Reconnecting to live updates…

ThreatFox IOCs for 2026-05-11

Severity: mediumType: malware

AI Analysis

Technical Summary

The ThreatFox IOCs for 2026-05-11 represent a collection of open-source intelligence indicators related to malware and associated network activity. These IOCs serve as threat intelligence for detection and analysis but do not correspond to a specific vulnerability or exploit. No affected software versions or patches are noted, and no active exploitation has been reported. The threat level and distribution metrics suggest moderate concern but limited immediate impact.

Potential Impact

The impact is limited to the presence of malware-related indicators useful for detection and analysis. There is no evidence of active exploitation or direct compromise of specific software versions. The threat intelligence can aid defenders in identifying potential malicious activity but does not indicate a newly discovered vulnerability or critical risk.

Mitigation Recommendations

No patch or official remediation is available or required as this is an intelligence feed providing IOCs rather than a vulnerability. Security teams should incorporate these IOCs into their detection and monitoring tools as appropriate. No urgent action beyond standard threat intelligence consumption is indicated.

Indicators of Compromise

domain: testerlau.lat
domain: cooltool.jp.net
domain: holidayonid.com.co
url: https://aeroflexsealing.com/
domain: app.qq8893.com
domain: 2mdj56rl.sa.com
domain: lankbos.nl
domain: x88-km88k.com
domain: x88.diy
domain: subsieuvip9.com
domain: u888n.info
file: 104.168.5.18
hash: 8823
file: 192.3.171.227
hash: 8823
domain: seriesblog.tv
domain: authshellverif.co
domain: lbs.xybcaap.my.id
file: 130.12.182.209
hash: 1525
file: 137.184.38.192
hash: 8808
file: 144.91.78.57
hash: 9008
file: 158.94.210.70
hash: 22532
file: 168.222.97.106
hash: 8808
file: 172.239.57.52
hash: 1234
file: 172.245.97.237
hash: 2030
file: 185.212.128.76
hash: 9000
file: 185.242.245.27
hash: 44875
file: 193.169.194.19
hash: 8264
file: 194.163.175.135
hash: 8679
file: 20.114.142.61
hash: 7443
file: 31.57.184.154
hash: 7007
file: 43.133.149.36
hash: 7443
file: 44.215.161.149
hash: 4005
file: 45.153.34.51
hash: 58001
file: 5.101.81.81
hash: 6448
file: 78.47.143.18
hash: 8053
file: 89.42.134.220
hash: 7707
file: 91.92.243.63
hash: 35631
file: 91.92.243.63
hash: 35635
domain: argvlidcheck.co
domain: jnxetp.sa.com
url: https://steamcommunity.com/profiles/76561198706525776
url: https://telegram.me/b9te3i
url: https://ehj.loniluekegerman.com/
url: https://mpd.loniluekegerman.com/
url: https://88.198.103.89/
url: https://88.198.103.91/
url: https://178.63.30.143/
url: https://178.63.30.62/
url: https://88.198.103.95/
url: https://88.198.103.92/
url: https://178.63.30.34/
url: https://88.198.103.93/
url: https://88.198.103.94/
url: https://88.198.103.88/
url: https://176.9.29.205/
url: https://88.198.103.90/
url: https://178.63.30.48/
domain: ehj.loniluekegerman.com
domain: mpd.loniluekegerman.com
domain: pwrlogview.devharbor.pics
file: 88.198.103.89
hash: 443
file: 88.198.103.91
hash: 443
file: 178.63.30.143
hash: 443
file: 178.63.30.62
hash: 443
file: 88.198.103.95
hash: 443
file: 88.198.103.92
hash: 443
file: 178.63.30.34
hash: 443
file: 88.198.103.93
hash: 443
file: 88.198.103.94
hash: 443
file: 88.198.103.88
hash: 443
file: 176.9.29.205
hash: 443
file: 88.198.103.90
hash: 443
file: 178.63.30.48
hash: 443
domain: malware.sv388tong.cyou
domain: wnm.loniluekegerman.com
url: https://wnm.loniluekegerman.com/
domain: httpsfewapi.surf
file: 117.72.198.62
hash: 9987
file: 172.245.28.187
hash: 4440
file: 38.55.124.41
hash: 16571
domain: techapiguard.co
domain: glokchapigui.co
domain: mikelle.beer
domain: qzxcwp8k.encryption5hadow.digital
domain: xty75g4b.encryption5hadow.digital
domain: cloudinhelper.com
domain: ldnscreatejs.beer
domain: milksos.cfd
domain: 777x.you
domain: af88.run
domain: vipbookssearch.radio.fm
domain: brc.loniluekegerman.com
url: https://brc.loniluekegerman.com/
domain: autboxserv.scriptnode.pics
domain: srvnode.open-system-infra-logic-base.wiki
domain: refidcorex.scriptnode.pics
domain: webcdnstat.open-system-infra-logic-base.wiki
domain: comwebstat.scriptnode.pics
domain: api.open-system-infra-logic-base.wiki
domain: taskidview.scriptnode.pics
domain: logmansys.open-system-infra-logic-base.wiki
domain: pi.open-system-infra-logic-base.wiki
domain: sys.open-system-infra-logic-base.wiki
domain: 3navorel.digital
domain: admin.sextop1.cafe
domain: af88.life
domain: backend.sextop1.cafe
domain: cdn.viet69.vg
domain: dev.sextop1.cafe
domain: img.viet69.vg
domain: vbits.open-system-infra-logic-base.wiki
file: 198.54.117.215
hash: 43
file: 198.54.117.215
hash: 53
file: 198.54.117.215
hash: 8080
file: 198.54.117.215
hash: 8888
file: 199.59.243.226
hash: 43
file: 199.59.243.226
hash: 443
file: 199.59.243.226
hash: 53
file: 199.59.243.226
hash: 80
file: 199.59.243.226
hash: 8080
file: 91.195.240.123
hash: 43
file: 91.195.240.123
hash: 443
file: 91.195.240.123
hash: 53
file: 91.195.240.123
hash: 80
file: 91.195.240.123
hash: 8080
file: 91.195.240.123
hash: 8888
file: 94.154.172.236
hash: 43
file: 94.154.172.236
hash: 443
file: 94.154.172.236
hash: 53
file: 94.154.172.236
hash: 80
file: 94.154.172.236
hash: 8080
file: 94.154.172.236
hash: 8888
domain: web-stack-node.wiki
domain: run.web-stack-node.wiki
domain: cmgr.web-stack-node.wiki
domain: viablestonewall.digital
file: 103.247.11.53
hash: 7443
file: 109.73.193.242
hash: 10140
file: 13.60.193.80
hash: 4321
file: 139.180.153.57
hash: 4321
file: 139.99.131.177
hash: 8000
file: 155.103.71.115
hash: 14548
file: 185.190.142.66
hash: 4321
file: 185.212.128.72
hash: 9000
file: 213.139.77.243
hash: 55555
file: 45.77.89.29
hash: 4321
file: 46.253.143.52
hash: 4321
file: 51.77.54.76
hash: 6769
file: 64.199.252.59
hash: 3333
domain: global-data-mgr-proc-unit.wiki
domain: nfsclaudecdn.beer
domain: viscdnclaud.beer
domain: dixel-pixxxl232.digital
url: https://dixel-pixxxl232.digital/t.js
url: https://dixel-pixxxl232.digital/t.188cfd3975db.js
url: https://dixel-pixxxl232.digital/ext-b.998e3b1c1a4e.js
url: https://dixel-pixxxl232.digital/ext.0db0461f0031.js
domain: olovier.lol
url: https://olovier.lol/file.js
url: https://olovier.lol/t
url: https://olovier.lol/g
url: https://olovier.lol/c
domain: chauvet.club
url: https://chauvet.club/file.js
url: https://chauvet.club/t
url: https://chauvet.club/g
url: https://chauvet.club/c
domain: gautter.lol
url: https://gautter.lol/file.js
url: https://gautter.lol/t
url: https://gautter.lol/g
url: https://gautter.lol/c
domain: riihard.top
url: https://riihard.top/file.js
url: https://riihard.top/t
url: https://riihard.top/g
url: https://riihard.top/c
domain: bel1tower.digital
url: https://bel1tower.digital/script.sh
domain: greyhounds1uidor.digital
url: https://greyhounds1uidor.digital/script.sh
domain: tale-neurosurgery.digital
url: https://tale-neurosurgery.digital/script.sh
domain: net-ops-flow-master.co
domain: vexon1al.digital
url: https://vexon1al.digital/script.sh
domain: baroquecam-up.digital
url: https://baroquecam-up.digital/script.sh
domain: light-copying5ingle.digital
url: https://light-copying5ingle.digital/script.sh
domain: data-stack-node.co
domain: global-cloud-infra-logic.co
domain: system-core-set.co
file: 112.124.71.123
hash: 55555
file: 117.50.184.221
hash: 10080
domain: mpd.pegasus-77.biz.id
url: https://mpd.pegasus-77.biz.id/
domain: brc.chriskendall.media
url: https://brc.chriskendall.media/
domain: cloud-stack-run-base.co
domain: dba.loniluekegerman.com
url: https://dba.loniluekegerman.com/

ThreatFox IOCs for 2026-05-11

Severity: medium

Type: malware

ThreatFox IOCs for 2026-05-11

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

domain: testerlau.lat
domain: cooltool.jp.net
domain: holidayonid.com.co
url: https://aeroflexsealing.com/
domain: app.qq8893.com
domain: 2mdj56rl.sa.com
domain: lankbos.nl
domain: x88-km88k.com
domain: x88.diy
domain: subsieuvip9.com
domain: u888n.info
file: 104.168.5.18
hash: 8823
file: 192.3.171.227
hash: 8823
domain: seriesblog.tv
domain: authshellverif.co
domain: lbs.xybcaap.my.id
file: 130.12.182.209
hash: 1525
file: 137.184.38.192
hash: 8808
file: 144.91.78.57
hash: 9008
file: 158.94.210.70
hash: 22532
file: 168.222.97.106
hash: 8808
file: 172.239.57.52
hash: 1234
file: 172.245.97.237
hash: 2030
file: 185.212.128.76
hash: 9000
file: 185.242.245.27
hash: 44875
file: 193.169.194.19
hash: 8264
file: 194.163.175.135
hash: 8679
file: 20.114.142.61
hash: 7443
file: 31.57.184.154
hash: 7007
file: 43.133.149.36
hash: 7443
file: 44.215.161.149
hash: 4005
file: 45.153.34.51
hash: 58001
file: 5.101.81.81
hash: 6448
file: 78.47.143.18
hash: 8053
file: 89.42.134.220
hash: 7707
file: 91.92.243.63
hash: 35631
file: 91.92.243.63
hash: 35635
domain: argvlidcheck.co
domain: jnxetp.sa.com
url: https://steamcommunity.com/profiles/76561198706525776
url: https://telegram.me/b9te3i
url: https://ehj.loniluekegerman.com/
url: https://mpd.loniluekegerman.com/
url: https://88.198.103.89/
url: https://88.198.103.91/
url: https://178.63.30.143/
url: https://178.63.30.62/
url: https://88.198.103.95/
url: https://88.198.103.92/
url: https://178.63.30.34/
url: https://88.198.103.93/
url: https://88.198.103.94/
url: https://88.198.103.88/
url: https://176.9.29.205/
url: https://88.198.103.90/
url: https://178.63.30.48/
domain: ehj.loniluekegerman.com
domain: mpd.loniluekegerman.com
domain: pwrlogview.devharbor.pics
file: 88.198.103.89
hash: 443
file: 88.198.103.91
hash: 443
file: 178.63.30.143
hash: 443
file: 178.63.30.62
hash: 443
file: 88.198.103.95
hash: 443
file: 88.198.103.92
hash: 443
file: 178.63.30.34
hash: 443
file: 88.198.103.93
hash: 443
file: 88.198.103.94
hash: 443
file: 88.198.103.88
hash: 443
file: 176.9.29.205
hash: 443
file: 88.198.103.90
hash: 443
file: 178.63.30.48
hash: 443
domain: malware.sv388tong.cyou
domain: wnm.loniluekegerman.com
url: https://wnm.loniluekegerman.com/
domain: httpsfewapi.surf
file: 117.72.198.62
hash: 9987
file: 172.245.28.187
hash: 4440
file: 38.55.124.41
hash: 16571
domain: techapiguard.co
domain: glokchapigui.co
domain: mikelle.beer
domain: qzxcwp8k.encryption5hadow.digital
domain: xty75g4b.encryption5hadow.digital
domain: cloudinhelper.com
domain: ldnscreatejs.beer
domain: milksos.cfd
domain: 777x.you
domain: af88.run
domain: vipbookssearch.radio.fm
domain: brc.loniluekegerman.com
url: https://brc.loniluekegerman.com/
domain: autboxserv.scriptnode.pics
domain: srvnode.open-system-infra-logic-base.wiki
domain: refidcorex.scriptnode.pics
domain: webcdnstat.open-system-infra-logic-base.wiki
domain: comwebstat.scriptnode.pics
domain: api.open-system-infra-logic-base.wiki
domain: taskidview.scriptnode.pics
domain: logmansys.open-system-infra-logic-base.wiki
domain: pi.open-system-infra-logic-base.wiki
domain: sys.open-system-infra-logic-base.wiki
domain: 3navorel.digital
domain: admin.sextop1.cafe
domain: af88.life
domain: backend.sextop1.cafe
domain: cdn.viet69.vg
domain: dev.sextop1.cafe
domain: img.viet69.vg
domain: vbits.open-system-infra-logic-base.wiki
file: 198.54.117.215
hash: 43
file: 198.54.117.215
hash: 53
file: 198.54.117.215
hash: 8080
file: 198.54.117.215
hash: 8888
file: 199.59.243.226
hash: 43
file: 199.59.243.226
hash: 443
file: 199.59.243.226
hash: 53
file: 199.59.243.226
hash: 80
file: 199.59.243.226
hash: 8080
file: 91.195.240.123
hash: 43
file: 91.195.240.123
hash: 443
file: 91.195.240.123
hash: 53
file: 91.195.240.123
hash: 80
file: 91.195.240.123
hash: 8080
file: 91.195.240.123
hash: 8888
file: 94.154.172.236
hash: 43
file: 94.154.172.236
hash: 443
file: 94.154.172.236
hash: 53
file: 94.154.172.236
hash: 80
file: 94.154.172.236
hash: 8080
file: 94.154.172.236
hash: 8888
domain: web-stack-node.wiki
domain: run.web-stack-node.wiki
domain: cmgr.web-stack-node.wiki
domain: viablestonewall.digital
file: 103.247.11.53
hash: 7443
file: 109.73.193.242
hash: 10140
file: 13.60.193.80
hash: 4321
file: 139.180.153.57
hash: 4321
file: 139.99.131.177
hash: 8000
file: 155.103.71.115
hash: 14548
file: 185.190.142.66
hash: 4321
file: 185.212.128.72
hash: 9000
file: 213.139.77.243
hash: 55555
file: 45.77.89.29
hash: 4321
file: 46.253.143.52
hash: 4321
file: 51.77.54.76
hash: 6769
file: 64.199.252.59
hash: 3333
domain: global-data-mgr-proc-unit.wiki
domain: nfsclaudecdn.beer
domain: viscdnclaud.beer
domain: dixel-pixxxl232.digital
url: https://dixel-pixxxl232.digital/t.js
url: https://dixel-pixxxl232.digital/t.188cfd3975db.js
url: https://dixel-pixxxl232.digital/ext-b.998e3b1c1a4e.js
url: https://dixel-pixxxl232.digital/ext.0db0461f0031.js
domain: olovier.lol
url: https://olovier.lol/file.js
url: https://olovier.lol/t
url: https://olovier.lol/g
url: https://olovier.lol/c
domain: chauvet.club
url: https://chauvet.club/file.js
url: https://chauvet.club/t
url: https://chauvet.club/g
url: https://chauvet.club/c
domain: gautter.lol
url: https://gautter.lol/file.js
url: https://gautter.lol/t
url: https://gautter.lol/g
url: https://gautter.lol/c
domain: riihard.top
url: https://riihard.top/file.js
url: https://riihard.top/t
url: https://riihard.top/g
url: https://riihard.top/c
domain: bel1tower.digital
url: https://bel1tower.digital/script.sh
domain: greyhounds1uidor.digital
url: https://greyhounds1uidor.digital/script.sh
domain: tale-neurosurgery.digital
url: https://tale-neurosurgery.digital/script.sh
domain: net-ops-flow-master.co
domain: vexon1al.digital
url: https://vexon1al.digital/script.sh
domain: baroquecam-up.digital
url: https://baroquecam-up.digital/script.sh
domain: light-copying5ingle.digital
url: https://light-copying5ingle.digital/script.sh
domain: data-stack-node.co
domain: global-cloud-infra-logic.co
domain: system-core-set.co
file: 112.124.71.123
hash: 55555
file: 117.50.184.221
hash: 10080
domain: mpd.pegasus-77.biz.id
url: https://mpd.pegasus-77.biz.id/
domain: brc.chriskendall.media
url: https://brc.chriskendall.media/
domain: cloud-stack-run-base.co
domain: dba.loniluekegerman.com
url: https://dba.loniluekegerman.com/

Source: ThreatFox MISP Feed

Published: Mon May 11 2026

ThreatFox IOCs for 2026-05-11

Medium

Malwaretype:osint tlp:white

Published: Mon May 11 2026 (05/11/2026, 00:00:00 UTC)

Source: ThreatFox MISP Feed

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2026-05-11

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 05/12/2026, 00:36:23 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: 409e9bd7-56d7-47f5-93bf-415e39607b09
Original Timestamp: 1778544188

Indicators of Compromise

Domain

Value	Description	Copy
domaintesterlau.lat	Unknown Webinject payload delivery domain (confidence level: 100%)
domaincooltool.jp.net	AsyncRAT botnet C2 domain (confidence level: 75%)
domainholidayonid.com.co	AsyncRAT botnet C2 domain (confidence level: 75%)
domainapp.qq8893.com	AsyncRAT botnet C2 domain (confidence level: 75%)
domain2mdj56rl.sa.com	Quasar RAT botnet C2 domain (confidence level: 75%)
domainlankbos.nl	Quasar RAT botnet C2 domain (confidence level: 75%)
domainx88-km88k.com	Quasar RAT botnet C2 domain (confidence level: 75%)
domainx88.diy	Quasar RAT botnet C2 domain (confidence level: 75%)
domainsubsieuvip9.com	Quasar RAT botnet C2 domain (confidence level: 75%)
domainu888n.info	Nanocore RAT botnet C2 domain (confidence level: 75%)
domainseriesblog.tv	Nanocore RAT botnet C2 domain (confidence level: 75%)
domainauthshellverif.co	ClearFake payload delivery domain (confidence level: 100%)
domainlbs.xybcaap.my.id	Vidar botnet C2 domain (confidence level: 100%)
domainargvlidcheck.co	ClearFake payload delivery domain (confidence level: 100%)
domainjnxetp.sa.com	Nanocore RAT botnet C2 domain (confidence level: 75%)
domainehj.loniluekegerman.com	Vidar botnet C2 domain (confidence level: 100%)
domainmpd.loniluekegerman.com	Vidar botnet C2 domain (confidence level: 100%)
domainpwrlogview.devharbor.pics	ClearFake payload delivery domain (confidence level: 100%)
domainmalware.sv388tong.cyou	AsyncRAT botnet C2 domain (confidence level: 75%)
domainwnm.loniluekegerman.com	Vidar botnet C2 domain (confidence level: 100%)
domainhttpsfewapi.surf	ClearFake payload delivery domain (confidence level: 100%)
domaintechapiguard.co	ClearFake payload delivery domain (confidence level: 100%)
domainglokchapigui.co	ClearFake payload delivery domain (confidence level: 100%)
domainmikelle.beer	Unknown malware payload delivery domain (confidence level: 100%)
domainqzxcwp8k.encryption5hadow.digital	ClearFake payload delivery domain (confidence level: 100%)
domainxty75g4b.encryption5hadow.digital	ClearFake payload delivery domain (confidence level: 100%)
domaincloudinhelper.com	Unknown malware payload delivery domain (confidence level: 100%)
domainldnscreatejs.beer	Unknown malware payload delivery domain (confidence level: 100%)
domainmilksos.cfd	Unknown malware payload delivery domain (confidence level: 100%)
domain777x.you	AsyncRAT botnet C2 domain (confidence level: 75%)
domainaf88.run	AsyncRAT botnet C2 domain (confidence level: 75%)
domainvipbookssearch.radio.fm	Quasar RAT botnet C2 domain (confidence level: 75%)
domainbrc.loniluekegerman.com	Vidar botnet C2 domain (confidence level: 100%)
domainautboxserv.scriptnode.pics	ClearFake payload delivery domain (confidence level: 100%)
domainsrvnode.open-system-infra-logic-base.wiki	ClearFake payload delivery domain (confidence level: 100%)
domainrefidcorex.scriptnode.pics	ClearFake payload delivery domain (confidence level: 100%)
domainwebcdnstat.open-system-infra-logic-base.wiki	ClearFake payload delivery domain (confidence level: 100%)
domaincomwebstat.scriptnode.pics	ClearFake payload delivery domain (confidence level: 100%)
domainapi.open-system-infra-logic-base.wiki	ClearFake payload delivery domain (confidence level: 100%)
domaintaskidview.scriptnode.pics	ClearFake payload delivery domain (confidence level: 100%)
domainlogmansys.open-system-infra-logic-base.wiki	ClearFake payload delivery domain (confidence level: 100%)
domainpi.open-system-infra-logic-base.wiki	ClearFake payload delivery domain (confidence level: 100%)
domainsys.open-system-infra-logic-base.wiki	ClearFake payload delivery domain (confidence level: 100%)
domain3navorel.digital	ClearFake payload delivery domain (confidence level: 100%)
domainadmin.sextop1.cafe	AsyncRAT botnet C2 domain (confidence level: 75%)
domainaf88.life	AsyncRAT botnet C2 domain (confidence level: 75%)
domainbackend.sextop1.cafe	AsyncRAT botnet C2 domain (confidence level: 75%)
domaincdn.viet69.vg	AsyncRAT botnet C2 domain (confidence level: 75%)
domaindev.sextop1.cafe	AsyncRAT botnet C2 domain (confidence level: 75%)
domainimg.viet69.vg	AsyncRAT botnet C2 domain (confidence level: 75%)
domainvbits.open-system-infra-logic-base.wiki	ClearFake payload delivery domain (confidence level: 100%)
domainweb-stack-node.wiki	ClearFake payload delivery domain (confidence level: 100%)
domainrun.web-stack-node.wiki	ClearFake payload delivery domain (confidence level: 100%)
domaincmgr.web-stack-node.wiki	ClearFake payload delivery domain (confidence level: 100%)
domainviablestonewall.digital	ClearFake payload delivery domain (confidence level: 100%)
domainglobal-data-mgr-proc-unit.wiki	ClearFake payload delivery domain (confidence level: 100%)
domainnfsclaudecdn.beer	Unknown malware payload delivery domain (confidence level: 100%)
domainviscdnclaud.beer	Unknown malware payload delivery domain (confidence level: 100%)
domaindixel-pixxxl232.digital	Unknown malware payload delivery domain (confidence level: 100%)
domainolovier.lol	KongTuke payload delivery domain (confidence level: 100%)
domainchauvet.club	KongTuke payload delivery domain (confidence level: 100%)
domaingautter.lol	KongTuke payload delivery domain (confidence level: 100%)
domainriihard.top	KongTuke payload delivery domain (confidence level: 100%)
domainbel1tower.digital	Unknown malware payload delivery domain (confidence level: 100%)
domaingreyhounds1uidor.digital	Unknown malware payload delivery domain (confidence level: 100%)
domaintale-neurosurgery.digital	Unknown malware payload delivery domain (confidence level: 100%)
domainnet-ops-flow-master.co	ClearFake payload delivery domain (confidence level: 100%)
domainvexon1al.digital	Unknown malware payload delivery domain (confidence level: 100%)
domainbaroquecam-up.digital	Unknown malware payload delivery domain (confidence level: 100%)
domainlight-copying5ingle.digital	Unknown malware payload delivery domain (confidence level: 100%)
domaindata-stack-node.co	ClearFake payload delivery domain (confidence level: 100%)
domainglobal-cloud-infra-logic.co	ClearFake payload delivery domain (confidence level: 100%)
domainsystem-core-set.co	ClearFake payload delivery domain (confidence level: 100%)
domainmpd.pegasus-77.biz.id	Vidar botnet C2 domain (confidence level: 100%)
domainbrc.chriskendall.media	Vidar botnet C2 domain (confidence level: 100%)
domaincloud-stack-run-base.co	ClearFake payload delivery domain (confidence level: 100%)
domaindba.loniluekegerman.com	Vidar botnet C2 domain (confidence level: 100%)

Url

Value	Description	Copy
urlhttps://aeroflexsealing.com/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://steamcommunity.com/profiles/76561198706525776	Vidar botnet C2 (confidence level: 100%)
urlhttps://telegram.me/b9te3i	Vidar botnet C2 (confidence level: 100%)
urlhttps://ehj.loniluekegerman.com/	Vidar botnet C2 (confidence level: 100%)
urlhttps://mpd.loniluekegerman.com/	Vidar botnet C2 (confidence level: 100%)
urlhttps://88.198.103.89/	Vidar botnet C2 (confidence level: 100%)
urlhttps://88.198.103.91/	Vidar botnet C2 (confidence level: 100%)
urlhttps://178.63.30.143/	Vidar botnet C2 (confidence level: 100%)
urlhttps://178.63.30.62/	Vidar botnet C2 (confidence level: 100%)
urlhttps://88.198.103.95/	Vidar botnet C2 (confidence level: 100%)
urlhttps://88.198.103.92/	Vidar botnet C2 (confidence level: 100%)
urlhttps://178.63.30.34/	Vidar botnet C2 (confidence level: 100%)
urlhttps://88.198.103.93/	Vidar botnet C2 (confidence level: 100%)
urlhttps://88.198.103.94/	Vidar botnet C2 (confidence level: 100%)
urlhttps://88.198.103.88/	Vidar botnet C2 (confidence level: 100%)
urlhttps://176.9.29.205/	Vidar botnet C2 (confidence level: 100%)
urlhttps://88.198.103.90/	Vidar botnet C2 (confidence level: 100%)
urlhttps://178.63.30.48/	Vidar botnet C2 (confidence level: 100%)
urlhttps://wnm.loniluekegerman.com/	Vidar botnet C2 (confidence level: 100%)
urlhttps://brc.loniluekegerman.com/	Vidar botnet C2 (confidence level: 100%)
urlhttps://dixel-pixxxl232.digital/t.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://dixel-pixxxl232.digital/t.188cfd3975db.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://dixel-pixxxl232.digital/ext-b.998e3b1c1a4e.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://dixel-pixxxl232.digital/ext.0db0461f0031.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://olovier.lol/file.js	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://olovier.lol/t	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://olovier.lol/g	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://olovier.lol/c	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://chauvet.club/file.js	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://chauvet.club/t	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://chauvet.club/g	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://chauvet.club/c	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://gautter.lol/file.js	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://gautter.lol/t	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://gautter.lol/g	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://gautter.lol/c	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://riihard.top/file.js	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://riihard.top/t	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://riihard.top/g	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://riihard.top/c	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://bel1tower.digital/script.sh	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://greyhounds1uidor.digital/script.sh	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://tale-neurosurgery.digital/script.sh	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://vexon1al.digital/script.sh	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://baroquecam-up.digital/script.sh	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://light-copying5ingle.digital/script.sh	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://mpd.pegasus-77.biz.id/	Vidar botnet C2 (confidence level: 100%)
urlhttps://brc.chriskendall.media/	Vidar botnet C2 (confidence level: 100%)
urlhttps://dba.loniluekegerman.com/	Vidar botnet C2 (confidence level: 100%)

File

Value	Description	Copy
file104.168.5.18	XWorm botnet C2 server (confidence level: 75%)
file192.3.171.227	XWorm botnet C2 server (confidence level: 75%)
file130.12.182.209	AsyncRAT botnet C2 server (confidence level: 75%)
file137.184.38.192	AsyncRAT botnet C2 server (confidence level: 75%)
file144.91.78.57	Remcos botnet C2 server (confidence level: 75%)
file158.94.210.70	AsyncRAT botnet C2 server (confidence level: 75%)
file168.222.97.106	AsyncRAT botnet C2 server (confidence level: 75%)
file172.239.57.52	AdaptixC2 botnet C2 server (confidence level: 75%)
file172.245.97.237	Evilginx botnet C2 server (confidence level: 75%)
file185.212.128.76	Evilginx botnet C2 server (confidence level: 75%)
file185.242.245.27	AdaptixC2 botnet C2 server (confidence level: 75%)
file193.169.194.19	Remcos botnet C2 server (confidence level: 75%)
file194.163.175.135	AdaptixC2 botnet C2 server (confidence level: 75%)
file20.114.142.61	Unknown malware botnet C2 server (confidence level: 75%)
file31.57.184.154	AsyncRAT botnet C2 server (confidence level: 75%)
file43.133.149.36	Unknown malware botnet C2 server (confidence level: 75%)
file44.215.161.149	Havoc botnet C2 server (confidence level: 75%)
file45.153.34.51	Remcos botnet C2 server (confidence level: 75%)
file5.101.81.81	Remcos botnet C2 server (confidence level: 75%)
file78.47.143.18	Remcos botnet C2 server (confidence level: 75%)
file89.42.134.220	AsyncRAT botnet C2 server (confidence level: 75%)
file91.92.243.63	DCRat botnet C2 server (confidence level: 75%)
file91.92.243.63	DCRat botnet C2 server (confidence level: 75%)
file88.198.103.89	Vidar botnet C2 server (confidence level: 100%)
file88.198.103.91	Vidar botnet C2 server (confidence level: 100%)
file178.63.30.143	Vidar botnet C2 server (confidence level: 100%)
file178.63.30.62	Vidar botnet C2 server (confidence level: 100%)
file88.198.103.95	Vidar botnet C2 server (confidence level: 100%)
file88.198.103.92	Vidar botnet C2 server (confidence level: 100%)
file178.63.30.34	Vidar botnet C2 server (confidence level: 100%)
file88.198.103.93	Vidar botnet C2 server (confidence level: 100%)
file88.198.103.94	Vidar botnet C2 server (confidence level: 100%)
file88.198.103.88	Vidar botnet C2 server (confidence level: 100%)
file176.9.29.205	Vidar botnet C2 server (confidence level: 100%)
file88.198.103.90	Vidar botnet C2 server (confidence level: 100%)
file178.63.30.48	Vidar botnet C2 server (confidence level: 100%)
file117.72.198.62	Cobalt Strike botnet C2 server (confidence level: 75%)
file172.245.28.187	Cobalt Strike botnet C2 server (confidence level: 75%)
file38.55.124.41	Cobalt Strike botnet C2 server (confidence level: 75%)
file198.54.117.215	AsyncRAT botnet C2 server (confidence level: 75%)
file198.54.117.215	AsyncRAT botnet C2 server (confidence level: 75%)
file198.54.117.215	AsyncRAT botnet C2 server (confidence level: 75%)
file198.54.117.215	AsyncRAT botnet C2 server (confidence level: 75%)
file199.59.243.226	AsyncRAT botnet C2 server (confidence level: 75%)
file199.59.243.226	AsyncRAT botnet C2 server (confidence level: 75%)
file199.59.243.226	AsyncRAT botnet C2 server (confidence level: 75%)
file199.59.243.226	AsyncRAT botnet C2 server (confidence level: 75%)
file199.59.243.226	AsyncRAT botnet C2 server (confidence level: 75%)
file91.195.240.123	AsyncRAT botnet C2 server (confidence level: 75%)
file91.195.240.123	AsyncRAT botnet C2 server (confidence level: 75%)
file91.195.240.123	AsyncRAT botnet C2 server (confidence level: 75%)
file91.195.240.123	AsyncRAT botnet C2 server (confidence level: 75%)
file91.195.240.123	AsyncRAT botnet C2 server (confidence level: 75%)
file91.195.240.123	AsyncRAT botnet C2 server (confidence level: 75%)
file94.154.172.236	AsyncRAT botnet C2 server (confidence level: 75%)
file94.154.172.236	AsyncRAT botnet C2 server (confidence level: 75%)
file94.154.172.236	AsyncRAT botnet C2 server (confidence level: 75%)
file94.154.172.236	AsyncRAT botnet C2 server (confidence level: 75%)
file94.154.172.236	AsyncRAT botnet C2 server (confidence level: 75%)
file94.154.172.236	AsyncRAT botnet C2 server (confidence level: 75%)
file103.247.11.53	Unknown malware botnet C2 server (confidence level: 75%)
file109.73.193.242	AdaptixC2 botnet C2 server (confidence level: 75%)
file13.60.193.80	AdaptixC2 botnet C2 server (confidence level: 75%)
file139.180.153.57	AdaptixC2 botnet C2 server (confidence level: 75%)
file139.99.131.177	AsyncRAT botnet C2 server (confidence level: 75%)
file155.103.71.115	Remcos botnet C2 server (confidence level: 75%)
file185.190.142.66	AdaptixC2 botnet C2 server (confidence level: 75%)
file185.212.128.72	Evilginx botnet C2 server (confidence level: 75%)
file213.139.77.243	Eye Pyramid botnet C2 server (confidence level: 75%)
file45.77.89.29	AdaptixC2 botnet C2 server (confidence level: 75%)
file46.253.143.52	AdaptixC2 botnet C2 server (confidence level: 75%)
file51.77.54.76	AdaptixC2 botnet C2 server (confidence level: 75%)
file64.199.252.59	Evilginx botnet C2 server (confidence level: 75%)
file112.124.71.123	Cobalt Strike botnet C2 server (confidence level: 75%)
file117.50.184.221	Cobalt Strike botnet C2 server (confidence level: 75%)

Hash

Value	Description	Copy
hash8823	XWorm botnet C2 server (confidence level: 75%)
hash8823	XWorm botnet C2 server (confidence level: 75%)
hash1525	AsyncRAT botnet C2 server (confidence level: 75%)
hash8808	AsyncRAT botnet C2 server (confidence level: 75%)
hash9008	Remcos botnet C2 server (confidence level: 75%)
hash22532	AsyncRAT botnet C2 server (confidence level: 75%)
hash8808	AsyncRAT botnet C2 server (confidence level: 75%)
hash1234	AdaptixC2 botnet C2 server (confidence level: 75%)
hash2030	Evilginx botnet C2 server (confidence level: 75%)
hash9000	Evilginx botnet C2 server (confidence level: 75%)
hash44875	AdaptixC2 botnet C2 server (confidence level: 75%)
hash8264	Remcos botnet C2 server (confidence level: 75%)
hash8679	AdaptixC2 botnet C2 server (confidence level: 75%)
hash7443	Unknown malware botnet C2 server (confidence level: 75%)
hash7007	AsyncRAT botnet C2 server (confidence level: 75%)
hash7443	Unknown malware botnet C2 server (confidence level: 75%)
hash4005	Havoc botnet C2 server (confidence level: 75%)
hash58001	Remcos botnet C2 server (confidence level: 75%)
hash6448	Remcos botnet C2 server (confidence level: 75%)
hash8053	Remcos botnet C2 server (confidence level: 75%)
hash7707	AsyncRAT botnet C2 server (confidence level: 75%)
hash35631	DCRat botnet C2 server (confidence level: 75%)
hash35635	DCRat botnet C2 server (confidence level: 75%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash9987	Cobalt Strike botnet C2 server (confidence level: 75%)
hash4440	Cobalt Strike botnet C2 server (confidence level: 75%)
hash16571	Cobalt Strike botnet C2 server (confidence level: 75%)
hash43	AsyncRAT botnet C2 server (confidence level: 75%)
hash53	AsyncRAT botnet C2 server (confidence level: 75%)
hash8080	AsyncRAT botnet C2 server (confidence level: 75%)
hash8888	AsyncRAT botnet C2 server (confidence level: 75%)
hash43	AsyncRAT botnet C2 server (confidence level: 75%)
hash443	AsyncRAT botnet C2 server (confidence level: 75%)
hash53	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash8080	AsyncRAT botnet C2 server (confidence level: 75%)
hash43	AsyncRAT botnet C2 server (confidence level: 75%)
hash443	AsyncRAT botnet C2 server (confidence level: 75%)
hash53	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash8080	AsyncRAT botnet C2 server (confidence level: 75%)
hash8888	AsyncRAT botnet C2 server (confidence level: 75%)
hash43	AsyncRAT botnet C2 server (confidence level: 75%)
hash443	AsyncRAT botnet C2 server (confidence level: 75%)
hash53	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash8080	AsyncRAT botnet C2 server (confidence level: 75%)
hash8888	AsyncRAT botnet C2 server (confidence level: 75%)
hash7443	Unknown malware botnet C2 server (confidence level: 75%)
hash10140	AdaptixC2 botnet C2 server (confidence level: 75%)
hash4321	AdaptixC2 botnet C2 server (confidence level: 75%)
hash4321	AdaptixC2 botnet C2 server (confidence level: 75%)
hash8000	AsyncRAT botnet C2 server (confidence level: 75%)
hash14548	Remcos botnet C2 server (confidence level: 75%)
hash4321	AdaptixC2 botnet C2 server (confidence level: 75%)
hash9000	Evilginx botnet C2 server (confidence level: 75%)
hash55555	Eye Pyramid botnet C2 server (confidence level: 75%)
hash4321	AdaptixC2 botnet C2 server (confidence level: 75%)
hash4321	AdaptixC2 botnet C2 server (confidence level: 75%)
hash6769	AdaptixC2 botnet C2 server (confidence level: 75%)
hash3333	Evilginx botnet C2 server (confidence level: 75%)
hash55555	Cobalt Strike botnet C2 server (confidence level: 75%)
hash10080	Cobalt Strike botnet C2 server (confidence level: 75%)

Threat ID: 6a02727bcbff5d861072242b

Added to database: 5/12/2026, 12:21:15 AM

Last enriched: 5/12/2026, 12:36:23 AM

Last updated: 5/12/2026, 3:53:20 AM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited

View courses

ThreatFox IOCs for 2026-05-11

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

ThreatFox IOCs for 2026-05-11

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Technical Details

Indicators of Compromise

Domain

Url

File

Hash

Community Reviews

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility

ThreatFox IOCs for 2026-05-11

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

ThreatFox IOCs for 2026-05-11

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Technical Details

Indicators of Compromise

Domain

Url

File

Hash

Community Reviews

Related Threats

Poisoning the well: AI supply chain attacks on Hugging Face and OpenClaw

Unmasking a Multi-Stage Loader: AutoIt Abuse Leading to Vidar Stealer Command-and-Control Communication

Needle: Inside a Modular Crypto-Stealing C2 That Left Its Keys in the Malware

AI-Assisted Lure Factory Targets Developers & Gamers

New TrickMo Variant: Device Take Over malware targeting Banking, Fintech, Wallet & Auth apps

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility