearFake payload delivery domain (confidence level: 100%)
domainfrosthostbase.tundraflowunit.garden	ClearFake payload delivery domain (confidence level: 100%)
domaingalesync7zone.tundraflowunit.garden	ClearFake payload delivery domain (confidence level: 100%)
domainiron9siteview.basaltlogicnode.garden	ClearFake payload delivery domain (confidence level: 100%)
domainscreenly.cam	Unknown malware botnet C2 domain (confidence level: 80%)
domainxtrafftrck.net	Unknown malware botnet C2 domain (confidence level: 80%)
domainsolidpathlink.basaltlogicnode.garden	ClearFake payload delivery domain (confidence level: 100%)
domainsand6tasksys.canyonsyncgate.garden	ClearFake payload delivery domain (confidence level: 100%)
domainaridlogicnode.canyonsyncgate.garden	ClearFake payload delivery domain (confidence level: 100%)
domainedgehostunit.vertexurbanhub.garden	ClearFake payload delivery domain (confidence level: 100%)
domainwave4zoneyview.oceanicmeshbit.garden	ClearFake payload delivery domain (confidence level: 100%)
domaintall5logicnet.pylonstaticnet.garden	ClearFake payload delivery domain (confidence level: 100%)
domainpure8siteview.marblewavebase.garden	ClearFake payload delivery domain (confidence level: 100%)
domainsifthostunit.silicapathsys.garden	ClearFake payload delivery domain (confidence level: 100%)
domainold3logicgate.fossilcryptoweb.garden	ClearFake payload delivery domain (confidence level: 100%)
domainbone7taskhub.fossilcryptoweb.garden	ClearFake payload delivery domain (confidence level: 100%)
domainhardhostunit.fossilcryptoweb.garden	ClearFake payload delivery domain (confidence level: 100%)
domainpast4pathgate.fossilcryptoweb.garden	ClearFake payload delivery domain (confidence level: 100%)
domainclay8siteview.fossilcryptoweb.garden	ClearFake payload delivery domain (confidence level: 100%)
domainproxyblue8wave.nebulafluxbase.garden	ClearFake payload delivery domain (confidence level: 100%)
domainsmartmeshpath.nebulafluxbase.garden	ClearFake payload delivery domain (confidence level: 100%)
domainclear3logicgate.nebulafluxbase.garden	ClearFake payload delivery domain (confidence level: 100%)
domainhostunit9site.nebulafluxbase.garden	ClearFake payload delivery domain (confidence level: 100%)
domainboldfluxsync.nebulafluxbase.garden	ClearFake payload delivery domain (confidence level: 100%)
domaintrendnodeview.nebulafluxbase.garden	ClearFake payload delivery domain (confidence level: 100%)
domainapex7stormweb.vectorstarcity.garden	ClearFake payload delivery domain (confidence level: 100%)
domainneogatewayhub.vectorstarcity.garden	ClearFake payload delivery domain (confidence level: 100%)
domainwild2pathbase.vectorstarcity.garden	ClearFake payload delivery domain (confidence level: 100%)
domaingrand6nodeunit.vectorstarcity.garden	ClearFake payload delivery domain (confidence level: 100%)
domainhgn.trbombom.com	Vidar botnet C2 domain (confidence level: 100%)
domainhgn.jornaltribunadearaxa.com.br	Vidar botnet C2 domain (confidence level: 100%)
domainfreetasklink.vectorstarcity.garden	ClearFake payload delivery domain (confidence level: 100%)
domaincoolmeshbit5.vectorstarcity.garden	ClearFake payload delivery domain (confidence level: 100%)
domainstellarbit4sys.marinergridhub.garden	ClearFake payload delivery domain (confidence level: 100%)
domainvastlogicnode.marinergridhub.garden	ClearFake payload delivery domain (confidence level: 100%)
domainradiantpath9.marinergridhub.garden	ClearFake payload delivery domain (confidence level: 100%)
domainsmartmesh1unit.marinergridhub.garden	ClearFake payload delivery domain (confidence level: 100%)
domainurbanhostgate.marinergridhub.garden	ClearFake payload delivery domain (confidence level: 100%)
domainblue3zonepath.marinergridhub.garden	ClearFake payload delivery domain (confidence level: 100%)
domaingravitflux2box.titanmeshflow.garden	ClearFake payload delivery domain (confidence level: 100%)
domainsolarpointnet.titanmeshflow.garden	ClearFake payload delivery domain (confidence level: 100%)
domainlunarwaveunit.titanmeshflow.garden	ClearFake payload delivery domain (confidence level: 100%)
domaintempohost8link.titanmeshflow.garden	ClearFake payload delivery domain (confidence level: 100%)
domainmacro6siteview.titanmeshflow.garden	ClearFake payload delivery domain (confidence level: 100%)
domainatlasgrid4flow.titanmeshflow.garden	ClearFake payload delivery domain (confidence level: 100%)
domainfrost9taskunit.pulsarlogicnet.garden	ClearFake payload delivery domain (confidence level: 100%)
domainembermeshnode.pulsarlogicnet.garden	ClearFake payload delivery domain (confidence level: 100%)
domainiron5logicway.pulsarlogicnet.garden	ClearFake payload delivery domain (confidence level: 100%)
domainpuresyncbase1.pulsarlogicnet.garden	ClearFake payload delivery domain (confidence level: 100%)
domaindeltahostgate.pulsarlogicnet.garden	ClearFake payload delivery domain (confidence level: 100%)
domainrapid8wavenet.pulsarlogicnet.garden	ClearFake payload delivery domain (confidence level: 100%)
domainsilicon7point.zenithdockunit.garden	ClearFake payload delivery domain (confidence level: 100%)
domaincarbonmeshnode.zenithdockunit.garden	ClearFake payload delivery domain (confidence level: 100%)
domainneon2logicgate.zenithdockunit.garden	ClearFake payload delivery domain (confidence level: 100%)
domaingoldunitpath5.zenithdockunit.garden	ClearFake payload delivery domain (confidence level: 100%)
domainzincflowbase.zenithdockunit.garden	ClearFake payload delivery domain (confidence level: 100%)
domainlead4tasksys.zenithdockunit.garden	ClearFake payload delivery domain (confidence level: 100%)
domainvector3sitehub.cobaltpathsys.garden	ClearFake payload delivery domain (confidence level: 100%)
domainmatrix6pathway.cobaltpathsys.garden	ClearFake payload delivery domain (confidence level: 100%)
domainlinehostunit1.cobaltpathsys.garden	ClearFake payload delivery domain (confidence level: 100%)
domainscalezoneyview.cobaltpathsys.garden	ClearFake payload delivery domain (confidence level: 100%)
domainplanemeshlogic.cobaltpathsys.garden	ClearFake payload delivery domain (confidence level: 100%)
domainpoint8fluxsys.cobaltpathsys.garden	ClearFake payload delivery domain (confidence level: 100%)
domainquant9wavegate.ferrumgateweb.garden	ClearFake payload delivery domain (confidence level: 100%)
domainorbitmeshpath.ferrumgateweb.garden	ClearFake payload delivery domain (confidence level: 100%)
domainatom2logicnet.ferrumgateweb.garden	ClearFake payload delivery domain (confidence level: 100%)
domaincorehostunit5.ferrumgateweb.garden	ClearFake payload delivery domain (confidence level: 100%)
domainmyremnew.duckdns.org	Remcos botnet C2 domain (confidence level: 75%)
domainnewupdaterem.duckdns.org	Remcos botnet C2 domain (confidence level: 75%)
domainpulse8sitebox.ferrumgateweb.garden	ClearFake payload delivery domain (confidence level: 100%)
domainstaticflowsys.ferrumgateweb.garden	ClearFake payload delivery domain (confidence level: 100%)
domainblablatst12345.net	Remus botnet C2 domain (confidence level: 49%)
domainsad4w7h913-b4a57f9c36eb.herokuapp.com	Unknown malware botnet C2 domain (confidence level: 49%)
domainsonic4wavehub.astrolinkview.garden	ClearFake payload delivery domain (confidence level: 100%)
domainnsserdns.beer	Unknown malware payload delivery domain (confidence level: 100%)
domainnsbdnscloud.beer	Unknown malware payload delivery domain (confidence level: 100%)
domainclaudesave.beer	Unknown malware payload delivery domain (confidence level: 100%)
domainaudiomeshbase.astrolinkview.garden	ClearFake payload delivery domain (confidence level: 100%)
domaintonelogicgate7.astrolinkview.garden	ClearFake payload delivery domain (confidence level: 100%)
domainfreq6taskunit.astrolinkview.garden	ClearFake payload delivery domain (confidence level: 100%)
domainalmendrawinery.com	Nanocore RAT botnet C2 domain (confidence level: 75%)
domainwww.m88sut.com	Nanocore RAT botnet C2 domain (confidence level: 75%)
domainpitchzoneyview.astrolinkview.garden	ClearFake payload delivery domain (confidence level: 100%)
domainecho2pathnode.astrolinkview.garden	ClearFake payload delivery domain (confidence level: 100%)
domaintrendscan8meta.kinetichostbit.garden	ClearFake payload delivery domain (confidence level: 100%)
domainshieldpurelink.kinetichostbit.garden	ClearFake payload delivery domain (confidence level: 100%)
domainbright3nodeview.kinetichostbit.garden	ClearFake payload delivery domain (confidence level: 100%)
domainproxyfastzone.kinetichostbit.garden	ClearFake payload delivery domain (confidence level: 100%)
domaindeepcloud9base.kinetichostbit.garden	ClearFake payload delivery domain (confidence level: 100%)
domainsignalwestport.kinetichostbit.garden	ClearFake payload delivery domain (confidence level: 100%)
domainphotonstage.verd1ya.garden	ClearFake payload delivery domain (confidence level: 100%)
domainlumfluxor.verd1ya.garden	ClearFake payload delivery domain (confidence level: 100%)
domaintaldraa.verd1ya.garden	ClearFake payload delivery domain (confidence level: 100%)
domainslowprim.verd1ya.garden	ClearFake payload delivery domain (confidence level: 100%)
domain1aun0-zone.verd1ya.garden	ClearFake payload delivery domain (confidence level: 100%)
domainyqql69g.grove5s.garden	ClearFake payload delivery domain (confidence level: 100%)
domainr1dge2-stream.grove5s.garden	ClearFake payload delivery domain (confidence level: 100%)
domainser-venet.grove5s.garden	ClearFake payload delivery domain (confidence level: 100%)
domainscan.aquasecurtiy.org	Unknown malware botnet C2 domain (confidence level: 49%)
domainsoltide9is.grove5s.garden	ClearFake payload delivery domain (confidence level: 100%)
domainvkl2j.grove5s.garden	ClearFake payload delivery domain (confidence level: 100%)
domainloose-mesh.grove5s.garden	ClearFake payload delivery domain (confidence level: 100%)
domainzenforgeos3.peta1un.garden	ClearFake payload delivery domain (confidence level: 100%)
domainlum-forgeal.peta1un.garden	ClearFake payload delivery domain (confidence level: 100%)
domainvdlk32.peta1un.garden	ClearFake payload delivery domain (confidence level: 100%)
domainvscode-address-checking-mo.vercel.app	ContagiousDrop payload delivery domain (confidence level: 100%)
domainip-address-check1.vercel.app.vercel.app	ContagiousDrop payload delivery domain (confidence level: 100%)
domainiclu.peta1un.garden	ClearFake payload delivery domain (confidence level: 100%)
domainvscode-ip-checking-nine.vercel.app	ContagiousDrop payload delivery domain (confidence level: 100%)
domainip-address-vscode-checking.vercel.app	ContagiousDrop payload delivery domain (confidence level: 100%)
domainvscode-ipaddress-checking-nine.vercel.app	ContagiousDrop payload delivery domain (confidence level: 100%)
domainvscode-ipaddress-checking.vercel.app	ContagiousDrop payload delivery domain (confidence level: 100%)
domainvscode-ip-address-checking-ten.vercel.app	ContagiousDrop payload delivery domain (confidence level: 100%)
domainvscode-ip-address-checking.vercel-ten.app	ContagiousDrop payload delivery domain (confidence level: 100%)
domainvscode-ip-address-checking.vercel.app	ContagiousDrop payload delivery domain (confidence level: 100%)
domainvscode-ip-addess-checking.vercel.app	ContagiousDrop payload delivery domain (confidence level: 100%)
domainvscode-settings-tasks-227.vercel.app	ContagiousDrop payload delivery domain (confidence level: 100%)
domainvscode-ipchecking.vercel.app	ContagiousDrop payload delivery domain (confidence level: 100%)
domainvscode-settings-tasks-json.vercel.app	ContagiousDrop payload delivery domain (confidence level: 100%)
domainvscodesetting-task.vercel.app	ContagiousDrop payload delivery domain (confidence level: 100%)
domainvscodesettingtask.vercel.app	ContagiousDrop payload delivery domain (confidence level: 100%)
domainip-address-check-mo.vercel.app	ContagiousDrop payload delivery domain (confidence level: 100%)
domainrivspectr.peta1un.garden	ClearFake payload delivery domain (confidence level: 100%)
domainy-hazel-ten.vercel.app	BeaverTail botnet C2 domain (confidence level: 100%)
domainxeft5.peta1un.garden	ClearFake payload delivery domain (confidence level: 100%)
domainmar.yutikeyu.com	Vidar botnet C2 domain (confidence level: 100%)
domainmar.nossamidia.net.br	Vidar botnet C2 domain (confidence level: 100%)
domaincargovolt.so1aver.garden	ClearFake payload delivery domain (confidence level: 100%)
domainiuizmq.so1aver.garden	ClearFake payload delivery domain (confidence level: 100%)
domainfalconext.so1aver.garden	ClearFake payload delivery domain (confidence level: 100%)
domainicq8nz9.so1aver.garden	ClearFake payload delivery domain (confidence level: 100%)
domain5ort-line.so1aver.garden	ClearFake payload delivery domain (confidence level: 100%)
domainoasis5-well.so1aver.garden	ClearFake payload delivery domain (confidence level: 100%)
domainmercore0or.mistbr1a.garden	ClearFake payload delivery domain (confidence level: 100%)
domainfa9n.mistbr1a.garden	ClearFake payload delivery domain (confidence level: 100%)
domainshieldnoble.mistbr1a.garden	ClearFake payload delivery domain (confidence level: 100%)
domaingeo-br4nch.mistbr1a.garden	ClearFake payload delivery domain (confidence level: 100%)
domain307clahr.mistbr1a.garden	ClearFake payload delivery domain (confidence level: 100%)
domainrapidlogiclab.top	SmartApeSG payload delivery domain (confidence level: 100%)
domaintruenexor.com	SmartApeSG payload delivery domain (confidence level: 100%)
domaintrad3-hinge.mistbr1a.garden	ClearFake payload delivery domain (confidence level: 100%)
domainyluumg.lunave5.garden	ClearFake payload delivery domain (confidence level: 100%)
domainwu97b.lunave5.garden	ClearFake payload delivery domain (confidence level: 100%)
domainigsh.lunave5.garden	ClearFake payload delivery domain (confidence level: 100%)
domainarkven3ix.lunave5.garden	ClearFake payload delivery domain (confidence level: 100%)
domaintr4il7-watch.lunave5.garden	ClearFake payload delivery domain (confidence level: 100%)
domainupdate.updatemicfosoft.com	WarLock botnet C2 domain (confidence level: 49%)
domaintheoryviraleliminate.com	Unknown malware botnet C2 domain (confidence level: 49%)
domainmonkey.kyun.li	Unknown malware botnet C2 domain (confidence level: 49%)
domaincodeinecrazy.xyz	Unknown malware botnet C2 domain (confidence level: 49%)
domaincherrymixtureinstrument.com	Unknown malware botnet C2 domain (confidence level: 49%)
domainlummeshet3.lunave5.garden	ClearFake payload delivery domain (confidence level: 100%)
domaincinemscript.th0rniva.garden	ClearFake payload delivery domain (confidence level: 100%)
domainbarkhidden.th0rniva.garden	ClearFake payload delivery domain (confidence level: 100%)
domaintyvvpe4.th0rniva.garden	ClearFake payload delivery domain (confidence level: 100%)
domaindyn-lithum.th0rniva.garden	ClearFake payload delivery domain (confidence level: 100%)
domain3jf88h.th0rniva.garden	ClearFake payload delivery domain (confidence level: 100%)
domainsample9-field.th0rniva.garden	ClearFake payload delivery domain (confidence level: 100%)
domaincheeshoumreciple.com	Unknown malware botnet C2 domain (confidence level: 75%)
domainbrionter.com	Unknown malware botnet C2 domain (confidence level: 90%)
domaineds122il.ve1ori.garden	ClearFake payload delivery domain (confidence level: 100%)
domainycgyxlt2.ve1ori.garden	ClearFake payload delivery domain (confidence level: 100%)
domainsocia-dri.ve1ori.garden	ClearFake payload delivery domain (confidence level: 100%)
domainqhyo.ve1ori.garden	ClearFake payload delivery domain (confidence level: 100%)
domaindynfluxon5.ve1ori.garden	ClearFake payload delivery domain (confidence level: 100%)
domainsercrestar.ve1ori.garden	ClearFake payload delivery domain (confidence level: 100%)
domainvordraon9.g1enmor.garden	ClearFake payload delivery domain (confidence level: 100%)
domainkovkcek.com	KongTuke payload delivery domain (confidence level: 100%)
domainrs2y15sungu.com	KongTuke payload delivery domain (confidence level: 100%)
domainpilot-brave.g1enmor.garden	ClearFake payload delivery domain (confidence level: 100%)
domainmeadow-cast.g1enmor.garden	ClearFake payload delivery domain (confidence level: 100%)
domainjuvobd.g1enmor.garden	ClearFake payload delivery domain (confidence level: 100%)
domainextractquant.g1enmor.garden	ClearFake payload delivery domain (confidence level: 100%)
domaincedspoo.g1enmor.garden	ClearFake payload delivery domain (confidence level: 100%)
domainmicrosoftcdn.accesscam.org	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainmujqm85.glen4mora.garden	ClearFake payload delivery domain (confidence level: 100%)
domainee1ewv3.glen4mora.garden	ClearFake payload delivery domain (confidence level: 100%)
domain3u02msh.glen4mora.garden	ClearFake payload delivery domain (confidence level: 100%)
domainwtn.yutikeyu.com	Vidar botnet C2 domain (confidence level: 100%)
domainwtn.nossamidia.net.br	Vidar botnet C2 domain (confidence level: 100%)
domainzr4ipb.glen4mora.garden	ClearFake payload delivery domain (confidence level: 100%)
domaincalm-bir.glen4mora.garden	ClearFake payload delivery domain (confidence level: 100%)
domaingate1-forge.ve7loria.garden	ClearFake payload delivery domain (confidence level: 100%)
domainnor-tideum.ve7loria.garden	ClearFake payload delivery domain (confidence level: 100%)
domaindynvenet7.ve7loria.garden	ClearFake payload delivery domain (confidence level: 100%)
domainequ1t-spark.ve7loria.garden	ClearFake payload delivery domain (confidence level: 100%)
domainsharpnoti.ve7loria.garden	ClearFake payload delivery domain (confidence level: 100%)
domainxqjrhdwm.thorni2va.garden	ClearFake payload delivery domain (confidence level: 100%)
domainglac-vector.thorni2va.garden	ClearFake payload delivery domain (confidence level: 100%)
domainglowmedaesthetics.com	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainfuq05rzs.little-spoken.digital	ClearFake payload delivery domain (confidence level: 100%)
domainxh2vawpt.little-spoken.digital	ClearFake payload delivery domain (confidence level: 100%)
domaininsigh-pro.thorni2va.garden	ClearFake payload delivery domain (confidence level: 100%)
domaino3fs4mi0.little-spoken.digital	ClearFake payload delivery domain (confidence level: 100%)
domainseering5outh.digital	ClearFake payload delivery domain (confidence level: 100%)
domainjh27i1hs.seering5outh.digital	ClearFake payload delivery domain (confidence level: 100%)
domaindynmesh5or.thorni2va.garden	ClearFake payload delivery domain (confidence level: 100%)
domainzcvxwp.thorni2va.garden	ClearFake payload delivery domain (confidence level: 100%)
domainnggau.lunav8era.garden	ClearFake payload delivery domain (confidence level: 100%)
domainz3ebwqw0.seering5outh.digital	ClearFake payload delivery domain (confidence level: 100%)
domainw674qftb.seering5outh.digital	ClearFake payload delivery domain (confidence level: 100%)
domainarkmarkar2.lunav8era.garden	ClearFake payload delivery domain (confidence level: 100%)
domainneo-tr3nd.lunav8era.garden	ClearFake payload delivery domain (confidence level: 100%)
domainsub-l1ght.lunav8era.garden	ClearFake payload delivery domain (confidence level: 100%)
domain16z4okne.seering5outh.digital	ClearFake payload delivery domain (confidence level: 100%)
domainh6gmmo5g.seering5outh.digital	ClearFake payload delivery domain (confidence level: 100%)
domainlxkedtm4.lunav8era.garden	ClearFake payload delivery domain (confidence level: 100%)
domainvelcrest2en.mist3briar.garden	ClearFake payload delivery domain (confidence level: 100%)
domainserlithos.mist3briar.garden	ClearFake payload delivery domain (confidence level: 100%)
domainvel-valeis.mist3briar.garden	ClearFake payload delivery domain (confidence level: 100%)
domainlwmbun.mist3briar.garden	ClearFake payload delivery domain (confidence level: 100%)
domain0njmhe52.mist3briar.garden	ClearFake payload delivery domain (confidence level: 100%)
domainbanner-stack.so6lavern.garden	ClearFake payload delivery domain (confidence level: 100%)
domainbundlfilter.so6lavern.garden	ClearFake payload delivery domain (confidence level: 100%)
domainurbandeep.so6lavern.garden	ClearFake payload delivery domain (confidence level: 100%)
domaindyncorear.so6lavern.garden	ClearFake payload delivery domain (confidence level: 100%)
domainfj0r8-chain.so6lavern.garden	ClearFake payload delivery domain (confidence level: 100%)
domainmeta-rnass1v.petalu1ne.garden	ClearFake payload delivery domain (confidence level: 100%)
domainhqyqbe.petalu1ne.garden	ClearFake payload delivery domain (confidence level: 100%)
domainmnt.yutikeyu.com	Vidar botnet C2 domain (confidence level: 100%)
domainmnt.nossamidia.net.br	Vidar botnet C2 domain (confidence level: 100%)
domainultra-rnetr1.petalu1ne.garden	ClearFake payload delivery domain (confidence level: 100%)
domainzen-coreet.petalu1ne.garden	ClearFake payload delivery domain (confidence level: 100%)
domainmicrobeforest.petalu1ne.garden	ClearFake payload delivery domain (confidence level: 100%)
domainout13-stream.grov9essa.garden	ClearFake payload delivery domain (confidence level: 100%)
domainvupvuar8.grov9essa.garden	ClearFake payload delivery domain (confidence level: 100%)
domain9takl.grov9essa.garden	ClearFake payload delivery domain (confidence level: 100%)
domainvine-lab.flo5renth.garden	ClearFake payload delivery domain (confidence level: 100%)
domainl6ms.flo5renth.garden	ClearFake payload delivery domain (confidence level: 100%)
domainimage-hold.flo5renth.garden	ClearFake payload delivery domain (confidence level: 100%)
domainframeworkjsbns.beer	Unknown malware payload delivery domain (confidence level: 100%)
domaincliff2-vault.verda7lya.garden	ClearFake payload delivery domain (confidence level: 100%)
domainhyper-fund.verda7lya.garden	ClearFake payload delivery domain (confidence level: 100%)
domainvtc3eae.verda7lya.garden	ClearFake payload delivery domain (confidence level: 100%)
domainodds8logicnet.dra7vexa.bet	ClearFake payload delivery domain (confidence level: 100%)
domainriskmeshnode.dra7vexa.bet	ClearFake payload delivery domain (confidence level: 100%)
domainnig.nossamidia.net.br	Vidar botnet C2 domain (confidence level: 75%)
domaincardhostunit.dra7vexa.bet	ClearFake payload delivery domain (confidence level: 100%)
domaindeck5pathgate.dra7vexa.bet	ClearFake payload delivery domain (confidence level: 100%)
domainluck9siteview.dra7vexa.bet	ClearFake payload delivery domain (confidence level: 100%)
domainogicway.lo4miren.bet	ClearFake payload delivery domain (confidence level: 100%)
domaindealmeshsite.lo4miren.bet	ClearFake payload delivery domain (confidence level: 100%)
domainfold7taskhub.lo4miren.bet	ClearFake payload delivery domain (confidence level: 100%)
domainbankhostunit.lo4miren.bet	ClearFake payload delivery domain (confidence level: 100%)
domainante4pathgate.lo4miren.bet	ClearFake payload delivery domain (confidence level: 100%)
domainrollmeshnode.thora9xel.bet	ClearFake payload delivery domain (confidence level: 100%)
domainface2taskhub.thora9xel.bet	ClearFake payload delivery domain (confidence level: 100%)
domainedgehostunit.thora9xel.bet	ClearFake payload delivery domain (confidence level: 100%)
domaindrop9siteview.thora9xel.bet	ClearFake payload delivery domain (confidence level: 100%)
domainvoidmeshsite.niva2ron.bet	ClearFake payload delivery domain (confidence level: 100%)
domainnull7taskhub.niva2ron.bet	ClearFake payload delivery domain (confidence level: 100%)
domainfree3pathgate.niva2ron.bet	ClearFake payload delivery domain (confidence level: 100%)
domainopen8siteview.niva2ron.bet	ClearFake payload delivery domain (confidence level: 100%)
domaingame5logicnet.mist5qora.bet	ClearFake payload delivery domain (confidence level: 100%)
domainplaymeshnode.mist5qora.bet	ClearFake payload delivery domain (confidence level: 100%)
domainlasthostunit.mist5qora.bet	ClearFake payload delivery domain (confidence level: 100%)
domainfast7siteview.mist5qora.bet	ClearFake payload delivery domain (confidence level: 100%)
domainrank3logicway.so8laven.bet	ClearFake payload delivery domain (confidence level: 100%)

Url

Value	Description	Copy
urlhttps://barsows.com/file.js	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://barsows.com/t	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://barsows.com/g	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://barsows.com/c	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://screenly.cam/s/f38c71	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://screenly.cam/s/14867a	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://screenly.cam/s/f5888f	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://screenly.cam/s/048688	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://screenly.cam/s/430d52	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://screenly.cam/s/c13673	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://screenly.cam/s/bb1452	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://screenly.cam/s/b6e159	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://screenly.cam/s/d240b0	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://screenly.cam/s/bb358d	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://screenly.cam/s/78188a	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://screenly.cam/s/ce1620	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://xtrafftrck.net/files/updater.ocx	Unknown malware payload delivery URL (confidence level: 85%)
urlhttps://spesiarecruitment.job-bank.co.uk/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://upsetamerican.com/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://andlaw.vn/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://chart.infoik.com/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://fotovoltaicapolaris.com/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://jenishchamling.com/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://mobilemarketco.online/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://old.franchise.anemoneindonesia.com/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://peachtreecapitalllc.com/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://rockwoodepoxy.com/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://scoreboardd.com/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://swallowinternational.com/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://trianglepaintinganddrywallllc.com/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://banglachannel.net/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://residence.co.il/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://globalrvsales.com.au/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://ecombustibil.ro/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://hgn.trbombom.com/	Vidar botnet C2 (confidence level: 100%)
urlhttps://hgn.jornaltribunadearaxa.com.br/	Vidar botnet C2 (confidence level: 100%)
urlhttps://purplefeetwines.monster	Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://sites.google.com/view/brewpage	Unknown Stealer payload delivery URL (confidence level: 100%)
urlhttps://macosforguide.gitlab.io/crw/	Unknown Stealer payload delivery URL (confidence level: 100%)
urlhttp://45.151.91.187/pa.php	Kamasers botnet C2 (confidence level: 49%)
urlwss://sad4w7h913-b4a57f9c36eb.herokuapp.com:443/ws	Unknown malware botnet C2 (confidence level: 49%)
urlhttps://nsserdns.beer/api/css.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://nsbdnscloud.beer/api/css.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://claudesave.beer/api/css.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttp://172.86.116.178:5918	Unknown malware botnet C2 (confidence level: 49%)
urlhttp://redlandcpu.mywire.org:8000/is-ready	Houdini botnet C2 (confidence level: 100%)
urlhttp://a1161272.xsph.ru/2d54b470.php	DCRat botnet C2 (confidence level: 100%)
urlhttp://62.109.20.226/secureauthwindowsflower.php	DCRat botnet C2 (confidence level: 100%)
urlhttps://mpla-clo.cc	Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://cloback.icu	Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttps://ip-address-check-mo.vercel.app/api/settings/linux	ContagiousDrop payload delivery URL (confidence level: 100%)
urlhttps://ip-address-check-mo.vercel.app/api/settings/mac	ContagiousDrop payload delivery URL (confidence level: 100%)
urlhttps://ip-address-check-mo.vercel.app/api/settings/windows	ContagiousDrop payload delivery URL (confidence level: 100%)
urlhttps://y-hazel-ten.vercel.app/api	BeaverTail botnet C2 (confidence level: 100%)
urlhttps://mar.yutikeyu.com/	Vidar botnet C2 (confidence level: 100%)
urlhttps://mar.nossamidia.net.br/	Vidar botnet C2 (confidence level: 100%)
urlhttps://rapidlogiclab.top/trace/principal-core.php	SmartApeSG payload delivery URL (confidence level: 100%)
urlhttps://rapidlogiclab.top/trace/rate-core.js	SmartApeSG payload delivery URL (confidence level: 100%)
urlhttps://truenexor.com/document	SmartApeSG payload delivery URL (confidence level: 100%)
urlhttps://logicallinks.ca/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://morfometal.gr/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://brionter.com/4ba0af68-0037-5f6e-afd1-64f89fc0f554/loc1	Unknown malware botnet C2 (confidence level: 75%)
urlhttps://brionter.com/4ba0af68-0037-5f6e-afd1-64f89fc0f554/v1	Unknown malware botnet C2 (confidence level: 90%)
urlhttps://kovkcek.com/file.js	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://kovkcek.com/t	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://kovkcek.com/g	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://kovkcek.com/c	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://rs2y15sungu.com/d	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://wtn.yutikeyu.com/	Vidar botnet C2 (confidence level: 100%)
urlhttps://wtn.nossamidia.net.br/	Vidar botnet C2 (confidence level: 100%)
urlhttps://labo.univ-msila.dz/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://green-buildingsrl.it/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://seabelleyachtservices.com/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://springvc.cyou	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://mnt.yutikeyu.com/	Vidar botnet C2 (confidence level: 100%)
urlhttps://mnt.nossamidia.net.br/	Vidar botnet C2 (confidence level: 100%)
urlhttps://nig.nossamidia.net.br/	Vidar botnet C2 (confidence level: 75%)
urlhttps://yutikeyu.com/	Vidar botnet C2 (confidence level: 100%)
urlhttps://financialexpress.com.au/	Vidar payload delivery URL (confidence level: 75%)

File

Value	Description	Copy
file70.34.205.43	Unknown malware botnet C2 server (confidence level: 80%)
file172.235.163.133	Kimwolf botnet C2 server (confidence level: 100%)
file172.235.163.86	Kimwolf botnet C2 server (confidence level: 100%)
file172.235.163.98	Kimwolf botnet C2 server (confidence level: 100%)
file172.235.163.113	Kimwolf botnet C2 server (confidence level: 100%)
file172.235.163.71	Kimwolf botnet C2 server (confidence level: 100%)
file172.235.163.127	Kimwolf botnet C2 server (confidence level: 100%)
file172.235.163.114	Kimwolf botnet C2 server (confidence level: 100%)
file172.235.163.83	Kimwolf botnet C2 server (confidence level: 100%)
file172.235.163.122	Kimwolf botnet C2 server (confidence level: 100%)
file172.235.163.102	Kimwolf botnet C2 server (confidence level: 100%)
file176.65.139.152	Mirai botnet C2 server (confidence level: 80%)
file104.248.85.23	Kimwolf botnet C2 server (confidence level: 100%)
file142.93.143.216	Kimwolf botnet C2 server (confidence level: 100%)
file64.225.66.108	Kimwolf botnet C2 server (confidence level: 100%)
file91.92.243.111	RemoteAdmin botnet C2 server (confidence level: 100%)
file176.65.139.59	Mirai botnet C2 server (confidence level: 80%)
file86.54.24.26	Cobalt Strike botnet C2 server (confidence level: 100%)
file156.245.147.101	Cobalt Strike botnet C2 server (confidence level: 100%)
file46.137.196.122	Cobalt Strike botnet C2 server (confidence level: 100%)
file170.75.170.59	Unknown malware botnet C2 server (confidence level: 75%)
file170.75.162.74	Unknown malware botnet C2 server (confidence level: 75%)
file206.166.251.249	DarkComet botnet C2 server (confidence level: 50%)
file94.156.155.42	Stealc botnet C2 server (confidence level: 75%)
file151.246.238.186	SectopRAT botnet C2 server (confidence level: 75%)
file185.158.250.188	Socks5 Systemz botnet C2 server (confidence level: 50%)
file31.57.38.106	Remcos botnet C2 server (confidence level: 75%)
file31.56.209.119	Remcos botnet C2 server (confidence level: 75%)
file154.41.194.67	Xtreme RAT botnet C2 server (confidence level: 75%)
file48.220.32.238	NjRAT botnet C2 server (confidence level: 100%)
file193.181.46.11	Vjw0rm botnet C2 server (confidence level: 100%)
file8.136.155.237	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.122.147.35	Cobalt Strike botnet C2 server (confidence level: 100%)
file79.124.59.142	Lumma Stealer payload delivery server (confidence level: 100%)
file47.109.20.107	Cobalt Strike botnet C2 server (confidence level: 75%)
file117.50.71.2	ValleyRAT botnet C2 server (confidence level: 75%)
file100.113.210.8	Cobalt Strike botnet C2 server (confidence level: 75%)
file156.245.147.98	Cobalt Strike botnet C2 server (confidence level: 75%)
file217.154.212.25	Cobalt Strike botnet C2 server (confidence level: 75%)
file46.137.196.122	Cobalt Strike botnet C2 server (confidence level: 75%)
file82.156.62.131	Cobalt Strike botnet C2 server (confidence level: 75%)
file45.9.168.219	Remcos botnet C2 server (confidence level: 75%)
file103.140.238.45	Sliver botnet C2 server (confidence level: 75%)
file152.53.103.201	Sliver botnet C2 server (confidence level: 75%)
file104.168.70.158	Remcos botnet C2 server (confidence level: 75%)
file104.168.70.158	Remcos botnet C2 server (confidence level: 75%)

Hash

Value	Description	Copy
hash443	Unknown malware botnet C2 server (confidence level: 80%)
hash45c8cbaeb5c7708e7b8030e701747c65203958e82eddc41f39e0ca93bd36c114	Unknown malware payload (confidence level: 85%)
hash2b8d4f042daf703b7f152d146bfc892500f436279b0d1866995735998f267af0	Unknown malware payload (confidence level: 85%)
hashd2e1ab10d5a0c16a724aeda8acb46b38f551ade58137969c3bc3c9cdc0a12425	Unknown malware payload (confidence level: 85%)
hash75961f1208581c5154324ebe12f01673248374f3aa67317fe79a06fcd2fb9da5	Unknown malware payload (confidence level: 80%)
hashb450e893aafd94f2a81e2b70047e6d2faf20cf4056d39cfc17b69ee78912f8b2	Unknown malware payload (confidence level: 80%)
hash10d1c6165f86237950eaff9c19e87eaa3eb5045afedcc7e4db5ba1188e3911fe	Unknown malware payload (confidence level: 80%)
hashba041a2dcf88f9ba5e4f9dd0f6e39679f394e6b1d97c6ee765bace9dad247317	Unknown malware payload (confidence level: 80%)
hash0ea172359ddfe89be701d8f80acb4f179ca56af2a214a46a2843367e7b05aa16	Unknown malware payload (confidence level: 80%)
hashb7b9d77c527e8c2588bfd5bcc573167bb6e83b68250b009aaa68dcd3ed0a21de	Unknown malware payload (confidence level: 80%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash7716	Mirai botnet C2 server (confidence level: 80%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash8041	RemoteAdmin botnet C2 server (confidence level: 100%)
hash3000	Mirai botnet C2 server (confidence level: 80%)
hash4433	Cobalt Strike botnet C2 server (confidence level: 100%)
hash9010	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 75%)
hash443	Unknown malware botnet C2 server (confidence level: 75%)
hash1604	DarkComet botnet C2 server (confidence level: 50%)
hash80	Stealc botnet C2 server (confidence level: 75%)
hash9000	SectopRAT botnet C2 server (confidence level: 75%)
hash80	Socks5 Systemz botnet C2 server (confidence level: 50%)
hash443	Remcos botnet C2 server (confidence level: 75%)
hash443	Remcos botnet C2 server (confidence level: 75%)
hash6379	Xtreme RAT botnet C2 server (confidence level: 75%)
hash1177	NjRAT botnet C2 server (confidence level: 100%)
hash8000	Vjw0rm botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Lumma Stealer payload delivery server (confidence level: 100%)
hash5cb088f8471cad861d18e64c9cf2b692236813e982fb04ab9283f4cf7b5ee11f	ContagiousDrop payload (confidence level: 100%)
hash5c11e97aaa968cd1d654512f473a26fa7387cb1a2f5a0cb17a96175e28fd6359	ContagiousDrop payload (confidence level: 100%)
hash1c1f3fcd2a0dde248f4d4060a2b1067e46377ab192a09c02a4f6a798a273ad1d	ContagiousDrop payload (confidence level: 100%)
hash5dd771ee7565f3bc7b66af82102a9408caca6039794807fc52bd2b671bae4e8c	ContagiousDrop payload (confidence level: 100%)
hash8a9f86b08e4ebca7c627ef45a9fbc98a25565e3dd581218800a9e1db4a89264b	ContagiousDrop payload (confidence level: 100%)
hashd8ef1fc9bc5a8eb55d1e34ea48ffc221d8f6e8c29b712c3dbf1e4e6dde43fe23	ContagiousDrop payload (confidence level: 100%)
hashb8dd2e60a096daff498d77c01f24b7760e2b23385089f02759b8fa6c5be371e5	ContagiousDrop payload (confidence level: 100%)
hash773ece9712b6b329273710fe39df5847cc2537c2ce22ae291c9de995ce0c1a84	ContagiousDrop payload (confidence level: 100%)
hash363b03a66ccf5d6f8e1632ee33dd37d6e8c4998ac00c8b7d60edcfb6b1dac505	ContagiousDrop payload (confidence level: 100%)
hasha5ddfa8f2127e6f89278d7bff4cc7dec5249b284a2b9512406bdd265a4ab75ca	ContagiousDrop payload (confidence level: 100%)
hash5f70dd06715b95b3bedacd06a37e051611901e56246af05fa3ed9f734082de43	ContagiousDrop payload (confidence level: 100%)
hasha7cd162c691ad71a4c0c5955765d8f7a60d8b7b9a92b277b1ae74b280644cdf8	ContagiousDrop payload (confidence level: 100%)
hashceff282f32aae9ce3dea6a9b00212e6de90669646180cb5e5bb6bf5353527bbd	ContagiousDrop payload (confidence level: 100%)
hash22d5d04000915603c7f144fde8e31b451fb814588b5f18bb4840c8ddf14793f3	ContagiousDrop payload (confidence level: 100%)
hash9d777720bafc548807a94ae67489baf2342c78fcb3d469032523ea2f94973d54	ContagiousDrop payload (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hashcc9e443872d99b07e4bf5f6baa6144fbe0fd24bc610e58340d9b8c755df17fce	BeaverTail payload (confidence level: 100%)
hashb6987d7732888b73a836c7320fbdc0c0fe5d1238584be66f68371481dc3667ab	BeaverTail payload (confidence level: 100%)
hasha9d46f61cf10a1fa83560bd68b077bbc1a149bfc6aad7a237b5d2244a7240c02	Unknown malware payload (confidence level: 90%)
hashb0c9c8c3a10b966873e8cb54b9aa07d0c0e07520b6cf2f23ed790a6eb4c0ea45	Unknown malware payload (confidence level: 85%)
hash6666	ValleyRAT botnet C2 server (confidence level: 75%)
hash8081	Cobalt Strike botnet C2 server (confidence level: 75%)
hash9010	Cobalt Strike botnet C2 server (confidence level: 75%)
hash8081	Cobalt Strike botnet C2 server (confidence level: 75%)
hash8000	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash2404	Remcos botnet C2 server (confidence level: 75%)
hash31337	Sliver botnet C2 server (confidence level: 75%)
hash31337	Sliver botnet C2 server (confidence level: 75%)
hash2404	Remcos botnet C2 server (confidence level: 75%)
hash5000	Remcos botnet C2 server (confidence level: 75%)

Threat ID: 69f29cf6cbff5d86105a0943

Added to database: 4/30/2026, 12:06:14 AM

Last enriched: 4/30/2026, 12:06:21 AM

Last updated: 4/30/2026, 3:49:26 AM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited

View courses

ThreatFox IOCs for 2026-04-29

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

ThreatFox IOCs for 2026-04-29

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Technical Details

Indicators of Compromise

Domain

Url

File

Hash

Community Reviews

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility

ThreatFox IOCs for 2026-04-29

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

ThreatFox IOCs for 2026-04-29

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Technical Details

Indicators of Compromise

Domain

Url

File

Hash

Community Reviews

Related Threats

User interaction with a ClickFix-style phishing site resulted in execution of an obfuscated PowerShell command

KYCShadow: An Android Banking Malware Exploiting Fake KYC Workflows for Credential and OTP Theft

Kyber ransomware is not just post-quantum name-dropping

VECT: Ransomware by design, Wiper by accident

GachiLoader adopts AI skill lure

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility