Reconnecting to live updates…

ThreatFox IOCs for 2026-05-14

Severity: mediumType: malware

AI Analysis

Technical Summary

The data represents a collection of threat intelligence indicators associated with malware activity reported on 2026-05-14 by the ThreatFox MISP Feed. It focuses on OSINT-related payload delivery and network activity without specifying particular vulnerabilities or exploits. No affected software versions or patches are identified, and no active exploitation is confirmed. The threat level metadata suggests moderate concern but lacks detailed technical elaboration.

Potential Impact

The impact is currently limited to the presence of malware-related indicators that may assist in detection and response efforts. There is no evidence of active exploitation or specific vulnerabilities being targeted. Without known exploits or affected versions, the immediate risk to systems is unclear but warrants monitoring.

Mitigation Recommendations

No patches or official fixes are available for this threat. Security teams should leverage the provided IOCs for detection and monitoring within their environments. Standard malware defense measures and network monitoring aligned with the indicators are recommended. Since no active exploits are confirmed, no urgent remediation actions are indicated.

Indicators of Compromise

url: https://weddingcarsofmaleny.com.au/
url: https://wine-more.com/
url: https://winworkorders.com/
url: https://yousufdigitalcenter.com/
url: https://xlmeubels.nl/
url: https://www.wari.com.pe/
url: https://www.vicunaadventuresperu.com/
file: 46.28.69.174
hash: 5433
file: 144.48.124.92
hash: 5000
file: 142.93.138.244
hash: 25001
file: 142.93.141.44
hash: 25001
file: 167.99.33.8
hash: 25001
file: 165.232.84.84
hash: 25001
file: 152.42.134.192
hash: 25001
file: 164.92.222.73
hash: 25001
file: 206.189.107.197
hash: 25001
file: 178.128.251.88
hash: 25001
file: 8.163.88.124
hash: 8084
file: 47.122.118.104
hash: 8084
file: 206.119.3.239
hash: 8884
file: 206.119.1.234
hash: 8884
file: 206.119.0.253
hash: 8884
file: 206.119.0.244
hash: 8884
file: 144.48.124.93
hash: 8084
file: 101.132.156.12
hash: 80
file: 158.94.209.243
hash: 3333
file: 206.119.0.241
hash: 8884
file: 101.132.156.12
hash: 8080
file: 103.242.12.143
hash: 8888
file: 103.143.207.71
hash: 8080
file: 47.108.62.225
hash: 443
file: 47.108.62.225
hash: 80
file: 47.108.62.225
hash: 8080
url: https://ziaurrahmanbd.com/
url: https://zadaljnna.org/
url: https://xn--sanmartindecaaveras-73b.es/
url: https://adobe-readeronline.github.io/macos-themes/
domain: vaytaichinh247.net
url: http://103.242.12.143:8888/supershell/login/
file: 130.94.66.70
hash: 8080
file: 130.94.66.70
hash: 443
url: https://permacyclists.com/
url: https://peptidguide.com/
url: https://www.printingshell.co.uk/
domain: ipodcast.ottawassmotors.com
file: 83.243.86.234
hash: 6969
url: https://onyon.org/
url: https://nelsonmrodriguez.com/
url: https://noblegeneralconstruction.com/
url: https://pcccthanhhuy.com/
url: https://onoffsound.com/
url: https://pasbannews.net/
domain: welcomeearth.tv
file: 130.94.17.236
hash: 8084
url: https://nhatnamco.com/
url: https://mnasalonsuites.com/
url: https://nextcell.com.my/
url: https://www.netcooilfield.com/
url: https://mymedicarebasics.com/
domain: afroempiredance.com
domain: alfonsocerreti.it
domain: chameleoninserts.com
domain: cmvpl.com
domain: eternalchess.com
domain: glistertexsourcing.com
domain: martialnovalis.com
domain: prostazin.com
domain: seppiacultura.org
domain: shadetree.financial
domain: sippinservice.com
domain: styledsoulseries.com
domain: terramarketgroup.com
url: https://www.maidog.fr/
url: https://lmrentacar.com/
url: https://www.medraa.com/
url: https://meccabot.id/
url: https://majestichomecare.nl/
url: https://medinova.ng/
file: 134.175.250.157
hash: 18084
file: 114.132.169.168
hash: 6326
file: 106.55.227.228
hash: 8084
url: https://www.lionsclubs-ghana.org/
url: https://livewelltoday.site/
url: https://lekeitioikt.eus/
url: https://lindabrasil.store/
file: 156.245.207.25
hash: 8084
url: https://lisanslandiniz.com/
file: 201.233.216.55
hash: 60100
file: 23.95.103.214
hash: 25000
file: 172.245.195.213
hash: 14641
file: 36.50.54.130
hash: 8080
file: 158.160.75.185
hash: 40606
url: https://poledreamstudio.com/
url: https://pietepublice.ro/
url: https://trafficmanagerupdate.com/index.php
url: https://103.27.108.55:48265/
url: https://rol.chanleil.com/custom
url: https://rol.chanleil.com/xr
url: https://rol.chanleil.com/xu
url: https://rol.chanleil.com/x
url: https://white.chanleil.com/xin
url: https://white.chanleil.com/xrt
url: https://white.chanleil.com/xsc
url: https://white.chanleil.com/xrf
domain: chanleil.com
url: https://www.xchangerapp.com/xch-welcome
url: https://www.xchangerapp.com/xch-terms
url: https://www.xchangerapp.com/xch-privacy
domain: xchangerapp.com
domain: w1.quakingconfined.digital
file: 144.48.124.90
hash: 8084
file: 144.48.124.91
hash: 8084
url: https://officialguidebarcelona.com/
file: 144.48.124.92
hash: 8084
file: 144.48.124.94
hash: 8084
url: https://myachtconsulting.com/
url: https://nomoretype2.site/
url: https://newspaperhelp.com/
url: https://www.nsantosmaintenanceltd.co.uk/
file: 138.124.113.131
hash: 443
file: 138.124.113.131
hash: 80
file: 138.124.113.131
hash: 8080
file: 185.242.245.27
hash: 443
file: 167.172.45.254
hash: 25001
file: 161.35.153.93
hash: 25001
file: 164.92.216.39
hash: 25001
file: 104.248.94.155
hash: 25001
file: 146.190.229.65
hash: 25001
file: 206.189.110.2
hash: 25001
file: 209.38.42.209
hash: 25001
file: 167.71.9.85
hash: 25001
file: 185.242.245.27
hash: 80
file: 185.242.245.27
hash: 8080
file: 172.98.23.100
hash: 8089
file: 172.98.23.100
hash: 8088
file: 154.19.242.244
hash: 6677
url: https://neuronoetics.org/
file: 206.119.0.227
hash: 8884
file: 206.119.0.240
hash: 8884
file: 206.119.0.243
hash: 8884
file: 206.119.0.245
hash: 8884
file: 45.64.109.37
hash: 80
file: 45.64.109.34
hash: 8081
file: 47.76.237.133
hash: 51578
file: 45.64.109.34
hash: 80
file: 130.12.180.141
hash: 443
file: 130.12.180.141
hash: 80
file: 47.102.184.26
hash: 8443
file: 15.134.187.219
hash: 443
file: 63.182.21.121
hash: 443
file: 168.245.203.169
hash: 3790
file: 45.64.109.36
hash: 80
file: 112.124.71.123
hash: 8080
file: 43.144.11.16
hash: 80
url: https://vaci-cloud.b-cdn.net/sound.zip
hash: 22796f9c654f6331d19703a7ad86489e4bb24326cea0cb5e88d73d8959f201a5
hash: b1d36af5f55f6e046bfc3f85aaa12c79a11ef319df7ea067f66827dede8e0804
file: 178.16.52.126
hash: 443
hash: 0684e219382ad08314e4fc53e6cf3a31b94c80f95d05f971f9efee89b0529b53
file: 45.64.109.36
hash: 8081
file: 43.144.11.16
hash: 443
file: 43.144.11.16
hash: 8080
file: 198.44.179.38
hash: 443
file: 144.48.124.91
hash: 8888
file: 144.48.124.93
hash: 8888
file: 198.44.179.38
hash: 8080
file: 144.48.124.93
hash: 5000
file: 168.144.89.48
hash: 443
file: 168.144.89.48
hash: 80
file: 168.144.89.48
hash: 8080
file: 45.64.109.38
hash: 8081
file: 45.64.109.38
hash: 80
file: 45.64.109.37
hash: 8081
file: 47.76.37.50
hash: 8080
file: 188.166.113.135
hash: 25001
file: 157.245.79.104
hash: 25001
file: 159.223.218.114
hash: 25001
file: 134.209.81.255
hash: 25001
file: 167.99.43.202
hash: 25001
file: 64.225.76.166
hash: 25001
file: 188.166.2.204
hash: 25001
file: 146.190.224.38
hash: 25001
file: 47.122.152.65
hash: 8084
file: 47.107.247.124
hash: 9930
file: 149.88.86.94
hash: 8089
file: 149.88.86.94
hash: 443
file: 149.88.86.94
hash: 80
file: 47.239.222.85
hash: 80
file: 47.239.222.85
hash: 8080
file: 137.184.38.192
hash: 7707
file: 149.88.86.94
hash: 8080
file: 161.97.166.38
hash: 30900
file: 194.26.192.229
hash: 7777
file: 194.26.192.229
hash: 9999
file: 198.167.212.236
hash: 80
domain: claude-code.official-version.com
url: http://a2abotnet.com/gate
file: 192.227.167.150
hash: 8084
file: 103.43.8.214
hash: 1234
file: 103.85.191.210
hash: 8084
file: 103.85.191.214
hash: 8084
file: 155.117.46.184
hash: 8084
url: https://gdedengikarlos.cfd/
file: 154.91.81.116
hash: 80
file: 154.91.81.116
hash: 10443
file: 206.119.167.239
hash: 32899
file: 66.163.112.213
hash: 80
file: 66.163.112.213
hash: 8080
file: 64.90.19.209
hash: 443
file: 64.90.19.209
hash: 80
file: 64.90.19.209
hash: 8080
file: 46.28.69.174
hash: 6380
file: 145.249.115.191
hash: 443
url: https://backup-terminal-gateway-handle-list.wiki/931c1f4c-c65d-4544-a2b4-15835e711dae/google.ct
url: https://tertsiyavocalsunseenfile.wiki/3062e946-7d0a-4f38-bbd9-9eb7604e1eb2/google.ct
url: https://virtual-compute-engine-template-doc.wiki/178ca1b8-122a-45db-8701-54a54ba0af0c/google.ct
url: https://utl1juep.estradaannivers.digital/?ublib=xlynswxtsrrhdhmy
url: https://bula-silomercitationlaptop.wiki/dc812321-09e9-41cd-b3d7-34ca5812ad16/google.ct
file: 67.215.255.41
hash: 8088
file: 115.190.233.132
hash: 18080
url: https://boltonplanthire.co.uk/contact/
url: https://platinumedical.com/
url: https://tc6a45vhtrtyxq09z.xyz/
file: 167.71.3.139
hash: 25001
file: 188.166.22.67
hash: 25001
file: 188.166.91.14
hash: 25001
file: 142.93.137.143
hash: 25001
file: 167.99.37.76
hash: 25001
file: 164.92.146.200
hash: 25001
file: 188.166.82.211
hash: 25001
file: 104.248.84.84
hash: 25001
file: 87.121.89.170
hash: 8080
file: 87.121.89.170
hash: 443
file: 43.139.170.200
hash: 8080
file: 82.156.62.131
hash: 443
file: 82.156.62.131
hash: 8080
url: https://lightmap.net/
url: https://docuverify.link/
hash: 025fc0976c548fb5a880c83ea3eb21a5f23c5d53c4e51e862bb893c11adf712a
hash: 1334f0189a8e6dbc48456fa4b482c5726ab7609f7fa652fcc4c1a96f2334436f
hash: 1af419b36a5edefef387409e2b3248c9223f7dc49a4f7b15ea095d371c3a70b2
hash: 22b38dad7da097ea03aa28d0614164cd25fafeb1383dbc15047e34c8050f6f67
hash: 24ac3588fb8cfbff63b7fdfcbc7dec1f3c60e54e6f949dd69d68e89e0c89d966
hash: 2ed9494e9b7b68415b4eb151c922c82c0191294d0aa443dd2cb5133e6bfe3d5d
hash: 3ab9575225e00a83a4ac2b534da5a710bdcf6eb72884944c437b5fbe5c5c9235
hash: 3c2182cb0bc7528829ef03f1b1745a92bcc47d917eb8870862488f21fdf1a6d6
hash: 48d9b2ce4fcd6854a3164ce395d7140014e0b58b77680623f3e4ca22d3a6e7fd
hash: 4a175eed927c0a477eafb8aa35a93c191748acaa78ac7aecd8ea3c4cd868887c
hash: 51b9f246d6da85631131fcd1fabf0a67937d4bdde33625a44f7ee6a3a7baebd2
hash: 62c2c24937d67fdeb43f2c9690ab10e8bb90713af46945048db9a94a465ffcb8
hash: 6a3ab9e984a759d55af4e84487d1fc44683065cc9a1089d5aa4ad1c0e4e84a63
hash: 860a6177b055a2f5aa61470d17ec3c69da24f1cdf0a782237055cba431158923
hash: 87d25d0e5880b3b5cd30106853cbfc6ef1ad38966b30d9bd5b99df46098e546c
hash: 8aa0cb69ca2777001e0f4ba0eaab0841592710e4cc5ccd6b0b526d78bbd8bfba
hash: 8c87134c1b45e990e9568f0a3899b0076f94be16d3c40fa824ac1e6c6ee892db
hash: 91415e0b9fe4e7cbe43ec0558a7adf89423de30d22b00b985c2e4b97e75076b1
hash: 994d6d1edb57f945f4284cc0163ec998861c7496d85f6d45c08657c9727186e3
hash: 9f61ff4deb8afced8b1ecdc8787a134c63bde632b18293fbfc94a91749e3e454
hash: a7a19cab7aab606f833fa8225bc94ec9570a6666660b02cc41a63fe39ea8b0ad
hash: b67958afc982cafbe1c3f114b444d7f4c91a88a3e7a86f89ab8795ac2110d1e6
hash: c46b5a18ab3fb5fd1c5c8288a41c75bf0170c10b5e829af89370a12c86dd10f8
hash: c7f7b5a6e7d93221344e6368c7ab4abf93e162f7567e1a7bcb8786cb8a183a73
hash: dce2e5cc00eff2493f8ced546dc51f9d5ef78c5ee56805906ec642dfa77a1c70
hash: dfe696ff713318c53fb17731bd4a6585a02c085b590149b19847990b324a0be6
hash: ec368ae0b4369b6ef0da244774995c819c63cffb7fd2132379963b9c1640ccd2
hash: efaf8e7422ffd09c7f03f1a5b4e5c2cc32b05334c18d1ccb9673667f8f43108f
hash: f736be55193c77af346dbe905e25f6a1dee3ec1aedca8989ad2088e4f6576b12
hash: fc75ed2159e0c8274076e46a37671cfb8d677af9f586224da1713df89490a958
hash: 1eece1e1ba4b96e6c784729f0608ad2939cfb67bc4236dfababbe1d09268960c
hash: 5dc607c8990841139768884b1b43e1403496d5a458788a1937be139594f01dca
hash: 788ba200f776a188c248d6c2029f00b5d34be45d4444f7cb89ffe838c39b8b19
domain: dl.bicstrategic.com
file: 104.248.193.149
hash: 25001
file: 174.138.1.133
hash: 25001
file: 64.227.70.132
hash: 25001
file: 142.93.225.57
hash: 25001
file: 188.166.115.96
hash: 25001
file: 188.166.58.100
hash: 25001
file: 142.93.229.90
hash: 25001
file: 206.189.1.227
hash: 25001
file: 8.218.224.15
hash: 888
file: 8.218.224.15
hash: 80
file: 8.218.224.15
hash: 8080
url: http://109.199.111.106:5000/login
file: 109.199.111.106
hash: 5000
url: https://maidog.fr/
file: 8.218.224.15
hash: 443
file: 34.155.134.233
hash: 443
url: https://bradtte.lol/api/v1/session
url: https://bradtte.lol/api/v1/verify
url: https://bradtte.lol/api/v1/status
url: https://1eh2e3taw3g.com/d
domain: 1eh2e3taw3g.com
file: 107.172.255.93
hash: 8084
file: 103.195.188.212
hash: 8080
file: 209.38.46.40
hash: 25001
file: 142.93.143.10
hash: 25001
file: 188.166.16.10
hash: 25001
file: 188.166.22.238
hash: 25001
file: 104.248.92.93
hash: 25001
file: 64.227.79.101
hash: 25001
file: 188.166.8.75
hash: 25001
url: https://virusblocker.it.com/12156011215601
url: https://virusblocker.it.com/11e6c6611e6c66
domain: bucket-aws-s1.com
domain: bucket-aws-s2.com
domain: fileless-storage-s3.cc
domain: handle-me-sv1.com
domain: health-smooth-eu1.com
domain: memory-protection-layer1.cc
domain: memory-protection-layer2.cc
url: https://edr-security-bucket1.cc/
domain: complicaty.ru
domain: 2026123.xyz
file: 80.78.30.62
hash: 443
file: 107.172.255.93
hash: 18989
file: 121.40.223.126
hash: 8084
file: 155.94.172.177
hash: 8084
domain: batppp26.top
domain: batppp556.top
domain: dysimasyd.shop
domain: hidoslsk.shop
domain: hivuwnd.shop
domain: indaspands.shop
domain: kihdsmas.shop
domain: kimsjafw.shop
domain: longpih.shop
domain: loveuina.shop
domain: minkadsus.shop
domain: newpay115.top
domain: onepay114.top
domain: onepay178.top
domain: onepay234.top
domain: onepay58.top
domain: yumigdjsna.shop
domain: batppp91.top
domain: onepay138.top
domain: onepay146.top
domain: onepay1951.top
domain: onepay212.top
domain: tiejdnsadbhs.shop
file: 80.97.160.51
hash: 443
hash: e6c60ca4f996b209bbaf7429182d7ed76acf761bb9c1de63486fcb76635fa58c
file: 148.135.120.162
hash: 37890
file: 141.164.51.179
hash: 443
file: 141.164.51.179
hash: 80
url: http://85.239.144.31:6600/v5pfpu6s/digitalprintfilfaster.msi
hash: 3acf0c5484f7b9a08fee20f36d76566c53423b6612ec20bb5194fbb5beecb939
file: 77.238.248.158
hash: 443
file: 85.239.144.31
hash: 6600
file: 155.94.172.22
hash: 8084
file: 141.164.51.179
hash: 8080
file: 45.76.101.191
hash: 8083
file: 45.64.109.35
hash: 8081
file: 38.60.227.144
hash: 8080
file: 144.48.124.91
hash: 5000
file: 154.36.165.109
hash: 13490
file: 45.64.109.35
hash: 80
file: 154.36.165.109
hash: 10981
file: 144.48.124.94
hash: 5000
url: http://31.76.251.143/0f1da281ab93408e9369.php
url: http://31.76.251.143/0f1da281ab93408e9369.php
file: 38.76.198.56
hash: 10001
file: 45.76.189.162
hash: 443
file: 45.76.189.162
hash: 80
domain: immersevocalistidleness.wiki
domain: medicin-morisomtobeafraid.wiki
domain: beacontweezersbinge.wiki
file: 45.76.189.162
hash: 8080
file: 45.202.249.88
hash: 8080
file: 75.119.154.8
hash: 6666
domain: cpanel.sbkollel.org
domain: parish.menberetsebaotholytrinityeotc.org
domain: antiq-telegraphyproduct.wiki
domain: brightestprocexchange.wiki
domain: ymv70dbd.monotheism-sled.digital
domain: i0zaakp5.monotheism-sled.digital
file: 45.88.91.34
hash: 5000
domain: crypt-algorithm-analysis-expert-board.wiki
url: https://bible.maweb.eu/
domain: hardware-resource-monitor-tool-box.wiki
domain: analytical-traffic-audit-record-file.wiki
file: 101.36.127.214
hash: 8443
file: 85.239.144.31
hash: 443
file: 77.238.248.158
hash: 443
url: http://85.239.144.31:6600/v5pfpu6s/setup_s3.exe
url: http://85.239.144.31/bql6ni355agdginanj
hash: a91b1c2431bb2e6b319c700667f0f6f404826088a9ab3ace0bac9a288089adfb
hash: 93ae001caa4bb4f9be0d180c0200d1ec0a7a6fe20aaa32e198747ca422570a07
hash: da787c1d0ae23b370a5b3d55ee03600d3ce78f0227f9a75b66dc89183d782d45
hash: bbaf69f94449b05c868e6fe69a94ce9119c8d37dea6170047cad024a4c034c9e
hash: 74487f6f803c08427526e45fdb39189f11e0051b8a9582da99431d2dd8e00baa
hash: 87e90afe44152688fbc4de77c3b5c2dee31741e6869c35f11b66501780085c89
hash: da5cdb5b4742039fb6e1cd6f9eb713fea5b33c7a1bbe657ef277e93b71a896fc
hash: 4cf3aa44e1631fe0da3530081c00066ac3e8f8fa2a2c48d7f633fdc3fcaa723f
domain: binary-buffer-overflow-protection-lab.wiki
domain: stat-collection-engine-performance-view.wiki
domain: amo9xzld.disorientbreak.digital
domain: 9xbc3jzp.disorientbreak.digital
domain: remote-sensor-proxy-tunnel-config.wiki
file: 159.138.145.247
hash: 8032
file: 155.138.193.22
hash: 3389
file: 155.138.193.22
hash: 9200
file: 87.120.107.68
hash: 7777
domain: meta-data-shredding-cleanup-utility.wiki
domain: kernel-patch-update-release-history.wiki
file: 130.94.57.109
hash: 443
file: 91.214.78.65
hash: 4455
file: 46.246.82.6
hash: 9999
domain: trace-route-diagnostic-signal-map.wiki
domain: byte-stream-encryption-standard-base.wiki
domain: 1jyk1gm9.unseen-zorenka.digital
domain: binary-block-state-collection.wiki
domain: qe74wzzp.unseen-zorenka.digital
file: 46.246.80.3
hash: 39850
file: 154.36.186.21
hash: 9999
file: 118.195.157.212
hash: 8443
domain: binary-block-tabel-expert-get.wiki
domain: engine-block-tabel-stream-key.wiki
file: 64.225.71.229
hash: 25001
file: 146.190.228.24
hash: 25001
file: 64.227.71.238
hash: 25001
file: 64.225.72.180
hash: 25001
file: 104.248.86.191
hash: 25001
file: 165.232.90.27
hash: 25001
file: 167.71.5.107
hash: 25001
file: 159.223.4.189
hash: 25001
domain: desk-sensor-tabel-tunnel-key.wiki
file: 206.189.7.73
hash: 25001
file: 119.45.0.179
hash: 8443
file: 154.211.89.222
hash: 8443
file: 178.16.52.120
hash: 80
file: 154.19.242.244
hash: 8777
file: 206.189.99.116
hash: 25001
domain: virtual-routing-gateway.wiki
domain: fke.chriskendallvo.com
url: https://fke.chriskendallvo.com/
domain: fke.dusapp.com.br
url: https://fke.dusapp.com.br/
domain: distributed-cache-storage-layer.wiki
file: 142.93.200.50
hash: 80
file: 49.234.12.182
hash: 8084
file: 23.94.99.229
hash: 8084
domain: bq99ksyi.unseen-zorenka.digital
domain: e1zwzngt.unseen-zorenka.digital
domain: 25vrwhcd.estat-goldilock.digital
domain: t7osftz9.estat-goldilock.digital
file: 124.223.90.150
hash: 443
file: 124.223.90.150
hash: 8080
file: 47.94.112.200
hash: 8002
file: 8.210.222.251
hash: 56780
domain: serverless-runtime-orchestration-engine.wiki
domain: edge-processing-network.wiki
domain: b2b.genethairsalon.com
file: 192.159.99.34
hash: 6606
file: 84.46.251.62
hash: 4321
domain: cloud-infrastructure-management-platform.wiki
file: 1.15.100.187
hash: 8084
file: 103.53.81.232
hash: 8080
domain: microservice-control-plane-node.wiki
domain: editions.seattlemysterylovers.com
domain: federated-storage-cluster-system.wiki
domain: 8xorq0f0.after-diacritic.digital
domain: x16zauz3.after-diacritic.digital
domain: telemetry-stream-hub.wiki
file: 150.158.109.61
hash: 8080
file: 207.56.226.75
hash: 80
file: 207.56.226.75
hash: 8080
domain: asynchronous-message-routing-framework.wiki
domain: hypervisor-resource-grid.wiki
file: 113.31.115.231
hash: 443
file: 39.101.78.48
hash: 8080
domain: global-infra-logic-get-hash.wiki
file: 47.98.207.93
hash: 8888
file: 47.121.117.88
hash: 8443
file: 106.75.252.66
hash: 8088
file: 38.12.36.10
hash: 80
file: 147.78.2.110
hash: 80
file: 175.178.36.137
hash: 8090
file: 47.121.117.88
hash: 443
file: 47.76.208.187
hash: 80
domain: app-front.anmaradigital.com
domain: global-infra-node-date-hash.wiki
domain: snap.promantree.com
domain: mzfa4p99.sue-intentioned.digital
domain: 4oob20cq.sue-intentioned.digital
domain: stack-core-node-date-hash.wiki
file: 206.206.78.209
hash: 24789
file: 43.129.88.120
hash: 23451
file: 94.154.35.73
hash: 3333
file: 75.119.154.8
hash: 8888
url: https://datakeluaransgp.cfd/
url: https://correia.lol/file.js
domain: correia.lol
url: https://correia.lol/api/v1/session
url: https://correia.lol/api/v1/verify
url: https://correia.lol/api/v1/status
domain: homansicloud.icu
domain: ggx.hypervisor-resource-allocation.in.net
domain: auth.unnerpectinreword.us
domain: jack.versionverif.icu
file: 5.252.155.27
hash: 56001
domain: master-core-system-date-slink.wiki
file: 154.41.194.196
hash: 139
file: 184.105.8.132
hash: 139
file: 45.189.67.246
hash: 53
file: 94.99.98.77
hash: 139
file: 31.56.209.88
hash: 80
file: 45.88.91.243
hash: 80
file: 185.102.115.62
hash: 80
file: 45.38.19.120
hash: 80
file: 212.43.147.70
hash: 9000
file: 2.27.123.150
hash: 1337
file: 170.75.161.133
hash: 443
file: 170.75.166.167
hash: 443
domain: gnn.fatherchrismas.com
url: https://gnn.fatherchrismas.com/
domain: gnn.dusapp.com.br
url: https://gnn.dusapp.com.br/
file: 217.60.241.17
hash: 8080
file: 185.99.255.17
hash: 80
file: 144.31.123.157
hash: 443
file: 45.192.219.138
hash: 443
url: https://qiig7t2nzog.com/d
domain: qiig7t2nzog.com
domain: master-voivo-system-shop-slink.wiki
file: 5.230.201.146
hash: 5003
file: 75.119.154.8
hash: 8808
file: 158.94.209.207
hash: 57872
file: 158.94.209.207
hash: 58827
domain: l1.topayapp.org
domain: 6hndc.com
file: 185.203.39.71
hash: 8853
file: 185.203.39.71
hash: 7070
domain: static.alfreshup.com
file: 77.90.51.233
hash: 443
domain: handout-voivo-desk-ship-link.wiki
url: https://www.terramarketgroup.com/
url: https://www.alfonsocerreti.it/
url: https://eternalchess.com/
url: https://cmvpl.com/
domain: card-oracle-mac-laptop.wiki
domain: jpfwdwpz.champag-mannered.digital
domain: ywh94lky.champag-mannered.digital
file: 123.57.106.8
hash: 33972
file: 38.244.38.42
hash: 60000
file: 38.244.38.42
hash: 443
domain: layer-get-win-tron.wiki
domain: revvedupnet.com
domain: brullercorp.com
domain: iasolopreneur.com
domain: bigsolutionsgc.com
domain: sahalexchange.com
domain: layer-obs-usget-tron.wiki
domain: obese-table-usweb-play.wiki
domain: pro-cyber-defense.courses
domain: smartworkflowmanagement.courses
domain: ws09ax4h.limous-nitout.digital
domain: jmlzwn2l.limous-nitout.digital
domain: expert-trading-academy.courses
domain: logic-buffer-skills.courses
domain: masteringdigital-arch.courses
domain: system-analytics-pro-guide.courses
domain: quickwebdevops.courses
domain: enterprise-security-log.courses
domain: 3az65saf.flos-strip.digital
domain: sd9arw2r.flos-strip.digital
domain: advanced-it-infrastructure.courses
domain: coder-logic-vault.courses
domain: sup.fatherchrismas.com
url: https://sup.fatherchrismas.com/
file: 104.243.248.63
hash: 1806
file: 138.9.219.221
hash: 8015
file: 91.215.85.121
hash: 8848
file: 95.141.133.7
hash: 7443
domain: cloudruntime.courses
domain: packet-routing-lab.courses
domain: sup.dusapp.com.br
url: https://sup.dusapp.com.br/
domain: microservicehub.courses
domain: serverless-mesh-core.courses
domain: 1y9a9xkq.bitter-salty.digital
domain: p4l3fctz.bitter-salty.digital
domain: edge-processing-network.courses
domain: cartwell-pastphantom.courses
domain: telemetrycore.courses
domain: inherittruckdoge.courses
domain: wsfzy3vb.ripples-shark.digital
domain: virtual-session-gateway.courses
domain: krc5t7kn.ripples-shark.digital
domain: ct.feliz.icu
file: 1.117.61.9
hash: 8443
domain: kadush-sideburnsushan.courses
domain: distributedcache.courses
domain: gnashhusks.courses

ThreatFox IOCs for 2026-05-14

Severity: medium

Type: malware

ThreatFox IOCs for 2026-05-14

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

url: https://weddingcarsofmaleny.com.au/
url: https://wine-more.com/
url: https://winworkorders.com/
url: https://yousufdigitalcenter.com/
url: https://xlmeubels.nl/
url: https://www.wari.com.pe/
url: https://www.vicunaadventuresperu.com/
file: 46.28.69.174
hash: 5433
file: 144.48.124.92
hash: 5000
file: 142.93.138.244
hash: 25001
file: 142.93.141.44
hash: 25001
file: 167.99.33.8
hash: 25001
file: 165.232.84.84
hash: 25001
file: 152.42.134.192
hash: 25001
file: 164.92.222.73
hash: 25001
file: 206.189.107.197
hash: 25001
file: 178.128.251.88
hash: 25001
file: 8.163.88.124
hash: 8084
file: 47.122.118.104
hash: 8084
file: 206.119.3.239
hash: 8884
file: 206.119.1.234
hash: 8884
file: 206.119.0.253
hash: 8884
file: 206.119.0.244
hash: 8884
file: 144.48.124.93
hash: 8084
file: 101.132.156.12
hash: 80
file: 158.94.209.243
hash: 3333
file: 206.119.0.241
hash: 8884
file: 101.132.156.12
hash: 8080
file: 103.242.12.143
hash: 8888
file: 103.143.207.71
hash: 8080
file: 47.108.62.225
hash: 443
file: 47.108.62.225
hash: 80
file: 47.108.62.225
hash: 8080
url: https://ziaurrahmanbd.com/
url: https://zadaljnna.org/
url: https://xn--sanmartindecaaveras-73b.es/
url: https://adobe-readeronline.github.io/macos-themes/
domain: vaytaichinh247.net
url: http://103.242.12.143:8888/supershell/login/
file: 130.94.66.70
hash: 8080
file: 130.94.66.70
hash: 443
url: https://permacyclists.com/
url: https://peptidguide.com/
url: https://www.printingshell.co.uk/
domain: ipodcast.ottawassmotors.com
file: 83.243.86.234
hash: 6969
url: https://onyon.org/
url: https://nelsonmrodriguez.com/
url: https://noblegeneralconstruction.com/
url: https://pcccthanhhuy.com/
url: https://onoffsound.com/
url: https://pasbannews.net/
domain: welcomeearth.tv
file: 130.94.17.236
hash: 8084
url: https://nhatnamco.com/
url: https://mnasalonsuites.com/
url: https://nextcell.com.my/
url: https://www.netcooilfield.com/
url: https://mymedicarebasics.com/
domain: afroempiredance.com
domain: alfonsocerreti.it
domain: chameleoninserts.com
domain: cmvpl.com
domain: eternalchess.com
domain: glistertexsourcing.com
domain: martialnovalis.com
domain: prostazin.com
domain: seppiacultura.org
domain: shadetree.financial
domain: sippinservice.com
domain: styledsoulseries.com
domain: terramarketgroup.com
url: https://www.maidog.fr/
url: https://lmrentacar.com/
url: https://www.medraa.com/
url: https://meccabot.id/
url: https://majestichomecare.nl/
url: https://medinova.ng/
file: 134.175.250.157
hash: 18084
file: 114.132.169.168
hash: 6326
file: 106.55.227.228
hash: 8084
url: https://www.lionsclubs-ghana.org/
url: https://livewelltoday.site/
url: https://lekeitioikt.eus/
url: https://lindabrasil.store/
file: 156.245.207.25
hash: 8084
url: https://lisanslandiniz.com/
file: 201.233.216.55
hash: 60100
file: 23.95.103.214
hash: 25000
file: 172.245.195.213
hash: 14641
file: 36.50.54.130
hash: 8080
file: 158.160.75.185
hash: 40606
url: https://poledreamstudio.com/
url: https://pietepublice.ro/
url: https://trafficmanagerupdate.com/index.php
url: https://103.27.108.55:48265/
url: https://rol.chanleil.com/custom
url: https://rol.chanleil.com/xr
url: https://rol.chanleil.com/xu
url: https://rol.chanleil.com/x
url: https://white.chanleil.com/xin
url: https://white.chanleil.com/xrt
url: https://white.chanleil.com/xsc
url: https://white.chanleil.com/xrf
domain: chanleil.com
url: https://www.xchangerapp.com/xch-welcome
url: https://www.xchangerapp.com/xch-terms
url: https://www.xchangerapp.com/xch-privacy
domain: xchangerapp.com
domain: w1.quakingconfined.digital
file: 144.48.124.90
hash: 8084
file: 144.48.124.91
hash: 8084
url: https://officialguidebarcelona.com/
file: 144.48.124.92
hash: 8084
file: 144.48.124.94
hash: 8084
url: https://myachtconsulting.com/
url: https://nomoretype2.site/
url: https://newspaperhelp.com/
url: https://www.nsantosmaintenanceltd.co.uk/
file: 138.124.113.131
hash: 443
file: 138.124.113.131
hash: 80
file: 138.124.113.131
hash: 8080
file: 185.242.245.27
hash: 443
file: 167.172.45.254
hash: 25001
file: 161.35.153.93
hash: 25001
file: 164.92.216.39
hash: 25001
file: 104.248.94.155
hash: 25001
file: 146.190.229.65
hash: 25001
file: 206.189.110.2
hash: 25001
file: 209.38.42.209
hash: 25001
file: 167.71.9.85
hash: 25001
file: 185.242.245.27
hash: 80
file: 185.242.245.27
hash: 8080
file: 172.98.23.100
hash: 8089
file: 172.98.23.100
hash: 8088
file: 154.19.242.244
hash: 6677
url: https://neuronoetics.org/
file: 206.119.0.227
hash: 8884
file: 206.119.0.240
hash: 8884
file: 206.119.0.243
hash: 8884
file: 206.119.0.245
hash: 8884
file: 45.64.109.37
hash: 80
file: 45.64.109.34
hash: 8081
file: 47.76.237.133
hash: 51578
file: 45.64.109.34
hash: 80
file: 130.12.180.141
hash: 443
file: 130.12.180.141
hash: 80
file: 47.102.184.26
hash: 8443
file: 15.134.187.219
hash: 443
file: 63.182.21.121
hash: 443
file: 168.245.203.169
hash: 3790
file: 45.64.109.36
hash: 80
file: 112.124.71.123
hash: 8080
file: 43.144.11.16
hash: 80
url: https://vaci-cloud.b-cdn.net/sound.zip
hash: 22796f9c654f6331d19703a7ad86489e4bb24326cea0cb5e88d73d8959f201a5
hash: b1d36af5f55f6e046bfc3f85aaa12c79a11ef319df7ea067f66827dede8e0804
file: 178.16.52.126
hash: 443
hash: 0684e219382ad08314e4fc53e6cf3a31b94c80f95d05f971f9efee89b0529b53
file: 45.64.109.36
hash: 8081
file: 43.144.11.16
hash: 443
file: 43.144.11.16
hash: 8080
file: 198.44.179.38
hash: 443
file: 144.48.124.91
hash: 8888
file: 144.48.124.93
hash: 8888
file: 198.44.179.38
hash: 8080
file: 144.48.124.93
hash: 5000
file: 168.144.89.48
hash: 443
file: 168.144.89.48
hash: 80
file: 168.144.89.48
hash: 8080
file: 45.64.109.38
hash: 8081
file: 45.64.109.38
hash: 80
file: 45.64.109.37
hash: 8081
file: 47.76.37.50
hash: 8080
file: 188.166.113.135
hash: 25001
file: 157.245.79.104
hash: 25001
file: 159.223.218.114
hash: 25001
file: 134.209.81.255
hash: 25001
file: 167.99.43.202
hash: 25001
file: 64.225.76.166
hash: 25001
file: 188.166.2.204
hash: 25001
file: 146.190.224.38
hash: 25001
file: 47.122.152.65
hash: 8084
file: 47.107.247.124
hash: 9930
file: 149.88.86.94
hash: 8089
file: 149.88.86.94
hash: 443
file: 149.88.86.94
hash: 80
file: 47.239.222.85
hash: 80
file: 47.239.222.85
hash: 8080
file: 137.184.38.192
hash: 7707
file: 149.88.86.94
hash: 8080
file: 161.97.166.38
hash: 30900
file: 194.26.192.229
hash: 7777
file: 194.26.192.229
hash: 9999
file: 198.167.212.236
hash: 80
domain: claude-code.official-version.com
url: http://a2abotnet.com/gate
file: 192.227.167.150
hash: 8084
file: 103.43.8.214
hash: 1234
file: 103.85.191.210
hash: 8084
file: 103.85.191.214
hash: 8084
file: 155.117.46.184
hash: 8084
url: https://gdedengikarlos.cfd/
file: 154.91.81.116
hash: 80
file: 154.91.81.116
hash: 10443
file: 206.119.167.239
hash: 32899
file: 66.163.112.213
hash: 80
file: 66.163.112.213
hash: 8080
file: 64.90.19.209
hash: 443
file: 64.90.19.209
hash: 80
file: 64.90.19.209
hash: 8080
file: 46.28.69.174
hash: 6380
file: 145.249.115.191
hash: 443
url: https://backup-terminal-gateway-handle-list.wiki/931c1f4c-c65d-4544-a2b4-15835e711dae/google.ct
url: https://tertsiyavocalsunseenfile.wiki/3062e946-7d0a-4f38-bbd9-9eb7604e1eb2/google.ct
url: https://virtual-compute-engine-template-doc.wiki/178ca1b8-122a-45db-8701-54a54ba0af0c/google.ct
url: https://utl1juep.estradaannivers.digital/?ublib=xlynswxtsrrhdhmy
url: https://bula-silomercitationlaptop.wiki/dc812321-09e9-41cd-b3d7-34ca5812ad16/google.ct
file: 67.215.255.41
hash: 8088
file: 115.190.233.132
hash: 18080
url: https://boltonplanthire.co.uk/contact/
url: https://platinumedical.com/
url: https://tc6a45vhtrtyxq09z.xyz/
file: 167.71.3.139
hash: 25001
file: 188.166.22.67
hash: 25001
file: 188.166.91.14
hash: 25001
file: 142.93.137.143
hash: 25001
file: 167.99.37.76
hash: 25001
file: 164.92.146.200
hash: 25001
file: 188.166.82.211
hash: 25001
file: 104.248.84.84
hash: 25001
file: 87.121.89.170
hash: 8080
file: 87.121.89.170
hash: 443
file: 43.139.170.200
hash: 8080
file: 82.156.62.131
hash: 443
file: 82.156.62.131
hash: 8080
url: https://lightmap.net/
url: https://docuverify.link/
hash: 025fc0976c548fb5a880c83ea3eb21a5f23c5d53c4e51e862bb893c11adf712a
hash: 1334f0189a8e6dbc48456fa4b482c5726ab7609f7fa652fcc4c1a96f2334436f
hash: 1af419b36a5edefef387409e2b3248c9223f7dc49a4f7b15ea095d371c3a70b2
hash: 22b38dad7da097ea03aa28d0614164cd25fafeb1383dbc15047e34c8050f6f67
hash: 24ac3588fb8cfbff63b7fdfcbc7dec1f3c60e54e6f949dd69d68e89e0c89d966
hash: 2ed9494e9b7b68415b4eb151c922c82c0191294d0aa443dd2cb5133e6bfe3d5d
hash: 3ab9575225e00a83a4ac2b534da5a710bdcf6eb72884944c437b5fbe5c5c9235
hash: 3c2182cb0bc7528829ef03f1b1745a92bcc47d917eb8870862488f21fdf1a6d6
hash: 48d9b2ce4fcd6854a3164ce395d7140014e0b58b77680623f3e4ca22d3a6e7fd
hash: 4a175eed927c0a477eafb8aa35a93c191748acaa78ac7aecd8ea3c4cd868887c
hash: 51b9f246d6da85631131fcd1fabf0a67937d4bdde33625a44f7ee6a3a7baebd2
hash: 62c2c24937d67fdeb43f2c9690ab10e8bb90713af46945048db9a94a465ffcb8
hash: 6a3ab9e984a759d55af4e84487d1fc44683065cc9a1089d5aa4ad1c0e4e84a63
hash: 860a6177b055a2f5aa61470d17ec3c69da24f1cdf0a782237055cba431158923
hash: 87d25d0e5880b3b5cd30106853cbfc6ef1ad38966b30d9bd5b99df46098e546c
hash: 8aa0cb69ca2777001e0f4ba0eaab0841592710e4cc5ccd6b0b526d78bbd8bfba
hash: 8c87134c1b45e990e9568f0a3899b0076f94be16d3c40fa824ac1e6c6ee892db
hash: 91415e0b9fe4e7cbe43ec0558a7adf89423de30d22b00b985c2e4b97e75076b1
hash: 994d6d1edb57f945f4284cc0163ec998861c7496d85f6d45c08657c9727186e3
hash: 9f61ff4deb8afced8b1ecdc8787a134c63bde632b18293fbfc94a91749e3e454
hash: a7a19cab7aab606f833fa8225bc94ec9570a6666660b02cc41a63fe39ea8b0ad
hash: b67958afc982cafbe1c3f114b444d7f4c91a88a3e7a86f89ab8795ac2110d1e6
hash: c46b5a18ab3fb5fd1c5c8288a41c75bf0170c10b5e829af89370a12c86dd10f8
hash: c7f7b5a6e7d93221344e6368c7ab4abf93e162f7567e1a7bcb8786cb8a183a73
hash: dce2e5cc00eff2493f8ced546dc51f9d5ef78c5ee56805906ec642dfa77a1c70
hash: dfe696ff713318c53fb17731bd4a6585a02c085b590149b19847990b324a0be6
hash: ec368ae0b4369b6ef0da244774995c819c63cffb7fd2132379963b9c1640ccd2
hash: efaf8e7422ffd09c7f03f1a5b4e5c2cc32b05334c18d1ccb9673667f8f43108f
hash: f736be55193c77af346dbe905e25f6a1dee3ec1aedca8989ad2088e4f6576b12
hash: fc75ed2159e0c8274076e46a37671cfb8d677af9f586224da1713df89490a958
hash: 1eece1e1ba4b96e6c784729f0608ad2939cfb67bc4236dfababbe1d09268960c
hash: 5dc607c8990841139768884b1b43e1403496d5a458788a1937be139594f01dca
hash: 788ba200f776a188c248d6c2029f00b5d34be45d4444f7cb89ffe838c39b8b19
domain: dl.bicstrategic.com
file: 104.248.193.149
hash: 25001
file: 174.138.1.133
hash: 25001
file: 64.227.70.132
hash: 25001
file: 142.93.225.57
hash: 25001
file: 188.166.115.96
hash: 25001
file: 188.166.58.100
hash: 25001
file: 142.93.229.90
hash: 25001
file: 206.189.1.227
hash: 25001
file: 8.218.224.15
hash: 888
file: 8.218.224.15
hash: 80
file: 8.218.224.15
hash: 8080
url: http://109.199.111.106:5000/login
file: 109.199.111.106
hash: 5000
url: https://maidog.fr/
file: 8.218.224.15
hash: 443
file: 34.155.134.233
hash: 443
url: https://bradtte.lol/api/v1/session
url: https://bradtte.lol/api/v1/verify
url: https://bradtte.lol/api/v1/status
url: https://1eh2e3taw3g.com/d
domain: 1eh2e3taw3g.com
file: 107.172.255.93
hash: 8084
file: 103.195.188.212
hash: 8080
file: 209.38.46.40
hash: 25001
file: 142.93.143.10
hash: 25001
file: 188.166.16.10
hash: 25001
file: 188.166.22.238
hash: 25001
file: 104.248.92.93
hash: 25001
file: 64.227.79.101
hash: 25001
file: 188.166.8.75
hash: 25001
url: https://virusblocker.it.com/12156011215601
url: https://virusblocker.it.com/11e6c6611e6c66
domain: bucket-aws-s1.com
domain: bucket-aws-s2.com
domain: fileless-storage-s3.cc
domain: handle-me-sv1.com
domain: health-smooth-eu1.com
domain: memory-protection-layer1.cc
domain: memory-protection-layer2.cc
url: https://edr-security-bucket1.cc/
domain: complicaty.ru
domain: 2026123.xyz
file: 80.78.30.62
hash: 443
file: 107.172.255.93
hash: 18989
file: 121.40.223.126
hash: 8084
file: 155.94.172.177
hash: 8084
domain: batppp26.top
domain: batppp556.top
domain: dysimasyd.shop
domain: hidoslsk.shop
domain: hivuwnd.shop
domain: indaspands.shop
domain: kihdsmas.shop
domain: kimsjafw.shop
domain: longpih.shop
domain: loveuina.shop
domain: minkadsus.shop
domain: newpay115.top
domain: onepay114.top
domain: onepay178.top
domain: onepay234.top
domain: onepay58.top
domain: yumigdjsna.shop
domain: batppp91.top
domain: onepay138.top
domain: onepay146.top
domain: onepay1951.top
domain: onepay212.top
domain: tiejdnsadbhs.shop
file: 80.97.160.51
hash: 443
hash: e6c60ca4f996b209bbaf7429182d7ed76acf761bb9c1de63486fcb76635fa58c
file: 148.135.120.162
hash: 37890
file: 141.164.51.179
hash: 443
file: 141.164.51.179
hash: 80
url: http://85.239.144.31:6600/v5pfpu6s/digitalprintfilfaster.msi
hash: 3acf0c5484f7b9a08fee20f36d76566c53423b6612ec20bb5194fbb5beecb939
file: 77.238.248.158
hash: 443
file: 85.239.144.31
hash: 6600
file: 155.94.172.22
hash: 8084
file: 141.164.51.179
hash: 8080
file: 45.76.101.191
hash: 8083
file: 45.64.109.35
hash: 8081
file: 38.60.227.144
hash: 8080
file: 144.48.124.91
hash: 5000
file: 154.36.165.109
hash: 13490
file: 45.64.109.35
hash: 80
file: 154.36.165.109
hash: 10981
file: 144.48.124.94
hash: 5000
url: http://31.76.251.143/0f1da281ab93408e9369.php
url: http://31.76.251.143/0f1da281ab93408e9369.php
file: 38.76.198.56
hash: 10001
file: 45.76.189.162
hash: 443
file: 45.76.189.162
hash: 80
domain: immersevocalistidleness.wiki
domain: medicin-morisomtobeafraid.wiki
domain: beacontweezersbinge.wiki
file: 45.76.189.162
hash: 8080
file: 45.202.249.88
hash: 8080
file: 75.119.154.8
hash: 6666
domain: cpanel.sbkollel.org
domain: parish.menberetsebaotholytrinityeotc.org
domain: antiq-telegraphyproduct.wiki
domain: brightestprocexchange.wiki
domain: ymv70dbd.monotheism-sled.digital
domain: i0zaakp5.monotheism-sled.digital
file: 45.88.91.34
hash: 5000
domain: crypt-algorithm-analysis-expert-board.wiki
url: https://bible.maweb.eu/
domain: hardware-resource-monitor-tool-box.wiki
domain: analytical-traffic-audit-record-file.wiki
file: 101.36.127.214
hash: 8443
file: 85.239.144.31
hash: 443
file: 77.238.248.158
hash: 443
url: http://85.239.144.31:6600/v5pfpu6s/setup_s3.exe
url: http://85.239.144.31/bql6ni355agdginanj
hash: a91b1c2431bb2e6b319c700667f0f6f404826088a9ab3ace0bac9a288089adfb
hash: 93ae001caa4bb4f9be0d180c0200d1ec0a7a6fe20aaa32e198747ca422570a07
hash: da787c1d0ae23b370a5b3d55ee03600d3ce78f0227f9a75b66dc89183d782d45
hash: bbaf69f94449b05c868e6fe69a94ce9119c8d37dea6170047cad024a4c034c9e
hash: 74487f6f803c08427526e45fdb39189f11e0051b8a9582da99431d2dd8e00baa
hash: 87e90afe44152688fbc4de77c3b5c2dee31741e6869c35f11b66501780085c89
hash: da5cdb5b4742039fb6e1cd6f9eb713fea5b33c7a1bbe657ef277e93b71a896fc
hash: 4cf3aa44e1631fe0da3530081c00066ac3e8f8fa2a2c48d7f633fdc3fcaa723f
domain: binary-buffer-overflow-protection-lab.wiki
domain: stat-collection-engine-performance-view.wiki
domain: amo9xzld.disorientbreak.digital
domain: 9xbc3jzp.disorientbreak.digital
domain: remote-sensor-proxy-tunnel-config.wiki
file: 159.138.145.247
hash: 8032
file: 155.138.193.22
hash: 3389
file: 155.138.193.22
hash: 9200
file: 87.120.107.68
hash: 7777
domain: meta-data-shredding-cleanup-utility.wiki
domain: kernel-patch-update-release-history.wiki
file: 130.94.57.109
hash: 443
file: 91.214.78.65
hash: 4455
file: 46.246.82.6
hash: 9999
domain: trace-route-diagnostic-signal-map.wiki
domain: byte-stream-encryption-standard-base.wiki
domain: 1jyk1gm9.unseen-zorenka.digital
domain: binary-block-state-collection.wiki
domain: qe74wzzp.unseen-zorenka.digital
file: 46.246.80.3
hash: 39850
file: 154.36.186.21
hash: 9999
file: 118.195.157.212
hash: 8443
domain: binary-block-tabel-expert-get.wiki
domain: engine-block-tabel-stream-key.wiki
file: 64.225.71.229
hash: 25001
file: 146.190.228.24
hash: 25001
file: 64.227.71.238
hash: 25001
file: 64.225.72.180
hash: 25001
file: 104.248.86.191
hash: 25001
file: 165.232.90.27
hash: 25001
file: 167.71.5.107
hash: 25001
file: 159.223.4.189
hash: 25001
domain: desk-sensor-tabel-tunnel-key.wiki
file: 206.189.7.73
hash: 25001
file: 119.45.0.179
hash: 8443
file: 154.211.89.222
hash: 8443
file: 178.16.52.120
hash: 80
file: 154.19.242.244
hash: 8777
file: 206.189.99.116
hash: 25001
domain: virtual-routing-gateway.wiki
domain: fke.chriskendallvo.com
url: https://fke.chriskendallvo.com/
domain: fke.dusapp.com.br
url: https://fke.dusapp.com.br/
domain: distributed-cache-storage-layer.wiki
file: 142.93.200.50
hash: 80
file: 49.234.12.182
hash: 8084
file: 23.94.99.229
hash: 8084
domain: bq99ksyi.unseen-zorenka.digital
domain: e1zwzngt.unseen-zorenka.digital
domain: 25vrwhcd.estat-goldilock.digital
domain: t7osftz9.estat-goldilock.digital
file: 124.223.90.150
hash: 443
file: 124.223.90.150
hash: 8080
file: 47.94.112.200
hash: 8002
file: 8.210.222.251
hash: 56780
domain: serverless-runtime-orchestration-engine.wiki
domain: edge-processing-network.wiki
domain: b2b.genethairsalon.com
file: 192.159.99.34
hash: 6606
file: 84.46.251.62
hash: 4321
domain: cloud-infrastructure-management-platform.wiki
file: 1.15.100.187
hash: 8084
file: 103.53.81.232
hash: 8080
domain: microservice-control-plane-node.wiki
domain: editions.seattlemysterylovers.com
domain: federated-storage-cluster-system.wiki
domain: 8xorq0f0.after-diacritic.digital
domain: x16zauz3.after-diacritic.digital
domain: telemetry-stream-hub.wiki
file: 150.158.109.61
hash: 8080
file: 207.56.226.75
hash: 80
file: 207.56.226.75
hash: 8080
domain: asynchronous-message-routing-framework.wiki
domain: hypervisor-resource-grid.wiki
file: 113.31.115.231
hash: 443
file: 39.101.78.48
hash: 8080
domain: global-infra-logic-get-hash.wiki
file: 47.98.207.93
hash: 8888
file: 47.121.117.88
hash: 8443
file: 106.75.252.66
hash: 8088
file: 38.12.36.10
hash: 80
file: 147.78.2.110
hash: 80
file: 175.178.36.137
hash: 8090
file: 47.121.117.88
hash: 443
file: 47.76.208.187
hash: 80
domain: app-front.anmaradigital.com
domain: global-infra-node-date-hash.wiki
domain: snap.promantree.com
domain: mzfa4p99.sue-intentioned.digital
domain: 4oob20cq.sue-intentioned.digital
domain: stack-core-node-date-hash.wiki
file: 206.206.78.209
hash: 24789
file: 43.129.88.120
hash: 23451
file: 94.154.35.73
hash: 3333
file: 75.119.154.8
hash: 8888
url: https://datakeluaransgp.cfd/
url: https://correia.lol/file.js
domain: correia.lol
url: https://correia.lol/api/v1/session
url: https://correia.lol/api/v1/verify
url: https://correia.lol/api/v1/status
domain: homansicloud.icu
domain: ggx.hypervisor-resource-allocation.in.net
domain: auth.unnerpectinreword.us
domain: jack.versionverif.icu
file: 5.252.155.27
hash: 56001
domain: master-core-system-date-slink.wiki
file: 154.41.194.196
hash: 139
file: 184.105.8.132
hash: 139
file: 45.189.67.246
hash: 53
file: 94.99.98.77
hash: 139
file: 31.56.209.88
hash: 80
file: 45.88.91.243
hash: 80
file: 185.102.115.62
hash: 80
file: 45.38.19.120
hash: 80
file: 212.43.147.70
hash: 9000
file: 2.27.123.150
hash: 1337
file: 170.75.161.133
hash: 443
file: 170.75.166.167
hash: 443
domain: gnn.fatherchrismas.com
url: https://gnn.fatherchrismas.com/
domain: gnn.dusapp.com.br
url: https://gnn.dusapp.com.br/
file: 217.60.241.17
hash: 8080
file: 185.99.255.17
hash: 80
file: 144.31.123.157
hash: 443
file: 45.192.219.138
hash: 443
url: https://qiig7t2nzog.com/d
domain: qiig7t2nzog.com
domain: master-voivo-system-shop-slink.wiki
file: 5.230.201.146
hash: 5003
file: 75.119.154.8
hash: 8808
file: 158.94.209.207
hash: 57872
file: 158.94.209.207
hash: 58827
domain: l1.topayapp.org
domain: 6hndc.com
file: 185.203.39.71
hash: 8853
file: 185.203.39.71
hash: 7070
domain: static.alfreshup.com
file: 77.90.51.233
hash: 443
domain: handout-voivo-desk-ship-link.wiki
url: https://www.terramarketgroup.com/
url: https://www.alfonsocerreti.it/
url: https://eternalchess.com/
url: https://cmvpl.com/
domain: card-oracle-mac-laptop.wiki
domain: jpfwdwpz.champag-mannered.digital
domain: ywh94lky.champag-mannered.digital
file: 123.57.106.8
hash: 33972
file: 38.244.38.42
hash: 60000
file: 38.244.38.42
hash: 443
domain: layer-get-win-tron.wiki
domain: revvedupnet.com
domain: brullercorp.com
domain: iasolopreneur.com
domain: bigsolutionsgc.com
domain: sahalexchange.com
domain: layer-obs-usget-tron.wiki
domain: obese-table-usweb-play.wiki
domain: pro-cyber-defense.courses
domain: smartworkflowmanagement.courses
domain: ws09ax4h.limous-nitout.digital
domain: jmlzwn2l.limous-nitout.digital
domain: expert-trading-academy.courses
domain: logic-buffer-skills.courses
domain: masteringdigital-arch.courses
domain: system-analytics-pro-guide.courses
domain: quickwebdevops.courses
domain: enterprise-security-log.courses
domain: 3az65saf.flos-strip.digital
domain: sd9arw2r.flos-strip.digital
domain: advanced-it-infrastructure.courses
domain: coder-logic-vault.courses
domain: sup.fatherchrismas.com
url: https://sup.fatherchrismas.com/
file: 104.243.248.63
hash: 1806
file: 138.9.219.221
hash: 8015
file: 91.215.85.121
hash: 8848
file: 95.141.133.7
hash: 7443
domain: cloudruntime.courses
domain: packet-routing-lab.courses
domain: sup.dusapp.com.br
url: https://sup.dusapp.com.br/
domain: microservicehub.courses
domain: serverless-mesh-core.courses
domain: 1y9a9xkq.bitter-salty.digital
domain: p4l3fctz.bitter-salty.digital
domain: edge-processing-network.courses
domain: cartwell-pastphantom.courses
domain: telemetrycore.courses
domain: inherittruckdoge.courses
domain: wsfzy3vb.ripples-shark.digital
domain: virtual-session-gateway.courses
domain: krc5t7kn.ripples-shark.digital
domain: ct.feliz.icu
file: 1.117.61.9
hash: 8443
domain: kadush-sideburnsushan.courses
domain: distributedcache.courses
domain: gnashhusks.courses

Source: ThreatFox MISP Feed

Published: Thu May 14 2026

ThreatFox IOCs for 2026-05-14

Medium

Malwaretype:osint tlp:white

Published: Thu May 14 2026 (05/14/2026, 00:00:00 UTC)

Source: ThreatFox MISP Feed

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2026-05-14

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 05/15/2026, 00:06:34 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: afb4074d-feb7-400e-9904-c9dfcd631c14
Original Timestamp: 1778803388

Indicators of Compromise

Url

Value	Description	Copy
urlhttps://weddingcarsofmaleny.com.au/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://wine-more.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://winworkorders.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://yousufdigitalcenter.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://xlmeubels.nl/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://www.wari.com.pe/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://www.vicunaadventuresperu.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://ziaurrahmanbd.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://zadaljnna.org/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://xn--sanmartindecaaveras-73b.es/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://adobe-readeronline.github.io/macos-themes/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttp://103.242.12.143:8888/supershell/login/	Unknown malware botnet C2 (confidence level: 100%)
urlhttps://permacyclists.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://peptidguide.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://www.printingshell.co.uk/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://onyon.org/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://nelsonmrodriguez.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://noblegeneralconstruction.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://pcccthanhhuy.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://onoffsound.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://pasbannews.net/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://nhatnamco.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://mnasalonsuites.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://nextcell.com.my/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://www.netcooilfield.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://mymedicarebasics.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://www.maidog.fr/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://lmrentacar.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://www.medraa.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://meccabot.id/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://majestichomecare.nl/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://medinova.ng/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://www.lionsclubs-ghana.org/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://livewelltoday.site/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://lekeitioikt.eus/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://lindabrasil.store/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://lisanslandiniz.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://poledreamstudio.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://pietepublice.ro/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://trafficmanagerupdate.com/index.php	Unknown malware botnet C2 (confidence level: 49%)
urlhttps://103.27.108.55:48265/	Unknown malware botnet C2 (confidence level: 49%)
urlhttps://rol.chanleil.com/custom	Unknown malware botnet C2 (confidence level: 49%)
urlhttps://rol.chanleil.com/xr	Unknown malware botnet C2 (confidence level: 49%)
urlhttps://rol.chanleil.com/xu	Unknown malware botnet C2 (confidence level: 49%)
urlhttps://rol.chanleil.com/x	Unknown malware botnet C2 (confidence level: 49%)
urlhttps://white.chanleil.com/xin	Unknown malware botnet C2 (confidence level: 49%)
urlhttps://white.chanleil.com/xrt	Unknown malware botnet C2 (confidence level: 49%)
urlhttps://white.chanleil.com/xsc	Unknown malware botnet C2 (confidence level: 49%)
urlhttps://white.chanleil.com/xrf	Unknown malware botnet C2 (confidence level: 49%)
urlhttps://www.xchangerapp.com/xch-welcome	Unknown malware botnet C2 (confidence level: 49%)
urlhttps://www.xchangerapp.com/xch-terms	Unknown malware botnet C2 (confidence level: 49%)
urlhttps://www.xchangerapp.com/xch-privacy	Unknown malware botnet C2 (confidence level: 49%)
urlhttps://officialguidebarcelona.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://myachtconsulting.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://nomoretype2.site/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://newspaperhelp.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://www.nsantosmaintenanceltd.co.uk/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://neuronoetics.org/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://vaci-cloud.b-cdn.net/sound.zip	Unknown malware payload delivery URL (confidence level: 75%)
urlhttp://a2abotnet.com/gate	Unknown malware botnet C2 (confidence level: 49%)
urlhttps://gdedengikarlos.cfd/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://backup-terminal-gateway-handle-list.wiki/931c1f4c-c65d-4544-a2b4-15835e711dae/google.ct	ClearFake payload delivery URL (confidence level: 90%)
urlhttps://tertsiyavocalsunseenfile.wiki/3062e946-7d0a-4f38-bbd9-9eb7604e1eb2/google.ct	ClearFake payload delivery URL (confidence level: 90%)
urlhttps://virtual-compute-engine-template-doc.wiki/178ca1b8-122a-45db-8701-54a54ba0af0c/google.ct	ClearFake payload delivery URL (confidence level: 90%)
urlhttps://utl1juep.estradaannivers.digital/?ublib=xlynswxtsrrhdhmy	ClearFake payload delivery URL (confidence level: 90%)
urlhttps://bula-silomercitationlaptop.wiki/dc812321-09e9-41cd-b3d7-34ca5812ad16/google.ct	ClearFake payload delivery URL (confidence level: 90%)
urlhttps://boltonplanthire.co.uk/contact/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://platinumedical.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://tc6a45vhtrtyxq09z.xyz/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://lightmap.net/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://docuverify.link/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttp://109.199.111.106:5000/login	Unknown malware botnet C2 (confidence level: 100%)
urlhttps://maidog.fr/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://bradtte.lol/api/v1/session	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://bradtte.lol/api/v1/verify	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://bradtte.lol/api/v1/status	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://1eh2e3taw3g.com/d	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://virusblocker.it.com/12156011215601	Unknown malware botnet C2 (confidence level: 49%)
urlhttps://virusblocker.it.com/11e6c6611e6c66	Unknown malware botnet C2 (confidence level: 49%)
urlhttps://edr-security-bucket1.cc/	CountLoader botnet C2 (confidence level: 49%)
urlhttp://85.239.144.31:6600/v5pfpu6s/digitalprintfilfaster.msi	SectopRAT payload delivery URL (confidence level: 100%)
urlhttp://31.76.251.143/0f1da281ab93408e9369.php	Stealc botnet C2 (confidence level: 100%)
urlhttp://31.76.251.143/0f1da281ab93408e9369.php	Stealc botnet C2 (confidence level: 100%)
urlhttps://bible.maweb.eu/	Vidar payload delivery URL (confidence level: 75%)
urlhttp://85.239.144.31:6600/v5pfpu6s/setup_s3.exe	Unknown malware payload delivery URL (confidence level: 75%)
urlhttp://85.239.144.31/bql6ni355agdginanj	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://fke.chriskendallvo.com/	Vidar botnet C2 (confidence level: 100%)
urlhttps://fke.dusapp.com.br/	Vidar botnet C2 (confidence level: 100%)
urlhttps://datakeluaransgp.cfd/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://correia.lol/file.js	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://correia.lol/api/v1/session	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://correia.lol/api/v1/verify	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://correia.lol/api/v1/status	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://gnn.fatherchrismas.com/	Vidar botnet C2 (confidence level: 100%)
urlhttps://gnn.dusapp.com.br/	Vidar botnet C2 (confidence level: 100%)
urlhttps://qiig7t2nzog.com/d	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://www.terramarketgroup.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://www.alfonsocerreti.it/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://eternalchess.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://cmvpl.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://sup.fatherchrismas.com/	Vidar botnet C2 (confidence level: 100%)
urlhttps://sup.dusapp.com.br/	Vidar botnet C2 (confidence level: 100%)

File

Value	Description	Copy
file46.28.69.174	VShell botnet C2 server (confidence level: 100%)
file144.48.124.92	Unknown malware botnet C2 server (confidence level: 100%)
file142.93.138.244	Kimwolf botnet C2 server (confidence level: 100%)
file142.93.141.44	Kimwolf botnet C2 server (confidence level: 100%)
file167.99.33.8	Kimwolf botnet C2 server (confidence level: 100%)
file165.232.84.84	Kimwolf botnet C2 server (confidence level: 100%)
file152.42.134.192	Kimwolf botnet C2 server (confidence level: 100%)
file164.92.222.73	Kimwolf botnet C2 server (confidence level: 100%)
file206.189.107.197	Kimwolf botnet C2 server (confidence level: 100%)
file178.128.251.88	Kimwolf botnet C2 server (confidence level: 100%)
file8.163.88.124	VShell botnet C2 server (confidence level: 100%)
file47.122.118.104	VShell botnet C2 server (confidence level: 100%)
file206.119.3.239	VShell botnet C2 server (confidence level: 100%)
file206.119.1.234	VShell botnet C2 server (confidence level: 100%)
file206.119.0.253	VShell botnet C2 server (confidence level: 100%)
file206.119.0.244	VShell botnet C2 server (confidence level: 100%)
file144.48.124.93	VShell botnet C2 server (confidence level: 100%)
file101.132.156.12	Cobalt Strike botnet C2 server (confidence level: 100%)
file158.94.209.243	DCRat botnet C2 server (confidence level: 100%)
file206.119.0.241	VShell botnet C2 server (confidence level: 100%)
file101.132.156.12	Cobalt Strike botnet C2 server (confidence level: 100%)
file103.242.12.143	Unknown malware botnet C2 server (confidence level: 100%)
file103.143.207.71	AsyncRAT botnet C2 server (confidence level: 100%)
file47.108.62.225	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.108.62.225	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.108.62.225	Cobalt Strike botnet C2 server (confidence level: 100%)
file130.94.66.70	VShell botnet C2 server (confidence level: 100%)
file130.94.66.70	VShell botnet C2 server (confidence level: 100%)
file83.243.86.234	Unknown malware botnet C2 server (confidence level: 50%)
file130.94.17.236	VShell botnet C2 server (confidence level: 100%)
file134.175.250.157	VShell botnet C2 server (confidence level: 100%)
file114.132.169.168	VShell botnet C2 server (confidence level: 100%)
file106.55.227.228	VShell botnet C2 server (confidence level: 100%)
file156.245.207.25	VShell botnet C2 server (confidence level: 100%)
file201.233.216.55	Remcos botnet C2 server (confidence level: 99%)
file23.95.103.214	Remcos botnet C2 server (confidence level: 99%)
file172.245.195.213	Remcos botnet C2 server (confidence level: 99%)
file36.50.54.130	Quasar RAT botnet C2 server (confidence level: 99%)
file158.160.75.185	Quasar RAT botnet C2 server (confidence level: 99%)
file144.48.124.90	VShell botnet C2 server (confidence level: 100%)
file144.48.124.91	VShell botnet C2 server (confidence level: 100%)
file144.48.124.92	VShell botnet C2 server (confidence level: 100%)
file144.48.124.94	VShell botnet C2 server (confidence level: 100%)
file138.124.113.131	AdaptixC2 botnet C2 server (confidence level: 100%)
file138.124.113.131	AdaptixC2 botnet C2 server (confidence level: 100%)
file138.124.113.131	AdaptixC2 botnet C2 server (confidence level: 100%)
file185.242.245.27	AdaptixC2 botnet C2 server (confidence level: 100%)
file167.172.45.254	Kimwolf botnet C2 server (confidence level: 100%)
file161.35.153.93	Kimwolf botnet C2 server (confidence level: 100%)
file164.92.216.39	Kimwolf botnet C2 server (confidence level: 100%)
file104.248.94.155	Kimwolf botnet C2 server (confidence level: 100%)
file146.190.229.65	Kimwolf botnet C2 server (confidence level: 100%)
file206.189.110.2	Kimwolf botnet C2 server (confidence level: 100%)
file209.38.42.209	Kimwolf botnet C2 server (confidence level: 100%)
file167.71.9.85	Kimwolf botnet C2 server (confidence level: 100%)
file185.242.245.27	AdaptixC2 botnet C2 server (confidence level: 100%)
file185.242.245.27	AdaptixC2 botnet C2 server (confidence level: 100%)
file172.98.23.100	VShell botnet C2 server (confidence level: 100%)
file172.98.23.100	VShell botnet C2 server (confidence level: 100%)
file154.19.242.244	VShell botnet C2 server (confidence level: 100%)
file206.119.0.227	VShell botnet C2 server (confidence level: 100%)
file206.119.0.240	VShell botnet C2 server (confidence level: 100%)
file206.119.0.243	VShell botnet C2 server (confidence level: 100%)
file206.119.0.245	VShell botnet C2 server (confidence level: 100%)
file45.64.109.37	VShell botnet C2 server (confidence level: 100%)
file45.64.109.34	VShell botnet C2 server (confidence level: 100%)
file47.76.237.133	VShell botnet C2 server (confidence level: 100%)
file45.64.109.34	VShell botnet C2 server (confidence level: 100%)
file130.12.180.141	Cobalt Strike botnet C2 server (confidence level: 50%)
file130.12.180.141	Cobalt Strike botnet C2 server (confidence level: 50%)
file47.102.184.26	Cobalt Strike botnet C2 server (confidence level: 50%)
file15.134.187.219	Sliver botnet C2 server (confidence level: 50%)
file63.182.21.121	Sliver botnet C2 server (confidence level: 50%)
file168.245.203.169	Meterpreter botnet C2 server (confidence level: 50%)
file45.64.109.36	VShell botnet C2 server (confidence level: 100%)
file112.124.71.123	Cobalt Strike botnet C2 server (confidence level: 100%)
file43.144.11.16	Cobalt Strike botnet C2 server (confidence level: 100%)
file178.16.52.126	Unknown malware botnet C2 server (confidence level: 75%)
file45.64.109.36	VShell botnet C2 server (confidence level: 100%)
file43.144.11.16	Cobalt Strike botnet C2 server (confidence level: 100%)
file43.144.11.16	Cobalt Strike botnet C2 server (confidence level: 100%)
file198.44.179.38	Cobalt Strike botnet C2 server (confidence level: 100%)
file144.48.124.91	Unknown malware botnet C2 server (confidence level: 100%)
file144.48.124.93	Unknown malware botnet C2 server (confidence level: 100%)
file198.44.179.38	Cobalt Strike botnet C2 server (confidence level: 100%)
file144.48.124.93	Unknown malware botnet C2 server (confidence level: 100%)
file168.144.89.48	AdaptixC2 botnet C2 server (confidence level: 100%)
file168.144.89.48	AdaptixC2 botnet C2 server (confidence level: 100%)
file168.144.89.48	AdaptixC2 botnet C2 server (confidence level: 100%)
file45.64.109.38	VShell botnet C2 server (confidence level: 100%)
file45.64.109.38	VShell botnet C2 server (confidence level: 100%)
file45.64.109.37	VShell botnet C2 server (confidence level: 100%)
file47.76.37.50	VShell botnet C2 server (confidence level: 100%)
file188.166.113.135	Kimwolf botnet C2 server (confidence level: 100%)
file157.245.79.104	Kimwolf botnet C2 server (confidence level: 100%)
file159.223.218.114	Kimwolf botnet C2 server (confidence level: 100%)
file134.209.81.255	Kimwolf botnet C2 server (confidence level: 100%)
file167.99.43.202	Kimwolf botnet C2 server (confidence level: 100%)
file64.225.76.166	Kimwolf botnet C2 server (confidence level: 100%)
file188.166.2.204	Kimwolf botnet C2 server (confidence level: 100%)
file146.190.224.38	Kimwolf botnet C2 server (confidence level: 100%)
file47.122.152.65	VShell botnet C2 server (confidence level: 100%)
file47.107.247.124	VShell botnet C2 server (confidence level: 100%)
file149.88.86.94	Cobalt Strike botnet C2 server (confidence level: 100%)
file149.88.86.94	Cobalt Strike botnet C2 server (confidence level: 100%)
file149.88.86.94	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.239.222.85	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.239.222.85	Cobalt Strike botnet C2 server (confidence level: 100%)
file137.184.38.192	AsyncRAT botnet C2 server (confidence level: 100%)
file149.88.86.94	Cobalt Strike botnet C2 server (confidence level: 100%)
file161.97.166.38	AsyncRAT botnet C2 server (confidence level: 100%)
file194.26.192.229	AsyncRAT botnet C2 server (confidence level: 100%)
file194.26.192.229	AsyncRAT botnet C2 server (confidence level: 100%)
file198.167.212.236	AsyncRAT botnet C2 server (confidence level: 100%)
file192.227.167.150	VShell botnet C2 server (confidence level: 100%)
file103.43.8.214	VShell botnet C2 server (confidence level: 100%)
file103.85.191.210	VShell botnet C2 server (confidence level: 100%)
file103.85.191.214	VShell botnet C2 server (confidence level: 100%)
file155.117.46.184	VShell botnet C2 server (confidence level: 100%)
file154.91.81.116	VShell botnet C2 server (confidence level: 100%)
file154.91.81.116	VShell botnet C2 server (confidence level: 100%)
file206.119.167.239	VShell botnet C2 server (confidence level: 100%)
file66.163.112.213	AdaptixC2 botnet C2 server (confidence level: 100%)
file66.163.112.213	AdaptixC2 botnet C2 server (confidence level: 100%)
file64.90.19.209	AdaptixC2 botnet C2 server (confidence level: 100%)
file64.90.19.209	AdaptixC2 botnet C2 server (confidence level: 100%)
file64.90.19.209	AdaptixC2 botnet C2 server (confidence level: 100%)
file46.28.69.174	VShell botnet C2 server (confidence level: 100%)
file145.249.115.191	ClearFake payload delivery server (confidence level: 90%)
file67.215.255.41	VShell botnet C2 server (confidence level: 100%)
file115.190.233.132	VShell botnet C2 server (confidence level: 100%)
file167.71.3.139	Kimwolf botnet C2 server (confidence level: 100%)
file188.166.22.67	Kimwolf botnet C2 server (confidence level: 100%)
file188.166.91.14	Kimwolf botnet C2 server (confidence level: 100%)
file142.93.137.143	Kimwolf botnet C2 server (confidence level: 100%)
file167.99.37.76	Kimwolf botnet C2 server (confidence level: 100%)
file164.92.146.200	Kimwolf botnet C2 server (confidence level: 100%)
file188.166.82.211	Kimwolf botnet C2 server (confidence level: 100%)
file104.248.84.84	Kimwolf botnet C2 server (confidence level: 100%)
file87.121.89.170	Cobalt Strike botnet C2 server (confidence level: 100%)
file87.121.89.170	Cobalt Strike botnet C2 server (confidence level: 100%)
file43.139.170.200	Cobalt Strike botnet C2 server (confidence level: 100%)
file82.156.62.131	Cobalt Strike botnet C2 server (confidence level: 100%)
file82.156.62.131	Cobalt Strike botnet C2 server (confidence level: 100%)
file104.248.193.149	Kimwolf botnet C2 server (confidence level: 100%)
file174.138.1.133	Kimwolf botnet C2 server (confidence level: 100%)
file64.227.70.132	Kimwolf botnet C2 server (confidence level: 100%)
file142.93.225.57	Kimwolf botnet C2 server (confidence level: 100%)
file188.166.115.96	Kimwolf botnet C2 server (confidence level: 100%)
file188.166.58.100	Kimwolf botnet C2 server (confidence level: 100%)
file142.93.229.90	Kimwolf botnet C2 server (confidence level: 100%)
file206.189.1.227	Kimwolf botnet C2 server (confidence level: 100%)
file8.218.224.15	Cobalt Strike botnet C2 server (confidence level: 100%)
file8.218.224.15	Cobalt Strike botnet C2 server (confidence level: 100%)
file8.218.224.15	Cobalt Strike botnet C2 server (confidence level: 100%)
file109.199.111.106	Unknown malware botnet C2 server (confidence level: 100%)
file8.218.224.15	Cobalt Strike botnet C2 server (confidence level: 100%)
file34.155.134.233	Havoc botnet C2 server (confidence level: 100%)
file107.172.255.93	VShell botnet C2 server (confidence level: 100%)
file103.195.188.212	VShell botnet C2 server (confidence level: 100%)
file209.38.46.40	Kimwolf botnet C2 server (confidence level: 100%)
file142.93.143.10	Kimwolf botnet C2 server (confidence level: 100%)
file188.166.16.10	Kimwolf botnet C2 server (confidence level: 100%)
file188.166.22.238	Kimwolf botnet C2 server (confidence level: 100%)
file104.248.92.93	Kimwolf botnet C2 server (confidence level: 100%)
file64.227.79.101	Kimwolf botnet C2 server (confidence level: 100%)
file188.166.8.75	Kimwolf botnet C2 server (confidence level: 100%)
file80.78.30.62	Havoc botnet C2 server (confidence level: 100%)
file107.172.255.93	VShell botnet C2 server (confidence level: 100%)
file121.40.223.126	VShell botnet C2 server (confidence level: 100%)
file155.94.172.177	VShell botnet C2 server (confidence level: 100%)
file80.97.160.51	magecart payload delivery server (confidence level: 90%)
file148.135.120.162	VShell botnet C2 server (confidence level: 100%)
file141.164.51.179	AdaptixC2 botnet C2 server (confidence level: 100%)
file141.164.51.179	AdaptixC2 botnet C2 server (confidence level: 100%)
file77.238.248.158	SectopRAT botnet C2 server (confidence level: 100%)
file85.239.144.31	SectopRAT payload delivery server (confidence level: 100%)
file155.94.172.22	VShell botnet C2 server (confidence level: 100%)
file141.164.51.179	AdaptixC2 botnet C2 server (confidence level: 100%)
file45.76.101.191	VShell botnet C2 server (confidence level: 100%)
file45.64.109.35	VShell botnet C2 server (confidence level: 100%)
file38.60.227.144	VShell botnet C2 server (confidence level: 100%)
file144.48.124.91	Unknown malware botnet C2 server (confidence level: 100%)
file154.36.165.109	VShell botnet C2 server (confidence level: 100%)
file45.64.109.35	VShell botnet C2 server (confidence level: 100%)
file154.36.165.109	VShell botnet C2 server (confidence level: 100%)
file144.48.124.94	Unknown malware botnet C2 server (confidence level: 100%)
file38.76.198.56	VShell botnet C2 server (confidence level: 100%)
file45.76.189.162	Cobalt Strike botnet C2 server (confidence level: 100%)
file45.76.189.162	Cobalt Strike botnet C2 server (confidence level: 100%)
file45.76.189.162	Cobalt Strike botnet C2 server (confidence level: 100%)
file45.202.249.88	Cobalt Strike botnet C2 server (confidence level: 100%)
file75.119.154.8	AsyncRAT botnet C2 server (confidence level: 100%)
file45.88.91.34	Quasar RAT botnet C2 server (confidence level: 100%)
file101.36.127.214	VShell botnet C2 server (confidence level: 100%)
file85.239.144.31	Unknown malware payload delivery server (confidence level: 75%)
file77.238.248.158	Unknown malware payload delivery server (confidence level: 75%)
file159.138.145.247	VShell botnet C2 server (confidence level: 100%)
file155.138.193.22	VShell botnet C2 server (confidence level: 100%)
file155.138.193.22	VShell botnet C2 server (confidence level: 100%)
file87.120.107.68	DCRat botnet C2 server (confidence level: 100%)
file130.94.57.109	Havoc botnet C2 server (confidence level: 100%)
file91.214.78.65	DCRat botnet C2 server (confidence level: 100%)
file46.246.82.6	DCRat botnet C2 server (confidence level: 100%)
file46.246.80.3	DCRat botnet C2 server (confidence level: 100%)
file154.36.186.21	VShell botnet C2 server (confidence level: 100%)
file118.195.157.212	VShell botnet C2 server (confidence level: 100%)
file64.225.71.229	Kimwolf botnet C2 server (confidence level: 100%)
file146.190.228.24	Kimwolf botnet C2 server (confidence level: 100%)
file64.227.71.238	Kimwolf botnet C2 server (confidence level: 100%)
file64.225.72.180	Kimwolf botnet C2 server (confidence level: 100%)
file104.248.86.191	Kimwolf botnet C2 server (confidence level: 100%)
file165.232.90.27	Kimwolf botnet C2 server (confidence level: 100%)
file167.71.5.107	Kimwolf botnet C2 server (confidence level: 100%)
file159.223.4.189	Kimwolf botnet C2 server (confidence level: 100%)
file206.189.7.73	Kimwolf botnet C2 server (confidence level: 100%)
file119.45.0.179	VShell botnet C2 server (confidence level: 100%)
file154.211.89.222	VShell botnet C2 server (confidence level: 100%)
file178.16.52.120	VShell botnet C2 server (confidence level: 100%)
file154.19.242.244	VShell botnet C2 server (confidence level: 100%)
file206.189.99.116	Kimwolf botnet C2 server (confidence level: 100%)
file142.93.200.50	VShell botnet C2 server (confidence level: 100%)
file49.234.12.182	VShell botnet C2 server (confidence level: 100%)
file23.94.99.229	VShell botnet C2 server (confidence level: 100%)
file124.223.90.150	Cobalt Strike botnet C2 server (confidence level: 100%)
file124.223.90.150	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.94.112.200	VShell botnet C2 server (confidence level: 100%)
file8.210.222.251	VShell botnet C2 server (confidence level: 100%)
file192.159.99.34	Remcos botnet C2 server (confidence level: 75%)
file84.46.251.62	AdaptixC2 botnet C2 server (confidence level: 75%)
file1.15.100.187	VShell botnet C2 server (confidence level: 100%)
file103.53.81.232	Cobalt Strike botnet C2 server (confidence level: 100%)
file150.158.109.61	Cobalt Strike botnet C2 server (confidence level: 100%)
file207.56.226.75	Cobalt Strike botnet C2 server (confidence level: 100%)
file207.56.226.75	Cobalt Strike botnet C2 server (confidence level: 100%)
file113.31.115.231	Cobalt Strike botnet C2 server (confidence level: 75%)
file39.101.78.48	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.98.207.93	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.121.117.88	Cobalt Strike botnet C2 server (confidence level: 100%)
file106.75.252.66	Cobalt Strike botnet C2 server (confidence level: 100%)
file38.12.36.10	Cobalt Strike botnet C2 server (confidence level: 100%)
file147.78.2.110	Cobalt Strike botnet C2 server (confidence level: 100%)
file175.178.36.137	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.121.117.88	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.76.208.187	Cobalt Strike botnet C2 server (confidence level: 100%)
file206.206.78.209	VShell botnet C2 server (confidence level: 100%)
file43.129.88.120	VShell botnet C2 server (confidence level: 100%)
file94.154.35.73	AsyncRAT botnet C2 server (confidence level: 100%)
file75.119.154.8	AsyncRAT botnet C2 server (confidence level: 100%)
file5.252.155.27	Unknown malware botnet C2 server (confidence level: 75%)
file154.41.194.196	Xtreme RAT botnet C2 server (confidence level: 100%)
file184.105.8.132	Xtreme RAT botnet C2 server (confidence level: 100%)
file45.189.67.246	Xtreme RAT botnet C2 server (confidence level: 100%)
file94.99.98.77	Xtreme RAT botnet C2 server (confidence level: 100%)
file31.56.209.88	Stealc botnet C2 server (confidence level: 75%)
file45.88.91.243	Stealc botnet C2 server (confidence level: 75%)
file185.102.115.62	Stealc botnet C2 server (confidence level: 75%)
file45.38.19.120	Stealc botnet C2 server (confidence level: 75%)
file212.43.147.70	SectopRAT botnet C2 server (confidence level: 75%)
file2.27.123.150	Remcos botnet C2 server (confidence level: 75%)
file170.75.161.133	Unknown malware botnet C2 server (confidence level: 75%)
file170.75.166.167	Unknown malware botnet C2 server (confidence level: 75%)
file217.60.241.17	Tofsee botnet C2 server (confidence level: 75%)
file185.99.255.17	ERMAC botnet C2 server (confidence level: 75%)
file144.31.123.157	GhostSocks botnet C2 server (confidence level: 75%)
file45.192.219.138	Ghost RAT botnet C2 server (confidence level: 50%)
file5.230.201.146	Unknown malware botnet C2 server (confidence level: 75%)
file75.119.154.8	AsyncRAT botnet C2 server (confidence level: 100%)
file158.94.209.207	Unknown malware botnet C2 server (confidence level: 75%)
file158.94.209.207	Unknown malware botnet C2 server (confidence level: 75%)
file185.203.39.71	Unknown malware botnet C2 server (confidence level: 75%)
file185.203.39.71	Unknown malware botnet C2 server (confidence level: 75%)
file77.90.51.233	Mirai botnet C2 server (confidence level: 75%)
file123.57.106.8	VShell botnet C2 server (confidence level: 100%)
file38.244.38.42	Unknown malware botnet C2 server (confidence level: 100%)
file38.244.38.42	Unknown malware botnet C2 server (confidence level: 100%)
file104.243.248.63	AsyncRAT botnet C2 server (confidence level: 75%)
file138.9.219.221	Remcos botnet C2 server (confidence level: 75%)
file91.215.85.121	DCRat botnet C2 server (confidence level: 75%)
file95.141.133.7	Unknown malware botnet C2 server (confidence level: 75%)
file1.117.61.9	Cobalt Strike botnet C2 server (confidence level: 75%)

Hash

Value	Description	Copy
hash5433	VShell botnet C2 server (confidence level: 100%)
hash5000	Unknown malware botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash8084	VShell botnet C2 server (confidence level: 100%)
hash8084	VShell botnet C2 server (confidence level: 100%)
hash8884	VShell botnet C2 server (confidence level: 100%)
hash8884	VShell botnet C2 server (confidence level: 100%)
hash8884	VShell botnet C2 server (confidence level: 100%)
hash8884	VShell botnet C2 server (confidence level: 100%)
hash8084	VShell botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash3333	DCRat botnet C2 server (confidence level: 100%)
hash8884	VShell botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888	Unknown malware botnet C2 server (confidence level: 100%)
hash8080	AsyncRAT botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080	VShell botnet C2 server (confidence level: 100%)
hash443	VShell botnet C2 server (confidence level: 100%)
hash6969	Unknown malware botnet C2 server (confidence level: 50%)
hash8084	VShell botnet C2 server (confidence level: 100%)
hash18084	VShell botnet C2 server (confidence level: 100%)
hash6326	VShell botnet C2 server (confidence level: 100%)
hash8084	VShell botnet C2 server (confidence level: 100%)
hash8084	VShell botnet C2 server (confidence level: 100%)
hash60100	Remcos botnet C2 server (confidence level: 99%)
hash25000	Remcos botnet C2 server (confidence level: 99%)
hash14641	Remcos botnet C2 server (confidence level: 99%)
hash8080	Quasar RAT botnet C2 server (confidence level: 99%)
hash40606	Quasar RAT botnet C2 server (confidence level: 99%)
hash8084	VShell botnet C2 server (confidence level: 100%)
hash8084	VShell botnet C2 server (confidence level: 100%)
hash8084	VShell botnet C2 server (confidence level: 100%)
hash8084	VShell botnet C2 server (confidence level: 100%)
hash443	AdaptixC2 botnet C2 server (confidence level: 100%)
hash80	AdaptixC2 botnet C2 server (confidence level: 100%)
hash8080	AdaptixC2 botnet C2 server (confidence level: 100%)
hash443	AdaptixC2 botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash80	AdaptixC2 botnet C2 server (confidence level: 100%)
hash8080	AdaptixC2 botnet C2 server (confidence level: 100%)
hash8089	VShell botnet C2 server (confidence level: 100%)
hash8088	VShell botnet C2 server (confidence level: 100%)
hash6677	VShell botnet C2 server (confidence level: 100%)
hash8884	VShell botnet C2 server (confidence level: 100%)
hash8884	VShell botnet C2 server (confidence level: 100%)
hash8884	VShell botnet C2 server (confidence level: 100%)
hash8884	VShell botnet C2 server (confidence level: 100%)
hash80	VShell botnet C2 server (confidence level: 100%)
hash8081	VShell botnet C2 server (confidence level: 100%)
hash51578	VShell botnet C2 server (confidence level: 100%)
hash80	VShell botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash80	Cobalt Strike botnet C2 server (confidence level: 50%)
hash8443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash443	Sliver botnet C2 server (confidence level: 50%)
hash443	Sliver botnet C2 server (confidence level: 50%)
hash3790	Meterpreter botnet C2 server (confidence level: 50%)
hash80	VShell botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash22796f9c654f6331d19703a7ad86489e4bb24326cea0cb5e88d73d8959f201a5	Unknown malware payload (confidence level: 75%)
hashb1d36af5f55f6e046bfc3f85aaa12c79a11ef319df7ea067f66827dede8e0804	Unknown malware payload (confidence level: 75%)
hash443	Unknown malware botnet C2 server (confidence level: 75%)
hash0684e219382ad08314e4fc53e6cf3a31b94c80f95d05f971f9efee89b0529b53	Unknown malware payload (confidence level: 75%)
hash8081	VShell botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888	Unknown malware botnet C2 server (confidence level: 100%)
hash8888	Unknown malware botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash5000	Unknown malware botnet C2 server (confidence level: 100%)
hash443	AdaptixC2 botnet C2 server (confidence level: 100%)
hash80	AdaptixC2 botnet C2 server (confidence level: 100%)
hash8080	AdaptixC2 botnet C2 server (confidence level: 100%)
hash8081	VShell botnet C2 server (confidence level: 100%)
hash80	VShell botnet C2 server (confidence level: 100%)
hash8081	VShell botnet C2 server (confidence level: 100%)
hash8080	VShell botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash8084	VShell botnet C2 server (confidence level: 100%)
hash9930	VShell botnet C2 server (confidence level: 100%)
hash8089	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash7707	AsyncRAT botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash30900	AsyncRAT botnet C2 server (confidence level: 100%)
hash7777	AsyncRAT botnet C2 server (confidence level: 100%)
hash9999	AsyncRAT botnet C2 server (confidence level: 100%)
hash80	AsyncRAT botnet C2 server (confidence level: 100%)
hash8084	VShell botnet C2 server (confidence level: 100%)
hash1234	VShell botnet C2 server (confidence level: 100%)
hash8084	VShell botnet C2 server (confidence level: 100%)
hash8084	VShell botnet C2 server (confidence level: 100%)
hash8084	VShell botnet C2 server (confidence level: 100%)
hash80	VShell botnet C2 server (confidence level: 100%)
hash10443	VShell botnet C2 server (confidence level: 100%)
hash32899	VShell botnet C2 server (confidence level: 100%)
hash80	AdaptixC2 botnet C2 server (confidence level: 100%)
hash8080	AdaptixC2 botnet C2 server (confidence level: 100%)
hash443	AdaptixC2 botnet C2 server (confidence level: 100%)
hash80	AdaptixC2 botnet C2 server (confidence level: 100%)
hash8080	AdaptixC2 botnet C2 server (confidence level: 100%)
hash6380	VShell botnet C2 server (confidence level: 100%)
hash443	ClearFake payload delivery server (confidence level: 90%)
hash8088	VShell botnet C2 server (confidence level: 100%)
hash18080	VShell botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash025fc0976c548fb5a880c83ea3eb21a5f23c5d53c4e51e862bb893c11adf712a	Gentlemen payload (confidence level: 75%)
hash1334f0189a8e6dbc48456fa4b482c5726ab7609f7fa652fcc4c1a96f2334436f	Gentlemen payload (confidence level: 75%)
hash1af419b36a5edefef387409e2b3248c9223f7dc49a4f7b15ea095d371c3a70b2	Gentlemen payload (confidence level: 75%)
hash22b38dad7da097ea03aa28d0614164cd25fafeb1383dbc15047e34c8050f6f67	Gentlemen payload (confidence level: 75%)
hash24ac3588fb8cfbff63b7fdfcbc7dec1f3c60e54e6f949dd69d68e89e0c89d966	Gentlemen payload (confidence level: 75%)
hash2ed9494e9b7b68415b4eb151c922c82c0191294d0aa443dd2cb5133e6bfe3d5d	Gentlemen payload (confidence level: 75%)
hash3ab9575225e00a83a4ac2b534da5a710bdcf6eb72884944c437b5fbe5c5c9235	Gentlemen payload (confidence level: 75%)
hash3c2182cb0bc7528829ef03f1b1745a92bcc47d917eb8870862488f21fdf1a6d6	Gentlemen payload (confidence level: 75%)
hash48d9b2ce4fcd6854a3164ce395d7140014e0b58b77680623f3e4ca22d3a6e7fd	Gentlemen payload (confidence level: 75%)
hash4a175eed927c0a477eafb8aa35a93c191748acaa78ac7aecd8ea3c4cd868887c	Gentlemen payload (confidence level: 75%)
hash51b9f246d6da85631131fcd1fabf0a67937d4bdde33625a44f7ee6a3a7baebd2	Gentlemen payload (confidence level: 75%)
hash62c2c24937d67fdeb43f2c9690ab10e8bb90713af46945048db9a94a465ffcb8	Gentlemen payload (confidence level: 75%)
hash6a3ab9e984a759d55af4e84487d1fc44683065cc9a1089d5aa4ad1c0e4e84a63	Gentlemen payload (confidence level: 75%)
hash860a6177b055a2f5aa61470d17ec3c69da24f1cdf0a782237055cba431158923	Gentlemen payload (confidence level: 75%)
hash87d25d0e5880b3b5cd30106853cbfc6ef1ad38966b30d9bd5b99df46098e546c	Gentlemen payload (confidence level: 75%)
hash8aa0cb69ca2777001e0f4ba0eaab0841592710e4cc5ccd6b0b526d78bbd8bfba	Gentlemen payload (confidence level: 75%)
hash8c87134c1b45e990e9568f0a3899b0076f94be16d3c40fa824ac1e6c6ee892db	Gentlemen payload (confidence level: 75%)
hash91415e0b9fe4e7cbe43ec0558a7adf89423de30d22b00b985c2e4b97e75076b1	Gentlemen payload (confidence level: 75%)
hash994d6d1edb57f945f4284cc0163ec998861c7496d85f6d45c08657c9727186e3	Gentlemen payload (confidence level: 75%)
hash9f61ff4deb8afced8b1ecdc8787a134c63bde632b18293fbfc94a91749e3e454	Gentlemen payload (confidence level: 75%)
hasha7a19cab7aab606f833fa8225bc94ec9570a6666660b02cc41a63fe39ea8b0ad	Gentlemen payload (confidence level: 75%)
hashb67958afc982cafbe1c3f114b444d7f4c91a88a3e7a86f89ab8795ac2110d1e6	Gentlemen payload (confidence level: 75%)
hashc46b5a18ab3fb5fd1c5c8288a41c75bf0170c10b5e829af89370a12c86dd10f8	Gentlemen payload (confidence level: 75%)
hashc7f7b5a6e7d93221344e6368c7ab4abf93e162f7567e1a7bcb8786cb8a183a73	Gentlemen payload (confidence level: 75%)
hashdce2e5cc00eff2493f8ced546dc51f9d5ef78c5ee56805906ec642dfa77a1c70	Gentlemen payload (confidence level: 75%)
hashdfe696ff713318c53fb17731bd4a6585a02c085b590149b19847990b324a0be6	Gentlemen payload (confidence level: 75%)
hashec368ae0b4369b6ef0da244774995c819c63cffb7fd2132379963b9c1640ccd2	Gentlemen payload (confidence level: 75%)
hashefaf8e7422ffd09c7f03f1a5b4e5c2cc32b05334c18d1ccb9673667f8f43108f	Gentlemen payload (confidence level: 75%)
hashf736be55193c77af346dbe905e25f6a1dee3ec1aedca8989ad2088e4f6576b12	Gentlemen payload (confidence level: 75%)
hashfc75ed2159e0c8274076e46a37671cfb8d677af9f586224da1713df89490a958	Gentlemen payload (confidence level: 75%)
hash1eece1e1ba4b96e6c784729f0608ad2939cfb67bc4236dfababbe1d09268960c	Gentlemen payload (confidence level: 75%)
hash5dc607c8990841139768884b1b43e1403496d5a458788a1937be139594f01dca	Gentlemen payload (confidence level: 75%)
hash788ba200f776a188c248d6c2029f00b5d34be45d4444f7cb89ffe838c39b8b19	Gentlemen payload (confidence level: 75%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash888	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash5000	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash8084	VShell botnet C2 server (confidence level: 100%)
hash8080	VShell botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash18989	VShell botnet C2 server (confidence level: 100%)
hash8084	VShell botnet C2 server (confidence level: 100%)
hash8084	VShell botnet C2 server (confidence level: 100%)
hash443	magecart payload delivery server (confidence level: 90%)
hashe6c60ca4f996b209bbaf7429182d7ed76acf761bb9c1de63486fcb76635fa58c	magecart payload (confidence level: 95%)
hash37890	VShell botnet C2 server (confidence level: 100%)
hash443	AdaptixC2 botnet C2 server (confidence level: 100%)
hash80	AdaptixC2 botnet C2 server (confidence level: 100%)
hash3acf0c5484f7b9a08fee20f36d76566c53423b6612ec20bb5194fbb5beecb939	SectopRAT payload (confidence level: 100%)
hash443	SectopRAT botnet C2 server (confidence level: 100%)
hash6600	SectopRAT payload delivery server (confidence level: 100%)
hash8084	VShell botnet C2 server (confidence level: 100%)
hash8080	AdaptixC2 botnet C2 server (confidence level: 100%)
hash8083	VShell botnet C2 server (confidence level: 100%)
hash8081	VShell botnet C2 server (confidence level: 100%)
hash8080	VShell botnet C2 server (confidence level: 100%)
hash5000	Unknown malware botnet C2 server (confidence level: 100%)
hash13490	VShell botnet C2 server (confidence level: 100%)
hash80	VShell botnet C2 server (confidence level: 100%)
hash10981	VShell botnet C2 server (confidence level: 100%)
hash5000	Unknown malware botnet C2 server (confidence level: 100%)
hash10001	VShell botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash6666	AsyncRAT botnet C2 server (confidence level: 100%)
hash5000	Quasar RAT botnet C2 server (confidence level: 100%)
hash8443	VShell botnet C2 server (confidence level: 100%)
hash443	Unknown malware payload delivery server (confidence level: 75%)
hash443	Unknown malware payload delivery server (confidence level: 75%)
hasha91b1c2431bb2e6b319c700667f0f6f404826088a9ab3ace0bac9a288089adfb	Unknown malware payload (confidence level: 75%)
hash93ae001caa4bb4f9be0d180c0200d1ec0a7a6fe20aaa32e198747ca422570a07	Unknown malware payload (confidence level: 75%)
hashda787c1d0ae23b370a5b3d55ee03600d3ce78f0227f9a75b66dc89183d782d45	Unknown malware payload (confidence level: 75%)
hashbbaf69f94449b05c868e6fe69a94ce9119c8d37dea6170047cad024a4c034c9e	Unknown malware payload (confidence level: 75%)
hash74487f6f803c08427526e45fdb39189f11e0051b8a9582da99431d2dd8e00baa	Unknown malware payload (confidence level: 75%)
hash87e90afe44152688fbc4de77c3b5c2dee31741e6869c35f11b66501780085c89	Unknown malware payload (confidence level: 75%)
hashda5cdb5b4742039fb6e1cd6f9eb713fea5b33c7a1bbe657ef277e93b71a896fc	Unknown malware payload (confidence level: 75%)
hash4cf3aa44e1631fe0da3530081c00066ac3e8f8fa2a2c48d7f633fdc3fcaa723f	Unknown malware payload (confidence level: 75%)
hash8032	VShell botnet C2 server (confidence level: 100%)
hash3389	VShell botnet C2 server (confidence level: 100%)
hash9200	VShell botnet C2 server (confidence level: 100%)
hash7777	DCRat botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash4455	DCRat botnet C2 server (confidence level: 100%)
hash9999	DCRat botnet C2 server (confidence level: 100%)
hash39850	DCRat botnet C2 server (confidence level: 100%)
hash9999	VShell botnet C2 server (confidence level: 100%)
hash8443	VShell botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash8443	VShell botnet C2 server (confidence level: 100%)
hash8443	VShell botnet C2 server (confidence level: 100%)
hash80	VShell botnet C2 server (confidence level: 100%)
hash8777	VShell botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash80	VShell botnet C2 server (confidence level: 100%)
hash8084	VShell botnet C2 server (confidence level: 100%)
hash8084	VShell botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8002	VShell botnet C2 server (confidence level: 100%)
hash56780	VShell botnet C2 server (confidence level: 100%)
hash6606	Remcos botnet C2 server (confidence level: 75%)
hash4321	AdaptixC2 botnet C2 server (confidence level: 75%)
hash8084	VShell botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8088	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8090	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash24789	VShell botnet C2 server (confidence level: 100%)
hash23451	VShell botnet C2 server (confidence level: 100%)
hash3333	AsyncRAT botnet C2 server (confidence level: 100%)
hash8888	AsyncRAT botnet C2 server (confidence level: 100%)
hash56001	Unknown malware botnet C2 server (confidence level: 75%)
hash139	Xtreme RAT botnet C2 server (confidence level: 100%)
hash139	Xtreme RAT botnet C2 server (confidence level: 100%)
hash53	Xtreme RAT botnet C2 server (confidence level: 100%)
hash139	Xtreme RAT botnet C2 server (confidence level: 100%)
hash80	Stealc botnet C2 server (confidence level: 75%)
hash80	Stealc botnet C2 server (confidence level: 75%)
hash80	Stealc botnet C2 server (confidence level: 75%)
hash80	Stealc botnet C2 server (confidence level: 75%)
hash9000	SectopRAT botnet C2 server (confidence level: 75%)
hash1337	Remcos botnet C2 server (confidence level: 75%)
hash443	Unknown malware botnet C2 server (confidence level: 75%)
hash443	Unknown malware botnet C2 server (confidence level: 75%)
hash8080	Tofsee botnet C2 server (confidence level: 75%)
hash80	ERMAC botnet C2 server (confidence level: 75%)
hash443	GhostSocks botnet C2 server (confidence level: 75%)
hash443	Ghost RAT botnet C2 server (confidence level: 50%)
hash5003	Unknown malware botnet C2 server (confidence level: 75%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash57872	Unknown malware botnet C2 server (confidence level: 75%)
hash58827	Unknown malware botnet C2 server (confidence level: 75%)
hash8853	Unknown malware botnet C2 server (confidence level: 75%)
hash7070	Unknown malware botnet C2 server (confidence level: 75%)
hash443	Mirai botnet C2 server (confidence level: 75%)
hash33972	VShell botnet C2 server (confidence level: 100%)
hash60000	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash1806	AsyncRAT botnet C2 server (confidence level: 75%)
hash8015	Remcos botnet C2 server (confidence level: 75%)
hash8848	DCRat botnet C2 server (confidence level: 75%)
hash7443	Unknown malware botnet C2 server (confidence level: 75%)
hash8443	Cobalt Strike botnet C2 server (confidence level: 75%)

Domain

Value	Description	Copy
domainvaytaichinh247.net	StrelaStealer payload delivery domain (confidence level: 100%)
domainipodcast.ottawassmotors.com	StrelaStealer payload delivery domain (confidence level: 100%)
domainwelcomeearth.tv	StrelaStealer payload delivery domain (confidence level: 75%)
domainafroempiredance.com	Vidar payload delivery domain (confidence level: 100%)
domainalfonsocerreti.it	Vidar payload delivery domain (confidence level: 100%)
domainchameleoninserts.com	Vidar payload delivery domain (confidence level: 100%)
domaincmvpl.com	Vidar payload delivery domain (confidence level: 100%)
domaineternalchess.com	Vidar payload delivery domain (confidence level: 100%)
domainglistertexsourcing.com	Vidar payload delivery domain (confidence level: 100%)
domainmartialnovalis.com	Vidar payload delivery domain (confidence level: 100%)
domainprostazin.com	Vidar payload delivery domain (confidence level: 100%)
domainseppiacultura.org	Vidar payload delivery domain (confidence level: 100%)
domainshadetree.financial	Vidar payload delivery domain (confidence level: 100%)
domainsippinservice.com	Vidar payload delivery domain (confidence level: 100%)
domainstyledsoulseries.com	Vidar payload delivery domain (confidence level: 100%)
domainterramarketgroup.com	Vidar payload delivery domain (confidence level: 100%)
domainchanleil.com	Unknown malware botnet C2 domain (confidence level: 49%)
domainxchangerapp.com	Unknown malware botnet C2 domain (confidence level: 49%)
domainw1.quakingconfined.digital	Unknown malware botnet C2 domain (confidence level: 49%)
domainclaude-code.official-version.com	Unknown malware botnet C2 domain (confidence level: 49%)
domaindl.bicstrategic.com	FAKEUPDATES botnet C2 domain (confidence level: 100%)
domain1eh2e3taw3g.com	KongTuke payload delivery domain (confidence level: 100%)
domainbucket-aws-s1.com	CountLoader botnet C2 domain (confidence level: 49%)
domainbucket-aws-s2.com	CountLoader botnet C2 domain (confidence level: 49%)
domainfileless-storage-s3.cc	CountLoader botnet C2 domain (confidence level: 49%)
domainhandle-me-sv1.com	CountLoader botnet C2 domain (confidence level: 49%)
domainhealth-smooth-eu1.com	CountLoader botnet C2 domain (confidence level: 49%)
domainmemory-protection-layer1.cc	CountLoader botnet C2 domain (confidence level: 49%)
domainmemory-protection-layer2.cc	CountLoader botnet C2 domain (confidence level: 49%)
domaincomplicaty.ru	Unknown malware botnet C2 domain (confidence level: 49%)
domain2026123.xyz	IClickFix payload delivery domain (confidence level: 75%)
domainbatppp26.top	magecart credit card skimming domain (confidence level: 90%)
domainbatppp556.top	magecart credit card skimming domain (confidence level: 90%)
domaindysimasyd.shop	magecart credit card skimming domain (confidence level: 90%)
domainhidoslsk.shop	magecart credit card skimming domain (confidence level: 90%)
domainhivuwnd.shop	magecart credit card skimming domain (confidence level: 90%)
domainindaspands.shop	magecart credit card skimming domain (confidence level: 90%)
domainkihdsmas.shop	magecart credit card skimming domain (confidence level: 90%)
domainkimsjafw.shop	magecart credit card skimming domain (confidence level: 90%)
domainlongpih.shop	magecart credit card skimming domain (confidence level: 90%)
domainloveuina.shop	magecart credit card skimming domain (confidence level: 90%)
domainminkadsus.shop	magecart credit card skimming domain (confidence level: 90%)
domainnewpay115.top	magecart credit card skimming domain (confidence level: 90%)
domainonepay114.top	magecart credit card skimming domain (confidence level: 90%)
domainonepay178.top	magecart credit card skimming domain (confidence level: 90%)
domainonepay234.top	magecart credit card skimming domain (confidence level: 90%)
domainonepay58.top	magecart credit card skimming domain (confidence level: 90%)
domainyumigdjsna.shop	magecart credit card skimming domain (confidence level: 90%)
domainbatppp91.top	magecart credit card skimming domain (confidence level: 90%)
domainonepay138.top	magecart credit card skimming domain (confidence level: 90%)
domainonepay146.top	magecart credit card skimming domain (confidence level: 90%)
domainonepay1951.top	magecart credit card skimming domain (confidence level: 90%)
domainonepay212.top	magecart credit card skimming domain (confidence level: 90%)
domaintiejdnsadbhs.shop	magecart credit card skimming domain (confidence level: 90%)
domainimmersevocalistidleness.wiki	ClearFake payload delivery domain (confidence level: 100%)
domainmedicin-morisomtobeafraid.wiki	ClearFake payload delivery domain (confidence level: 100%)
domainbeacontweezersbinge.wiki	ClearFake payload delivery domain (confidence level: 100%)
domaincpanel.sbkollel.org	FAKEUPDATES payload delivery domain (confidence level: 75%)
domainparish.menberetsebaotholytrinityeotc.org	FAKEUPDATES payload delivery domain (confidence level: 75%)
domainantiq-telegraphyproduct.wiki	ClearFake payload delivery domain (confidence level: 100%)
domainbrightestprocexchange.wiki	ClearFake payload delivery domain (confidence level: 100%)
domainymv70dbd.monotheism-sled.digital	ClearFake payload delivery domain (confidence level: 100%)
domaini0zaakp5.monotheism-sled.digital	ClearFake payload delivery domain (confidence level: 100%)
domaincrypt-algorithm-analysis-expert-board.wiki	ClearFake payload delivery domain (confidence level: 100%)
domainhardware-resource-monitor-tool-box.wiki	ClearFake payload delivery domain (confidence level: 100%)
domainanalytical-traffic-audit-record-file.wiki	ClearFake payload delivery domain (confidence level: 100%)
domainbinary-buffer-overflow-protection-lab.wiki	ClearFake payload delivery domain (confidence level: 100%)
domainstat-collection-engine-performance-view.wiki	ClearFake payload delivery domain (confidence level: 100%)
domainamo9xzld.disorientbreak.digital	ClearFake payload delivery domain (confidence level: 100%)
domain9xbc3jzp.disorientbreak.digital	ClearFake payload delivery domain (confidence level: 100%)
domainremote-sensor-proxy-tunnel-config.wiki	ClearFake payload delivery domain (confidence level: 100%)
domainmeta-data-shredding-cleanup-utility.wiki	ClearFake payload delivery domain (confidence level: 100%)
domainkernel-patch-update-release-history.wiki	ClearFake payload delivery domain (confidence level: 100%)
domaintrace-route-diagnostic-signal-map.wiki	ClearFake payload delivery domain (confidence level: 100%)
domainbyte-stream-encryption-standard-base.wiki	ClearFake payload delivery domain (confidence level: 100%)
domain1jyk1gm9.unseen-zorenka.digital	ClearFake payload delivery domain (confidence level: 100%)
domainbinary-block-state-collection.wiki	ClearFake payload delivery domain (confidence level: 100%)
domainqe74wzzp.unseen-zorenka.digital	ClearFake payload delivery domain (confidence level: 100%)
domainbinary-block-tabel-expert-get.wiki	ClearFake payload delivery domain (confidence level: 100%)
domainengine-block-tabel-stream-key.wiki	ClearFake payload delivery domain (confidence level: 100%)
domaindesk-sensor-tabel-tunnel-key.wiki	ClearFake payload delivery domain (confidence level: 100%)
domainvirtual-routing-gateway.wiki	ClearFake payload delivery domain (confidence level: 100%)
domainfke.chriskendallvo.com	Vidar botnet C2 domain (confidence level: 100%)
domainfke.dusapp.com.br	Vidar botnet C2 domain (confidence level: 100%)
domaindistributed-cache-storage-layer.wiki	ClearFake payload delivery domain (confidence level: 100%)
domainbq99ksyi.unseen-zorenka.digital	ClearFake payload delivery domain (confidence level: 100%)
domaine1zwzngt.unseen-zorenka.digital	ClearFake payload delivery domain (confidence level: 100%)
domain25vrwhcd.estat-goldilock.digital	ClearFake payload delivery domain (confidence level: 100%)
domaint7osftz9.estat-goldilock.digital	ClearFake payload delivery domain (confidence level: 100%)
domainserverless-runtime-orchestration-engine.wiki	ClearFake payload delivery domain (confidence level: 100%)
domainedge-processing-network.wiki	ClearFake payload delivery domain (confidence level: 100%)
domainb2b.genethairsalon.com	FAKEUPDATES payload delivery domain (confidence level: 75%)
domaincloud-infrastructure-management-platform.wiki	ClearFake payload delivery domain (confidence level: 100%)
domainmicroservice-control-plane-node.wiki	ClearFake payload delivery domain (confidence level: 100%)
domaineditions.seattlemysterylovers.com	FAKEUPDATES payload delivery domain (confidence level: 75%)
domainfederated-storage-cluster-system.wiki	ClearFake payload delivery domain (confidence level: 100%)
domain8xorq0f0.after-diacritic.digital	ClearFake payload delivery domain (confidence level: 100%)
domainx16zauz3.after-diacritic.digital	ClearFake payload delivery domain (confidence level: 100%)
domaintelemetry-stream-hub.wiki	ClearFake payload delivery domain (confidence level: 100%)
domainasynchronous-message-routing-framework.wiki	ClearFake payload delivery domain (confidence level: 100%)
domainhypervisor-resource-grid.wiki	ClearFake payload delivery domain (confidence level: 100%)
domainglobal-infra-logic-get-hash.wiki	ClearFake payload delivery domain (confidence level: 100%)
domainapp-front.anmaradigital.com	FAKEUPDATES payload delivery domain (confidence level: 75%)
domainglobal-infra-node-date-hash.wiki	ClearFake payload delivery domain (confidence level: 100%)
domainsnap.promantree.com	FAKEUPDATES payload delivery domain (confidence level: 50%)
domainmzfa4p99.sue-intentioned.digital	ClearFake payload delivery domain (confidence level: 100%)
domain4oob20cq.sue-intentioned.digital	ClearFake payload delivery domain (confidence level: 100%)
domainstack-core-node-date-hash.wiki	ClearFake payload delivery domain (confidence level: 100%)
domaincorreia.lol	KongTuke payload delivery domain (confidence level: 100%)
domainhomansicloud.icu	ACR Stealer botnet C2 domain (confidence level: 100%)
domainggx.hypervisor-resource-allocation.in.net	ACR Stealer botnet C2 domain (confidence level: 100%)
domainauth.unnerpectinreword.us	ACR Stealer botnet C2 domain (confidence level: 100%)
domainjack.versionverif.icu	ACR Stealer botnet C2 domain (confidence level: 100%)
domainmaster-core-system-date-slink.wiki	ClearFake payload delivery domain (confidence level: 100%)
domaingnn.fatherchrismas.com	Vidar botnet C2 domain (confidence level: 100%)
domaingnn.dusapp.com.br	Vidar botnet C2 domain (confidence level: 100%)
domainqiig7t2nzog.com	KongTuke payload delivery domain (confidence level: 100%)
domainmaster-voivo-system-shop-slink.wiki	ClearFake payload delivery domain (confidence level: 100%)
domainl1.topayapp.org	Unknown malware botnet C2 domain (confidence level: 100%)
domain6hndc.com	Unknown malware botnet C2 domain (confidence level: 100%)
domainstatic.alfreshup.com	FAKEUPDATES botnet C2 domain (confidence level: 100%)
domainhandout-voivo-desk-ship-link.wiki	ClearFake payload delivery domain (confidence level: 100%)
domaincard-oracle-mac-laptop.wiki	ClearFake payload delivery domain (confidence level: 100%)
domainjpfwdwpz.champag-mannered.digital	ClearFake payload delivery domain (confidence level: 100%)
domainywh94lky.champag-mannered.digital	ClearFake payload delivery domain (confidence level: 100%)
domainlayer-get-win-tron.wiki	ClearFake payload delivery domain (confidence level: 100%)
domainrevvedupnet.com	Remus botnet C2 domain (confidence level: 100%)
domainbrullercorp.com	Remus botnet C2 domain (confidence level: 100%)
domainiasolopreneur.com	Remus botnet C2 domain (confidence level: 100%)
domainbigsolutionsgc.com	Remus botnet C2 domain (confidence level: 100%)
domainsahalexchange.com	Remus botnet C2 domain (confidence level: 100%)
domainlayer-obs-usget-tron.wiki	ClearFake payload delivery domain (confidence level: 100%)
domainobese-table-usweb-play.wiki	ClearFake payload delivery domain (confidence level: 100%)
domainpro-cyber-defense.courses	ClearFake payload delivery domain (confidence level: 100%)
domainsmartworkflowmanagement.courses	ClearFake payload delivery domain (confidence level: 100%)
domainws09ax4h.limous-nitout.digital	ClearFake payload delivery domain (confidence level: 100%)
domainjmlzwn2l.limous-nitout.digital	ClearFake payload delivery domain (confidence level: 100%)
domainexpert-trading-academy.courses	ClearFake payload delivery domain (confidence level: 100%)
domainlogic-buffer-skills.courses	ClearFake payload delivery domain (confidence level: 100%)
domainmasteringdigital-arch.courses	ClearFake payload delivery domain (confidence level: 100%)
domainsystem-analytics-pro-guide.courses	ClearFake payload delivery domain (confidence level: 100%)
domainquickwebdevops.courses	ClearFake payload delivery domain (confidence level: 100%)
domainenterprise-security-log.courses	ClearFake payload delivery domain (confidence level: 100%)
domain3az65saf.flos-strip.digital	ClearFake payload delivery domain (confidence level: 100%)
domainsd9arw2r.flos-strip.digital	ClearFake payload delivery domain (confidence level: 100%)
domainadvanced-it-infrastructure.courses	ClearFake payload delivery domain (confidence level: 100%)
domaincoder-logic-vault.courses	ClearFake payload delivery domain (confidence level: 100%)
domainsup.fatherchrismas.com	Vidar botnet C2 domain (confidence level: 100%)
domaincloudruntime.courses	ClearFake payload delivery domain (confidence level: 100%)
domainpacket-routing-lab.courses	ClearFake payload delivery domain (confidence level: 100%)
domainsup.dusapp.com.br	Vidar botnet C2 domain (confidence level: 100%)
domainmicroservicehub.courses	ClearFake payload delivery domain (confidence level: 100%)
domainserverless-mesh-core.courses	ClearFake payload delivery domain (confidence level: 100%)
domain1y9a9xkq.bitter-salty.digital	ClearFake payload delivery domain (confidence level: 100%)
domainp4l3fctz.bitter-salty.digital	ClearFake payload delivery domain (confidence level: 100%)
domainedge-processing-network.courses	ClearFake payload delivery domain (confidence level: 100%)
domaincartwell-pastphantom.courses	ClearFake payload delivery domain (confidence level: 100%)
domaintelemetrycore.courses	ClearFake payload delivery domain (confidence level: 100%)
domaininherittruckdoge.courses	ClearFake payload delivery domain (confidence level: 100%)
domainwsfzy3vb.ripples-shark.digital	ClearFake payload delivery domain (confidence level: 100%)
domainvirtual-session-gateway.courses	ClearFake payload delivery domain (confidence level: 100%)
domainkrc5t7kn.ripples-shark.digital	ClearFake payload delivery domain (confidence level: 100%)
domainct.feliz.icu	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainkadush-sideburnsushan.courses	ClearFake payload delivery domain (confidence level: 100%)
domaindistributedcache.courses	ClearFake payload delivery domain (confidence level: 100%)
domaingnashhusks.courses	ClearFake payload delivery domain (confidence level: 100%)

Threat ID: 6a066385ec166c07b01fe9af

Added to database: 5/15/2026, 12:06:29 AM

Last enriched: 5/15/2026, 12:06:34 AM

Last updated: 5/15/2026, 6:31:18 AM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited

View courses

ThreatFox IOCs for 2026-05-14

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

ThreatFox IOCs for 2026-05-14

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Technical Details

Indicators of Compromise

Url

File

Hash

Domain

Community Reviews

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility

ThreatFox IOCs for 2026-05-14

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

ThreatFox IOCs for 2026-05-14

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Technical Details

Indicators of Compromise

Url

File

Hash

Domain

Community Reviews

Related Threats

Device Code Phishing is an Evolution in Identity Takeover

Disclosing new PebbleDash-based tools

ClickFix Evolves with PySoxy Proxying

ThreatFox IOCs for 2026-05-13

LBIOC-20260071 - The Gentlemens Leak

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility