Reconnecting to live updates…

ThreatFox IOCs for 2026-05-22

Severity: mediumType: malware

AI Analysis

Technical Summary

The data represents OSINT-derived IOCs associated with malware activity as of May 22, 2026. It includes information relevant to payload delivery and network activity but lacks detailed technical specifics, affected software versions, or exploit mechanisms. No remediation or patch information is available, and the threat is not linked to any known active exploitation campaigns.

Potential Impact

The impact is currently limited to the presence of malware-related IOCs that could assist in detection and response efforts. There is no evidence of active exploitation or direct compromise reported. The threat level is medium, indicating a moderate concern for security monitoring but no immediate critical risk.

Mitigation Recommendations

No patches or official fixes are available for this threat. Security teams should incorporate the provided IOCs into their detection and monitoring systems to identify potential malicious activity. Since no active exploits are known, no urgent remediation actions are required beyond standard monitoring.

Indicators of Compromise

url: https://biletors.cfd/
domain: linkedco.net
domain: finger.linkedco.net
file: 123.57.135.130
hash: 8888
url: https://maik-freudenberg.de/
file: 170.106.199.68
hash: 443
file: 38.45.125.102
hash: 8084
file: 180.178.160.153
hash: 443
file: 43.173.248.150
hash: 443
file: 158.94.208.64
hash: 8089
file: 161.35.82.152
hash: 25001
file: 209.38.34.201
hash: 25001
url: https://microsmeet.xyz/api/mn/6676097740/update
domain: yujinp.xyz
domain: teams.livesweb.us
domain: konizia.com
file: 62.171.190.148
hash: 8081
file: 85.155.151.85
hash: 4444
file: 18.139.222.223
hash: 81
file: 18.139.222.223
hash: 82
file: 180.76.242.55
hash: 8084
url: https://candipoker.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/v10
url: https://sam-sa.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/v10
url: https://namlongland.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/v12
url: https://namlongland.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/v11
url: https://namlongland.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/v10
url: https://namlongland.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/v9
url: https://namlongland.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/v8
url: https://namlongland.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/v7
url: https://namlongland.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/v5
url: https://candipoker.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/t10
url: https://sam-sa.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/t12
url: https://sam-sa.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/t11
url: https://sam-sa.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/t10
url: https://sam-sa.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/t8
url: https://sam-sa.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/t7
url: https://sam-sa.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/t5
url: https://namlongland.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/t12
url: https://namlongland.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/t11
url: https://namlongland.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/t8
url: https://namlongland.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/t7
url: https://namlongland.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/t5
url: https://linkedco.net/infos.php?fronts=1
hash: 0759904c16ff6d1f25be53e218f7bb13668a13cf5bd328375bb37941c2c94ab2
hash: d95bb7afd88d684dd99bb0c462fd7e0f81596baa2a2749263c7be4f09b4177ec
hash: 0ae0517a518f277c67ae6959e8fb1e75a67ce3c2d1a86af084326f9a6c3c2839
hash: f630d779290a050dbc415863be303b8bb78dbe0bf4ff1ebae5fcbfddeace95b2
hash: d72e75830ccb3a1bb80026081be1b775b3c2b18f91034277a27957a3a4e51632
hash: 4e71f0e1b1862492562f7ffada5c1d98e4d9c83cf63cd99636fb7f932d4cb4a7
hash: 475a074242f7c58f55fdaa7c2773b1aaf448ce826a8fc98ee76f0dc88eba72b2
hash: d430141b6573335f2eaba7c9dad1729e182432f128c4311a962f77c12d48a82c
hash: 2c14abd6082ec4929d7f375f7c264741355e4b28a402c7cf89caac37627e2739
hash: bf1c796dbb2b7d6d3b6820fccd6a5bcd127c0296754680f3f7d067bcca56b1b4
hash: d6aea182e02b91f804b3b80b9e4a754d818c25b5540bfc2f67117d15755dee00
hash: 3abe2587ac04cc71fae274401e13cbc6aaa937e4cd76a2c910c2e906bf35988e
hash: b6c95e309ebef7dc253970dec65289cf207ff713594ae33381642f6ac1db27e4
hash: a96edc7a4d5f768974db6100febf6fc7b3628faca3a277e12b3c055ea2707fe6
hash: 8a274a2de294dfbc889c5fb4475a1fed986a72eeb75e0f74356bd4f686b69a76
hash: ef36aa66e953dfe4a92e1fca37d4a49b481a10f257ea8436b93e3a5738416493
hash: 756935b429ab86b428037aaf8d2b4adbb16316472c413730869c1a00a9b0d834
hash: e1c662e5b751306a036fb5de530ca06220ecc6fd2bae8edde3502cbd69222696
hash: 2f88f94208b77bb61382494f0c3258e17b28302f7adbe5e3137adadd1504e616
hash: 8351db34b7d7f09b7bb38ca3f520f34f48d4cf319ae4629e07a352520e604b78
hash: dc042f848b0cc33903c831e90aae8cdcc0fdaa30c3036e08397ae9df86af7ef8
domain: live05ms.us
domain: msonlive.us
domain: editorfxmedia.com
domain: techevent.us
domain: teams.live05ms.us
domain: teams.msonlive.us
domain: teams.onlivecall.com
file: 51.81.101.212
hash: 1234
file: 145.223.69.152
hash: 1234
domain: kernel-control-engine.christmas
domain: proxy-stream.christmas
domain: signal-routing-framework.christmas
file: 59.110.81.93
hash: 80
file: 129.204.14.131
hash: 44444
file: 172.86.72.240
hash: 80
file: 18.133.255.252
hash: 80
domain: mal.adasm188.top
url: https://mal.adasm188.top/
domain: mal.fbvendas.com
url: https://mal.fbvendas.com/
domain: byte-network-hub.christmas
file: 5.101.84.202
hash: 443
file: 180.178.160.215
hash: 443
file: 107.173.38.158
hash: 443
file: 107.173.38.158
hash: 8080
domain: telemetrymesh.christmas
hash: 0fc7aba0497bf6b84fe63cf433f17341fc3629fd76c192108dabfd5b54008b6d
domain: razor2025.strangled.net
file: 206.188.196.227
hash: 8443
file: 216.126.225.129
hash: 8080
file: 216.126.225.129
hash: 8443
domain: runtime-processing-node.christmas
hash: 5f4471ee42781ef21b69139e0f68af0954c149a3f1e2bf68daf838b025bb3d16
hash: 55802196927754c446ae6bb3596f922b312ab19af8db8270a175c7dcfd286325
hash: b735ba784645811d1a8f965f7094c68465c8bbead033a5f9ef612f1bcfe9d454
hash: c54237095cc681cec78f8291055ee2c5c1260d6aedf781fd6e31116ae0a077ef
hash: f1be89b6f429456d5c653007e7c2d1c7805c86891f0bf2faec71d96904f0e973
hash: da6d18fa9aef1ec337bca6e15675ce0db764c8d67345e8eed55c6c8ddfcf9967
url: https://www.creassociates.us/
domain: stack-control-plane.christmas
file: 143.14.9.56
hash: 7443
domain: meedeal.com
domain: lasagna-bakingpro.christmas
domain: sls.in.net
hash: 98a78797b8a8db6976d8510dc697babfd35892ec6c37aaf5d2b385495aa8d84f
hash: e70e2ca57d3ac6941b419b621cf144d4c3de70dcbaf09446bd3b7d2ead69399f
hash: 9985205911ef112161c34c2fd949e5351375f27ee1dce33eaca6e03ef7968537
hash: 9860b2cdf23fc044bf7c6715197068b3cf6349f7ffb5e95dfd0229f212c40e63
hash: c21ad347e05405bc23f7efc6022f03951fab7461e7d52661d579a9c651cbf0d2
hash: 23e04d32fec762b39dfadc746ee73f22ca83580f30aa8c69fec24afe79f87320
domain: quantumvelocitylabs.christmas
domain: cyber-defensepro.christmas
domain: orbital-mechanics.christmas
domain: sembla.com.br
url: https://hms.xybcaap.my.id/
domain: hms.xybcaap.my.id
domain: ancientparchmentarchive.christmas
domain: smartworkflowmanagement.christmas
file: 151.242.63.220
hash: 7004
domain: subterranean-mineral.christmas
domain: silkestate.io
domain: linguisticpuzzlesolver.christmas
domain: adzeta.monster
domain: hahletsgoagain.beer
domain: neon-cyberpunk.christmas
file: 23.236.64.231
hash: 8443
file: 202.60.229.22
hash: 443
file: 129.28.26.51
hash: 80
file: 47.236.110.1
hash: 80
file: 193.221.200.161
hash: 443
file: 175.24.175.158
hash: 9000
url: http://43.173.100.69:8888/supershell/login/
file: 43.173.100.69
hash: 8888
file: 45.154.98.84
hash: 1000
file: 207.180.250.181
hash: 20700
file: 39.100.82.149
hash: 8084
domain: trading-academyexpert.christmas
file: 145.82.181.218
hash: 11
file: 45.131.3.57
hash: 1604
file: 189.150.132.33
hash: 1604
file: 151.242.125.187
hash: 80
file: 68.134.58.120
hash: 54984
file: 176.100.37.216
hash: 443
file: 147.45.72.199
hash: 31337
file: 2.27.5.12
hash: 9000
file: 5.188.86.6
hash: 9000
file: 35.220.177.232
hash: 4343
file: 46.20.109.225
hash: 8999
file: 158.94.173.11
hash: 12345
file: 43.138.186.157
hash: 9443
file: 123.14.218.45
hash: 55442
domain: a3tf75e7k596x.cfc-execute.bj.baidubce.com
domain: fq3gm5xphax8c.cfc-execute.bj.baidubce.com
domain: xulnai.com
file: 106.14.30.169
hash: 80
file: 118.31.114.149
hash: 4430
file: 154.201.68.191
hash: 14125
file: 23.106.135.33
hash: 443
file: 23.106.135.33
hash: 80
domain: vintagevinylrestoration.christmas
file: 154.89.149.239
hash: 18881
file: 13.212.52.242
hash: 8084
domain: pixelart-canvas.christmas
domain: pfo.adasm188.top
url: https://pfo.adasm188.top/
domain: pfo.fbvendas.com
url: https://pfo.fbvendas.com/
file: 104.37.174.36
hash: 7707
file: 104.37.174.36
hash: 8808
file: 138.9.254.121
hash: 8015
file: 172.86.123.119
hash: 8679
file: 176.119.25.78
hash: 7707
file: 192.169.7.17
hash: 27443
file: 193.93.194.31
hash: 50194
file: 31.171.131.118
hash: 7707
file: 31.171.131.118
hash: 8808
file: 31.57.184.154
hash: 7006
file: 45.90.120.36
hash: 7443
file: 46.224.144.82
hash: 7443
file: 54.187.35.128
hash: 7443
file: 88.119.167.143
hash: 8000
domain: logicbufferskills.christmas
file: 47.236.110.1
hash: 443
file: 47.236.110.1
hash: 8080
file: 156.225.22.84
hash: 443
url: https://jumpthehurdle.com/
file: 46.151.182.76
hash: 8080
domain: chroniclearchivekeeper.christmas
file: 180.131.145.97
hash: 9995
file: 89.213.118.155
hash: 8443
domain: chickencutlet-hacks.christmas
domain: formkey.asia
file: 156.225.22.84
hash: 8080
file: 38.146.25.232
hash: 8808
file: 207.180.250.181
hash: 111
file: 207.180.250.181
hash: 70
domain: unicore.lol
domain: joinunicore.top
file: 80.211.47.159
hash: 7582
domain: genuskox.biz
domain: spamgym.asia
domain: softandtec.com
url: https://opaqueshellsoftsmoke.monster/indexactiverevenue.php
url: https://totebagsforwork.com/nfront.php
url: https://totebagsforwork.com/nback.php
hash: 4e286cd901813a5f80411e417fb5defe25ff9af00706e68509392f6e75cc3908
hash: f3ef4663e909e2545d25bdd0edc7ba4f88d197760921ca23e7dededf7326aa8e
url: https://ahokulairistouv.site:14001
url: https://apitelemetryinfrastructure.org:16759
url: https://baseridetvinasia.org:16415
url: https://berlinlogo.shop:19095
url: https://brakojundi.org:19049
url: https://brightmoonjourney.site:16843
url: https://cafecitta.com:5036
url: https://cdninfrastructure.org:13726
url: https://cheapgames.world:4702
url: https://datenarraqiloni.shop:3058
url: https://duaeshen.org:13404
url: https://faraserna.store:15486
url: https://getjoot.org:13331
url: https://goldencloudmeadow.site:1627
url: https://goldenleafdreams.site:10475
url: https://gongklaus.com:18683
url: https://hiddenforestpath.site:8392
url: https://himiltonperg.top:12925
url: https://horllleylenassa.store:19786
url: https://hyperivorationally.site:9929
url: https://illugvinati.co:18637
url: https://inoamito.com:19968
url: https://ironbigman.com:16143
url: https://ishakebanii.online:14620
url: https://joctalaquelland.store:5686
url: https://jonulimileallil.shop:10070
url: https://klaunsingjork.top:4822
url: https://klimonturo.org:11044
url: https://kurvioslash.org:11734
url: https://lionbuffet.info:12876
url: https://lotarolimited.org:6572
url: https://mediainfrastructure.org:1928
url: https://mildatatararthe.store:8781
url: https://mindfulyworld.org:6897
url: https://mitarrallhecaui.store:7686
url: https://monyepeiok.com:1882
url: https://netfabricx.org:7320
url: https://nodebridge.org:7317
url: https://ogdablondan.net:19466
url: https://ostagnollaminte.site:13748
url: https://pookingboot.top:7279
url: https://rafvery.com:9568
url: https://rainerciarrylen.site:2196
url: https://saveswildlife.org:16769
url: https://sayruuq.com:14378
url: https://server.elinventbg.org:13641
url: https://shadowmoonlight.site:16263
url: https://shadowmountainpeak.site:17029
url: https://sheapandrun.com:5573
url: https://silentforestpath.site:6639
url: https://siviroussnake.com:7561
url: https://sparinboits.top:6355
url: https://storytimewithjosh.org:14114
url: https://talakegifren.net:12978
url: https://thegreatestjew.org:18983
url: https://timeoutbasketball.org:2677
url: https://toparmarragusme.shop:15238
url: https://torizomazo.org:12699
url: https://transivorationally.site:3504
url: https://ulmaveylllataon.store:12889
url: https://vawneokontilyar.site:1888
url: https://vortexiventrically.site:13210
url: https://wanderingcloudsong.site:5364
url: https://whisperingwindtree.site:7715
url: https://wnctesla.org:10194
url: https://wonzakerind.com:16643
url: https://zadvandersto.best:6536
url: https://zaeblietiprocl.store:13761
file: 137.184.240.126
hash: 9000
domain: iotonton.io
file: 68.183.13.148
hash: 25001
file: 184.82.96.72
hash: 443
file: 47.239.50.7
hash: 443
file: 110.42.189.163
hash: 8084
url: http://it-solutions-bayern.com:6431
url: http://woodfez.biz:7582
url: http://firewai.biz:48261
domain: reposboy.asia
file: 161.35.93.156
hash: 25001
domain: labdjang.asia
domain: dip.adasm188.top
url: https://dip.adasm188.top/
domain: dip.fbvendas.com
url: https://dip.fbvendas.com/
file: 31.192.107.180
hash: 7000
domain: staticcloudflare.pro
url: https://staticcloudflare.pro/api/css.js
domain: cache-orbit.christmas
domain: 789cllub.co
domain: ambt24.nl
domain: llwin.co.com
domain: scalpbrothers.nl
domain: sportsmodelagency.nl
domain: vakgarageschaap.nl
domain: vankesseladvocatuur.nl
domain: weerterveldautos.nl
domain: gowayofficemee.in.net
domain: j88t.club
domain: virtual-packet-grid.christmas
domain: nodefabric.christmas
domain: phase-shiftbridge.christmas
domain: www.danafiles.com
domain: www.danafilesbackup1.com
domain: www.danafilesbackup2.com
domain: www.danafilesbackup3.com
domain: dozie.io
domain: algerium.io
domain: qinerdime.servehalflife.com
domain: qinerdime.ydns.eu
domain: holisticdetective.christmas
url: https://fearlesshomemaker.com/
file: 192.109.200.183
hash: 5566
file: 2.59.162.106
hash: 12639
file: 2.59.162.106
hash: 1298
file: 2.59.162.106
hash: 36125
file: 2.59.162.106
hash: 6698
file: 45.154.98.84
hash: 100
file: 45.154.98.84
hash: 8808
file: 46.29.234.94
hash: 12639
file: 46.29.234.94
hash: 1298
file: 5.101.82.98
hash: 41843
file: 87.251.76.213
hash: 8443
file: 88.119.167.142
hash: 8000
domain: shoplinzspiration.com
domain: sopranos-familytree.christmas
domain: xenomorphhiveintel.christmas
domain: snow-harbor.christmas
domain: gift-lattice.christmas
domain: winter-pulse.christmas
domain: mstdvyct.gift-lattice.christmas
domain: mfwhezll.gift-lattice.christmas

ThreatFox IOCs for 2026-05-22

Severity: medium

Type: malware

ThreatFox IOCs for 2026-05-22

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

url: https://biletors.cfd/
domain: linkedco.net
domain: finger.linkedco.net
file: 123.57.135.130
hash: 8888
url: https://maik-freudenberg.de/
file: 170.106.199.68
hash: 443
file: 38.45.125.102
hash: 8084
file: 180.178.160.153
hash: 443
file: 43.173.248.150
hash: 443
file: 158.94.208.64
hash: 8089
file: 161.35.82.152
hash: 25001
file: 209.38.34.201
hash: 25001
url: https://microsmeet.xyz/api/mn/6676097740/update
domain: yujinp.xyz
domain: teams.livesweb.us
domain: konizia.com
file: 62.171.190.148
hash: 8081
file: 85.155.151.85
hash: 4444
file: 18.139.222.223
hash: 81
file: 18.139.222.223
hash: 82
file: 180.76.242.55
hash: 8084
url: https://candipoker.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/v10
url: https://sam-sa.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/v10
url: https://namlongland.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/v12
url: https://namlongland.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/v11
url: https://namlongland.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/v10
url: https://namlongland.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/v9
url: https://namlongland.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/v8
url: https://namlongland.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/v7
url: https://namlongland.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/v5
url: https://candipoker.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/t10
url: https://sam-sa.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/t12
url: https://sam-sa.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/t11
url: https://sam-sa.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/t10
url: https://sam-sa.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/t8
url: https://sam-sa.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/t7
url: https://sam-sa.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/t5
url: https://namlongland.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/t12
url: https://namlongland.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/t11
url: https://namlongland.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/t8
url: https://namlongland.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/t7
url: https://namlongland.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/t5
url: https://linkedco.net/infos.php?fronts=1
hash: 0759904c16ff6d1f25be53e218f7bb13668a13cf5bd328375bb37941c2c94ab2
hash: d95bb7afd88d684dd99bb0c462fd7e0f81596baa2a2749263c7be4f09b4177ec
hash: 0ae0517a518f277c67ae6959e8fb1e75a67ce3c2d1a86af084326f9a6c3c2839
hash: f630d779290a050dbc415863be303b8bb78dbe0bf4ff1ebae5fcbfddeace95b2
hash: d72e75830ccb3a1bb80026081be1b775b3c2b18f91034277a27957a3a4e51632
hash: 4e71f0e1b1862492562f7ffada5c1d98e4d9c83cf63cd99636fb7f932d4cb4a7
hash: 475a074242f7c58f55fdaa7c2773b1aaf448ce826a8fc98ee76f0dc88eba72b2
hash: d430141b6573335f2eaba7c9dad1729e182432f128c4311a962f77c12d48a82c
hash: 2c14abd6082ec4929d7f375f7c264741355e4b28a402c7cf89caac37627e2739
hash: bf1c796dbb2b7d6d3b6820fccd6a5bcd127c0296754680f3f7d067bcca56b1b4
hash: d6aea182e02b91f804b3b80b9e4a754d818c25b5540bfc2f67117d15755dee00
hash: 3abe2587ac04cc71fae274401e13cbc6aaa937e4cd76a2c910c2e906bf35988e
hash: b6c95e309ebef7dc253970dec65289cf207ff713594ae33381642f6ac1db27e4
hash: a96edc7a4d5f768974db6100febf6fc7b3628faca3a277e12b3c055ea2707fe6
hash: 8a274a2de294dfbc889c5fb4475a1fed986a72eeb75e0f74356bd4f686b69a76
hash: ef36aa66e953dfe4a92e1fca37d4a49b481a10f257ea8436b93e3a5738416493
hash: 756935b429ab86b428037aaf8d2b4adbb16316472c413730869c1a00a9b0d834
hash: e1c662e5b751306a036fb5de530ca06220ecc6fd2bae8edde3502cbd69222696
hash: 2f88f94208b77bb61382494f0c3258e17b28302f7adbe5e3137adadd1504e616
hash: 8351db34b7d7f09b7bb38ca3f520f34f48d4cf319ae4629e07a352520e604b78
hash: dc042f848b0cc33903c831e90aae8cdcc0fdaa30c3036e08397ae9df86af7ef8
domain: live05ms.us
domain: msonlive.us
domain: editorfxmedia.com
domain: techevent.us
domain: teams.live05ms.us
domain: teams.msonlive.us
domain: teams.onlivecall.com
file: 51.81.101.212
hash: 1234
file: 145.223.69.152
hash: 1234
domain: kernel-control-engine.christmas
domain: proxy-stream.christmas
domain: signal-routing-framework.christmas
file: 59.110.81.93
hash: 80
file: 129.204.14.131
hash: 44444
file: 172.86.72.240
hash: 80
file: 18.133.255.252
hash: 80
domain: mal.adasm188.top
url: https://mal.adasm188.top/
domain: mal.fbvendas.com
url: https://mal.fbvendas.com/
domain: byte-network-hub.christmas
file: 5.101.84.202
hash: 443
file: 180.178.160.215
hash: 443
file: 107.173.38.158
hash: 443
file: 107.173.38.158
hash: 8080
domain: telemetrymesh.christmas
hash: 0fc7aba0497bf6b84fe63cf433f17341fc3629fd76c192108dabfd5b54008b6d
domain: razor2025.strangled.net
file: 206.188.196.227
hash: 8443
file: 216.126.225.129
hash: 8080
file: 216.126.225.129
hash: 8443
domain: runtime-processing-node.christmas
hash: 5f4471ee42781ef21b69139e0f68af0954c149a3f1e2bf68daf838b025bb3d16
hash: 55802196927754c446ae6bb3596f922b312ab19af8db8270a175c7dcfd286325
hash: b735ba784645811d1a8f965f7094c68465c8bbead033a5f9ef612f1bcfe9d454
hash: c54237095cc681cec78f8291055ee2c5c1260d6aedf781fd6e31116ae0a077ef
hash: f1be89b6f429456d5c653007e7c2d1c7805c86891f0bf2faec71d96904f0e973
hash: da6d18fa9aef1ec337bca6e15675ce0db764c8d67345e8eed55c6c8ddfcf9967
url: https://www.creassociates.us/
domain: stack-control-plane.christmas
file: 143.14.9.56
hash: 7443
domain: meedeal.com
domain: lasagna-bakingpro.christmas
domain: sls.in.net
hash: 98a78797b8a8db6976d8510dc697babfd35892ec6c37aaf5d2b385495aa8d84f
hash: e70e2ca57d3ac6941b419b621cf144d4c3de70dcbaf09446bd3b7d2ead69399f
hash: 9985205911ef112161c34c2fd949e5351375f27ee1dce33eaca6e03ef7968537
hash: 9860b2cdf23fc044bf7c6715197068b3cf6349f7ffb5e95dfd0229f212c40e63
hash: c21ad347e05405bc23f7efc6022f03951fab7461e7d52661d579a9c651cbf0d2
hash: 23e04d32fec762b39dfadc746ee73f22ca83580f30aa8c69fec24afe79f87320
domain: quantumvelocitylabs.christmas
domain: cyber-defensepro.christmas
domain: orbital-mechanics.christmas
domain: sembla.com.br
url: https://hms.xybcaap.my.id/
domain: hms.xybcaap.my.id
domain: ancientparchmentarchive.christmas
domain: smartworkflowmanagement.christmas
file: 151.242.63.220
hash: 7004
domain: subterranean-mineral.christmas
domain: silkestate.io
domain: linguisticpuzzlesolver.christmas
domain: adzeta.monster
domain: hahletsgoagain.beer
domain: neon-cyberpunk.christmas
file: 23.236.64.231
hash: 8443
file: 202.60.229.22
hash: 443
file: 129.28.26.51
hash: 80
file: 47.236.110.1
hash: 80
file: 193.221.200.161
hash: 443
file: 175.24.175.158
hash: 9000
url: http://43.173.100.69:8888/supershell/login/
file: 43.173.100.69
hash: 8888
file: 45.154.98.84
hash: 1000
file: 207.180.250.181
hash: 20700
file: 39.100.82.149
hash: 8084
domain: trading-academyexpert.christmas
file: 145.82.181.218
hash: 11
file: 45.131.3.57
hash: 1604
file: 189.150.132.33
hash: 1604
file: 151.242.125.187
hash: 80
file: 68.134.58.120
hash: 54984
file: 176.100.37.216
hash: 443
file: 147.45.72.199
hash: 31337
file: 2.27.5.12
hash: 9000
file: 5.188.86.6
hash: 9000
file: 35.220.177.232
hash: 4343
file: 46.20.109.225
hash: 8999
file: 158.94.173.11
hash: 12345
file: 43.138.186.157
hash: 9443
file: 123.14.218.45
hash: 55442
domain: a3tf75e7k596x.cfc-execute.bj.baidubce.com
domain: fq3gm5xphax8c.cfc-execute.bj.baidubce.com
domain: xulnai.com
file: 106.14.30.169
hash: 80
file: 118.31.114.149
hash: 4430
file: 154.201.68.191
hash: 14125
file: 23.106.135.33
hash: 443
file: 23.106.135.33
hash: 80
domain: vintagevinylrestoration.christmas
file: 154.89.149.239
hash: 18881
file: 13.212.52.242
hash: 8084
domain: pixelart-canvas.christmas
domain: pfo.adasm188.top
url: https://pfo.adasm188.top/
domain: pfo.fbvendas.com
url: https://pfo.fbvendas.com/
file: 104.37.174.36
hash: 7707
file: 104.37.174.36
hash: 8808
file: 138.9.254.121
hash: 8015
file: 172.86.123.119
hash: 8679
file: 176.119.25.78
hash: 7707
file: 192.169.7.17
hash: 27443
file: 193.93.194.31
hash: 50194
file: 31.171.131.118
hash: 7707
file: 31.171.131.118
hash: 8808
file: 31.57.184.154
hash: 7006
file: 45.90.120.36
hash: 7443
file: 46.224.144.82
hash: 7443
file: 54.187.35.128
hash: 7443
file: 88.119.167.143
hash: 8000
domain: logicbufferskills.christmas
file: 47.236.110.1
hash: 443
file: 47.236.110.1
hash: 8080
file: 156.225.22.84
hash: 443
url: https://jumpthehurdle.com/
file: 46.151.182.76
hash: 8080
domain: chroniclearchivekeeper.christmas
file: 180.131.145.97
hash: 9995
file: 89.213.118.155
hash: 8443
domain: chickencutlet-hacks.christmas
domain: formkey.asia
file: 156.225.22.84
hash: 8080
file: 38.146.25.232
hash: 8808
file: 207.180.250.181
hash: 111
file: 207.180.250.181
hash: 70
domain: unicore.lol
domain: joinunicore.top
file: 80.211.47.159
hash: 7582
domain: genuskox.biz
domain: spamgym.asia
domain: softandtec.com
url: https://opaqueshellsoftsmoke.monster/indexactiverevenue.php
url: https://totebagsforwork.com/nfront.php
url: https://totebagsforwork.com/nback.php
hash: 4e286cd901813a5f80411e417fb5defe25ff9af00706e68509392f6e75cc3908
hash: f3ef4663e909e2545d25bdd0edc7ba4f88d197760921ca23e7dededf7326aa8e
url: https://ahokulairistouv.site:14001
url: https://apitelemetryinfrastructure.org:16759
url: https://baseridetvinasia.org:16415
url: https://berlinlogo.shop:19095
url: https://brakojundi.org:19049
url: https://brightmoonjourney.site:16843
url: https://cafecitta.com:5036
url: https://cdninfrastructure.org:13726
url: https://cheapgames.world:4702
url: https://datenarraqiloni.shop:3058
url: https://duaeshen.org:13404
url: https://faraserna.store:15486
url: https://getjoot.org:13331
url: https://goldencloudmeadow.site:1627
url: https://goldenleafdreams.site:10475
url: https://gongklaus.com:18683
url: https://hiddenforestpath.site:8392
url: https://himiltonperg.top:12925
url: https://horllleylenassa.store:19786
url: https://hyperivorationally.site:9929
url: https://illugvinati.co:18637
url: https://inoamito.com:19968
url: https://ironbigman.com:16143
url: https://ishakebanii.online:14620
url: https://joctalaquelland.store:5686
url: https://jonulimileallil.shop:10070
url: https://klaunsingjork.top:4822
url: https://klimonturo.org:11044
url: https://kurvioslash.org:11734
url: https://lionbuffet.info:12876
url: https://lotarolimited.org:6572
url: https://mediainfrastructure.org:1928
url: https://mildatatararthe.store:8781
url: https://mindfulyworld.org:6897
url: https://mitarrallhecaui.store:7686
url: https://monyepeiok.com:1882
url: https://netfabricx.org:7320
url: https://nodebridge.org:7317
url: https://ogdablondan.net:19466
url: https://ostagnollaminte.site:13748
url: https://pookingboot.top:7279
url: https://rafvery.com:9568
url: https://rainerciarrylen.site:2196
url: https://saveswildlife.org:16769
url: https://sayruuq.com:14378
url: https://server.elinventbg.org:13641
url: https://shadowmoonlight.site:16263
url: https://shadowmountainpeak.site:17029
url: https://sheapandrun.com:5573
url: https://silentforestpath.site:6639
url: https://siviroussnake.com:7561
url: https://sparinboits.top:6355
url: https://storytimewithjosh.org:14114
url: https://talakegifren.net:12978
url: https://thegreatestjew.org:18983
url: https://timeoutbasketball.org:2677
url: https://toparmarragusme.shop:15238
url: https://torizomazo.org:12699
url: https://transivorationally.site:3504
url: https://ulmaveylllataon.store:12889
url: https://vawneokontilyar.site:1888
url: https://vortexiventrically.site:13210
url: https://wanderingcloudsong.site:5364
url: https://whisperingwindtree.site:7715
url: https://wnctesla.org:10194
url: https://wonzakerind.com:16643
url: https://zadvandersto.best:6536
url: https://zaeblietiprocl.store:13761
file: 137.184.240.126
hash: 9000
domain: iotonton.io
file: 68.183.13.148
hash: 25001
file: 184.82.96.72
hash: 443
file: 47.239.50.7
hash: 443
file: 110.42.189.163
hash: 8084
url: http://it-solutions-bayern.com:6431
url: http://woodfez.biz:7582
url: http://firewai.biz:48261
domain: reposboy.asia
file: 161.35.93.156
hash: 25001
domain: labdjang.asia
domain: dip.adasm188.top
url: https://dip.adasm188.top/
domain: dip.fbvendas.com
url: https://dip.fbvendas.com/
file: 31.192.107.180
hash: 7000
domain: staticcloudflare.pro
url: https://staticcloudflare.pro/api/css.js
domain: cache-orbit.christmas
domain: 789cllub.co
domain: ambt24.nl
domain: llwin.co.com
domain: scalpbrothers.nl
domain: sportsmodelagency.nl
domain: vakgarageschaap.nl
domain: vankesseladvocatuur.nl
domain: weerterveldautos.nl
domain: gowayofficemee.in.net
domain: j88t.club
domain: virtual-packet-grid.christmas
domain: nodefabric.christmas
domain: phase-shiftbridge.christmas
domain: www.danafiles.com
domain: www.danafilesbackup1.com
domain: www.danafilesbackup2.com
domain: www.danafilesbackup3.com
domain: dozie.io
domain: algerium.io
domain: qinerdime.servehalflife.com
domain: qinerdime.ydns.eu
domain: holisticdetective.christmas
url: https://fearlesshomemaker.com/
file: 192.109.200.183
hash: 5566
file: 2.59.162.106
hash: 12639
file: 2.59.162.106
hash: 1298
file: 2.59.162.106
hash: 36125
file: 2.59.162.106
hash: 6698
file: 45.154.98.84
hash: 100
file: 45.154.98.84
hash: 8808
file: 46.29.234.94
hash: 12639
file: 46.29.234.94
hash: 1298
file: 5.101.82.98
hash: 41843
file: 87.251.76.213
hash: 8443
file: 88.119.167.142
hash: 8000
domain: shoplinzspiration.com
domain: sopranos-familytree.christmas
domain: xenomorphhiveintel.christmas
domain: snow-harbor.christmas
domain: gift-lattice.christmas
domain: winter-pulse.christmas
domain: mstdvyct.gift-lattice.christmas
domain: mfwhezll.gift-lattice.christmas

Source: ThreatFox MISP Feed

Published: Fri May 22 2026

ThreatFox IOCs for 2026-05-22

Medium

Malwaretype:osint tlp:white

Published: Fri May 22 2026 (05/22/2026, 00:00:00 UTC)

Source: ThreatFox MISP Feed

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2026-05-22

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 05/23/2026, 00:14:41 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: a2abe635-de24-4c15-a57c-5236072a28d8
Original Timestamp: 1779494588

Indicators of Compromise

Url

Value	Description	Copy
urlhttps://biletors.cfd/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://maik-freudenberg.de/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://microsmeet.xyz/api/mn/6676097740/update	Unknown malware payload delivery URL (confidence level: 80%)
urlhttps://candipoker.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/v10	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://sam-sa.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/v10	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://namlongland.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/v12	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://namlongland.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/v11	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://namlongland.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/v10	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://namlongland.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/v9	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://namlongland.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/v8	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://namlongland.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/v7	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://namlongland.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/v5	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://candipoker.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/t10	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://sam-sa.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/t12	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://sam-sa.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/t11	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://sam-sa.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/t10	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://sam-sa.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/t8	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://sam-sa.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/t7	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://sam-sa.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/t5	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://namlongland.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/t12	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://namlongland.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/t11	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://namlongland.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/t8	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://namlongland.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/t7	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://namlongland.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/t5	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://linkedco.net/infos.php?fronts=1	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://mal.adasm188.top/	Vidar botnet C2 (confidence level: 100%)
urlhttps://mal.fbvendas.com/	Vidar botnet C2 (confidence level: 100%)
urlhttps://www.creassociates.us/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://hms.xybcaap.my.id/	Vidar botnet C2 (confidence level: 100%)
urlhttp://43.173.100.69:8888/supershell/login/	Unknown malware botnet C2 (confidence level: 100%)
urlhttps://pfo.adasm188.top/	Vidar botnet C2 (confidence level: 100%)
urlhttps://pfo.fbvendas.com/	Vidar botnet C2 (confidence level: 100%)
urlhttps://jumpthehurdle.com/	Vidar payload delivery URL (confidence level: 75%)
urlhttps://opaqueshellsoftsmoke.monster/indexactiverevenue.php	Satacom payload delivery URL (confidence level: 100%)
urlhttps://totebagsforwork.com/nfront.php	Satacom payload delivery URL (confidence level: 100%)
urlhttps://totebagsforwork.com/nback.php	Satacom payload delivery URL (confidence level: 100%)
urlhttps://ahokulairistouv.site:14001	Antidot botnet C2 (confidence level: 100%)
urlhttps://apitelemetryinfrastructure.org:16759	Antidot botnet C2 (confidence level: 100%)
urlhttps://baseridetvinasia.org:16415	Antidot botnet C2 (confidence level: 100%)
urlhttps://berlinlogo.shop:19095	Antidot botnet C2 (confidence level: 100%)
urlhttps://brakojundi.org:19049	Antidot botnet C2 (confidence level: 100%)
urlhttps://brightmoonjourney.site:16843	Antidot botnet C2 (confidence level: 100%)
urlhttps://cafecitta.com:5036	Antidot botnet C2 (confidence level: 100%)
urlhttps://cdninfrastructure.org:13726	Antidot botnet C2 (confidence level: 100%)
urlhttps://cheapgames.world:4702	Antidot botnet C2 (confidence level: 100%)
urlhttps://datenarraqiloni.shop:3058	Antidot botnet C2 (confidence level: 100%)
urlhttps://duaeshen.org:13404	Antidot botnet C2 (confidence level: 100%)
urlhttps://faraserna.store:15486	Antidot botnet C2 (confidence level: 100%)
urlhttps://getjoot.org:13331	Antidot botnet C2 (confidence level: 100%)
urlhttps://goldencloudmeadow.site:1627	Antidot botnet C2 (confidence level: 100%)
urlhttps://goldenleafdreams.site:10475	Antidot botnet C2 (confidence level: 100%)
urlhttps://gongklaus.com:18683	Antidot botnet C2 (confidence level: 100%)
urlhttps://hiddenforestpath.site:8392	Antidot botnet C2 (confidence level: 100%)
urlhttps://himiltonperg.top:12925	Antidot botnet C2 (confidence level: 100%)
urlhttps://horllleylenassa.store:19786	Antidot botnet C2 (confidence level: 100%)
urlhttps://hyperivorationally.site:9929	Antidot botnet C2 (confidence level: 100%)
urlhttps://illugvinati.co:18637	Antidot botnet C2 (confidence level: 100%)
urlhttps://inoamito.com:19968	Antidot botnet C2 (confidence level: 100%)
urlhttps://ironbigman.com:16143	Antidot botnet C2 (confidence level: 100%)
urlhttps://ishakebanii.online:14620	Antidot botnet C2 (confidence level: 100%)
urlhttps://joctalaquelland.store:5686	Antidot botnet C2 (confidence level: 100%)
urlhttps://jonulimileallil.shop:10070	Antidot botnet C2 (confidence level: 100%)
urlhttps://klaunsingjork.top:4822	Antidot botnet C2 (confidence level: 100%)
urlhttps://klimonturo.org:11044	Antidot botnet C2 (confidence level: 100%)
urlhttps://kurvioslash.org:11734	Antidot botnet C2 (confidence level: 100%)
urlhttps://lionbuffet.info:12876	Antidot botnet C2 (confidence level: 100%)
urlhttps://lotarolimited.org:6572	Antidot botnet C2 (confidence level: 100%)
urlhttps://mediainfrastructure.org:1928	Antidot botnet C2 (confidence level: 100%)
urlhttps://mildatatararthe.store:8781	Antidot botnet C2 (confidence level: 100%)
urlhttps://mindfulyworld.org:6897	Antidot botnet C2 (confidence level: 100%)
urlhttps://mitarrallhecaui.store:7686	Antidot botnet C2 (confidence level: 100%)
urlhttps://monyepeiok.com:1882	Antidot botnet C2 (confidence level: 100%)
urlhttps://netfabricx.org:7320	Antidot botnet C2 (confidence level: 100%)
urlhttps://nodebridge.org:7317	Antidot botnet C2 (confidence level: 100%)
urlhttps://ogdablondan.net:19466	Antidot botnet C2 (confidence level: 100%)
urlhttps://ostagnollaminte.site:13748	Antidot botnet C2 (confidence level: 100%)
urlhttps://pookingboot.top:7279	Antidot botnet C2 (confidence level: 100%)
urlhttps://rafvery.com:9568	Antidot botnet C2 (confidence level: 100%)
urlhttps://rainerciarrylen.site:2196	Antidot botnet C2 (confidence level: 100%)
urlhttps://saveswildlife.org:16769	Antidot botnet C2 (confidence level: 100%)
urlhttps://sayruuq.com:14378	Antidot botnet C2 (confidence level: 100%)
urlhttps://server.elinventbg.org:13641	Antidot botnet C2 (confidence level: 100%)
urlhttps://shadowmoonlight.site:16263	Antidot botnet C2 (confidence level: 100%)
urlhttps://shadowmountainpeak.site:17029	Antidot botnet C2 (confidence level: 100%)
urlhttps://sheapandrun.com:5573	Antidot botnet C2 (confidence level: 100%)
urlhttps://silentforestpath.site:6639	Antidot botnet C2 (confidence level: 100%)
urlhttps://siviroussnake.com:7561	Antidot botnet C2 (confidence level: 100%)
urlhttps://sparinboits.top:6355	Antidot botnet C2 (confidence level: 100%)
urlhttps://storytimewithjosh.org:14114	Antidot botnet C2 (confidence level: 100%)
urlhttps://talakegifren.net:12978	Antidot botnet C2 (confidence level: 100%)
urlhttps://thegreatestjew.org:18983	Antidot botnet C2 (confidence level: 100%)
urlhttps://timeoutbasketball.org:2677	Antidot botnet C2 (confidence level: 100%)
urlhttps://toparmarragusme.shop:15238	Antidot botnet C2 (confidence level: 100%)
urlhttps://torizomazo.org:12699	Antidot botnet C2 (confidence level: 100%)
urlhttps://transivorationally.site:3504	Antidot botnet C2 (confidence level: 100%)
urlhttps://ulmaveylllataon.store:12889	Antidot botnet C2 (confidence level: 100%)
urlhttps://vawneokontilyar.site:1888	Antidot botnet C2 (confidence level: 100%)
urlhttps://vortexiventrically.site:13210	Antidot botnet C2 (confidence level: 100%)
urlhttps://wanderingcloudsong.site:5364	Antidot botnet C2 (confidence level: 100%)
urlhttps://whisperingwindtree.site:7715	Antidot botnet C2 (confidence level: 100%)
urlhttps://wnctesla.org:10194	Antidot botnet C2 (confidence level: 100%)
urlhttps://wonzakerind.com:16643	Antidot botnet C2 (confidence level: 100%)
urlhttps://zadvandersto.best:6536	Antidot botnet C2 (confidence level: 100%)
urlhttps://zaeblietiprocl.store:13761	Antidot botnet C2 (confidence level: 100%)
urlhttp://it-solutions-bayern.com:6431	Remus payload delivery URL (confidence level: 50%)
urlhttp://woodfez.biz:7582	Remus payload delivery URL (confidence level: 50%)
urlhttp://firewai.biz:48261	Remus payload delivery URL (confidence level: 50%)
urlhttps://dip.adasm188.top/	Vidar botnet C2 (confidence level: 100%)
urlhttps://dip.fbvendas.com/	Vidar botnet C2 (confidence level: 100%)
urlhttps://staticcloudflare.pro/api/css.js	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://fearlesshomemaker.com/	Vidar payload delivery URL (confidence level: 75%)

Domain

Value	Description	Copy
domainlinkedco.net	ClearFake payload delivery domain (confidence level: 100%)
domainfinger.linkedco.net	ClearFake payload delivery domain (confidence level: 100%)
domainyujinp.xyz	Unknown malware payload delivery domain (confidence level: 80%)
domainteams.livesweb.us	Unknown malware payload delivery domain (confidence level: 80%)
domainkonizia.com	Unknown malware payload delivery domain (confidence level: 60%)
domainlive05ms.us	Unknown malware payload delivery domain (confidence level: 85%)
domainmsonlive.us	Unknown malware payload delivery domain (confidence level: 85%)
domaineditorfxmedia.com	Unknown malware payload delivery domain (confidence level: 85%)
domaintechevent.us	Unknown malware payload delivery domain (confidence level: 85%)
domainteams.live05ms.us	Unknown malware payload delivery domain (confidence level: 85%)
domainteams.msonlive.us	Unknown malware payload delivery domain (confidence level: 85%)
domainteams.onlivecall.com	Unknown malware payload delivery domain (confidence level: 85%)
domainkernel-control-engine.christmas	ClearFake payload delivery domain (confidence level: 100%)
domainproxy-stream.christmas	ClearFake payload delivery domain (confidence level: 100%)
domainsignal-routing-framework.christmas	ClearFake payload delivery domain (confidence level: 100%)
domainmal.adasm188.top	Vidar botnet C2 domain (confidence level: 100%)
domainmal.fbvendas.com	Vidar botnet C2 domain (confidence level: 100%)
domainbyte-network-hub.christmas	ClearFake payload delivery domain (confidence level: 100%)
domaintelemetrymesh.christmas	ClearFake payload delivery domain (confidence level: 100%)
domainrazor2025.strangled.net	Unknown malware payload delivery domain (confidence level: 80%)
domainruntime-processing-node.christmas	ClearFake payload delivery domain (confidence level: 100%)
domainstack-control-plane.christmas	ClearFake payload delivery domain (confidence level: 100%)
domainmeedeal.com	Unknown malware botnet C2 domain (confidence level: 90%)
domainlasagna-bakingpro.christmas	ClearFake payload delivery domain (confidence level: 100%)
domainsls.in.net	Remcos botnet C2 domain (confidence level: 75%)
domainquantumvelocitylabs.christmas	ClearFake payload delivery domain (confidence level: 100%)
domaincyber-defensepro.christmas	ClearFake payload delivery domain (confidence level: 100%)
domainorbital-mechanics.christmas	ClearFake payload delivery domain (confidence level: 100%)
domainsembla.com.br	StrelaStealer payload delivery domain (confidence level: 100%)
domainhms.xybcaap.my.id	Vidar botnet C2 domain (confidence level: 100%)
domainancientparchmentarchive.christmas	ClearFake payload delivery domain (confidence level: 100%)
domainsmartworkflowmanagement.christmas	ClearFake payload delivery domain (confidence level: 100%)
domainsubterranean-mineral.christmas	ClearFake payload delivery domain (confidence level: 100%)
domainsilkestate.io	Nanocore RAT botnet C2 domain (confidence level: 75%)
domainlinguisticpuzzlesolver.christmas	ClearFake payload delivery domain (confidence level: 100%)
domainadzeta.monster	Unknown malware payload delivery domain (confidence level: 100%)
domainhahletsgoagain.beer	Unknown malware payload delivery domain (confidence level: 100%)
domainneon-cyberpunk.christmas	ClearFake payload delivery domain (confidence level: 100%)
domaintrading-academyexpert.christmas	ClearFake payload delivery domain (confidence level: 100%)
domaina3tf75e7k596x.cfc-execute.bj.baidubce.com	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainfq3gm5xphax8c.cfc-execute.bj.baidubce.com	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainxulnai.com	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainvintagevinylrestoration.christmas	ClearFake payload delivery domain (confidence level: 100%)
domainpixelart-canvas.christmas	ClearFake payload delivery domain (confidence level: 100%)
domainpfo.adasm188.top	Vidar botnet C2 domain (confidence level: 100%)
domainpfo.fbvendas.com	Vidar botnet C2 domain (confidence level: 100%)
domainlogicbufferskills.christmas	ClearFake payload delivery domain (confidence level: 100%)
domainchroniclearchivekeeper.christmas	ClearFake payload delivery domain (confidence level: 100%)
domainchickencutlet-hacks.christmas	ClearFake payload delivery domain (confidence level: 100%)
domainformkey.asia	ClearFake payload delivery domain (confidence level: 100%)
domainunicore.lol	Unknown malware payload delivery domain (confidence level: 100%)
domainjoinunicore.top	Unknown malware payload delivery domain (confidence level: 100%)
domaingenuskox.biz	Remus botnet C2 domain (confidence level: 100%)
domainspamgym.asia	ClearFake payload delivery domain (confidence level: 100%)
domainsoftandtec.com	Remus botnet C2 domain (confidence level: 100%)
domainiotonton.io	Quasar RAT botnet C2 domain (confidence level: 75%)
domainreposboy.asia	ClearFake payload delivery domain (confidence level: 100%)
domainlabdjang.asia	ClearFake payload delivery domain (confidence level: 100%)
domaindip.adasm188.top	Vidar botnet C2 domain (confidence level: 100%)
domaindip.fbvendas.com	Vidar botnet C2 domain (confidence level: 100%)
domainstaticcloudflare.pro	Unknown malware payload delivery domain (confidence level: 100%)
domaincache-orbit.christmas	ClearFake payload delivery domain (confidence level: 100%)
domain789cllub.co	Remcos botnet C2 domain (confidence level: 75%)
domainambt24.nl	Remcos botnet C2 domain (confidence level: 75%)
domainllwin.co.com	Remcos botnet C2 domain (confidence level: 75%)
domainscalpbrothers.nl	Remcos botnet C2 domain (confidence level: 75%)
domainsportsmodelagency.nl	Remcos botnet C2 domain (confidence level: 75%)
domainvakgarageschaap.nl	Remcos botnet C2 domain (confidence level: 75%)
domainvankesseladvocatuur.nl	Remcos botnet C2 domain (confidence level: 75%)
domainweerterveldautos.nl	Remcos botnet C2 domain (confidence level: 75%)
domaingowayofficemee.in.net	Remcos botnet C2 domain (confidence level: 75%)
domainj88t.club	Remcos botnet C2 domain (confidence level: 75%)
domainvirtual-packet-grid.christmas	ClearFake payload delivery domain (confidence level: 100%)
domainnodefabric.christmas	ClearFake payload delivery domain (confidence level: 100%)
domainphase-shiftbridge.christmas	ClearFake payload delivery domain (confidence level: 100%)
domainwww.danafiles.com	Remcos botnet C2 domain (confidence level: 75%)
domainwww.danafilesbackup1.com	Remcos botnet C2 domain (confidence level: 75%)
domainwww.danafilesbackup2.com	Remcos botnet C2 domain (confidence level: 75%)
domainwww.danafilesbackup3.com	Remcos botnet C2 domain (confidence level: 75%)
domaindozie.io	AsyncRAT botnet C2 domain (confidence level: 75%)
domainalgerium.io	Nanocore RAT botnet C2 domain (confidence level: 75%)
domainqinerdime.servehalflife.com	Quasar RAT botnet C2 domain (confidence level: 75%)
domainqinerdime.ydns.eu	Quasar RAT botnet C2 domain (confidence level: 75%)
domainholisticdetective.christmas	ClearFake payload delivery domain (confidence level: 100%)
domainshoplinzspiration.com	StrelaStealer payload delivery domain (confidence level: 100%)
domainsopranos-familytree.christmas	ClearFake payload delivery domain (confidence level: 100%)
domainxenomorphhiveintel.christmas	ClearFake payload delivery domain (confidence level: 100%)
domainsnow-harbor.christmas	ClearFake payload delivery domain (confidence level: 100%)
domaingift-lattice.christmas	ClearFake payload delivery domain (confidence level: 100%)
domainwinter-pulse.christmas	ClearFake payload delivery domain (confidence level: 100%)
domainmstdvyct.gift-lattice.christmas	ClearFake payload delivery domain (confidence level: 100%)
domainmfwhezll.gift-lattice.christmas	ClearFake payload delivery domain (confidence level: 100%)

File

Value	Description	Copy
file123.57.135.130	VShell botnet C2 server (confidence level: 100%)
file170.106.199.68	Cobalt Strike botnet C2 server (confidence level: 100%)
file38.45.125.102	VShell botnet C2 server (confidence level: 100%)
file180.178.160.153	Cobalt Strike botnet C2 server (confidence level: 100%)
file43.173.248.150	Cobalt Strike botnet C2 server (confidence level: 97%)
file158.94.208.64	VShell botnet C2 server (confidence level: 100%)
file161.35.82.152	Kimwolf botnet C2 server (confidence level: 100%)
file209.38.34.201	Kimwolf botnet C2 server (confidence level: 100%)
file62.171.190.148	Havoc botnet C2 server (confidence level: 100%)
file85.155.151.85	Quasar RAT botnet C2 server (confidence level: 100%)
file18.139.222.223	VShell botnet C2 server (confidence level: 100%)
file18.139.222.223	VShell botnet C2 server (confidence level: 100%)
file180.76.242.55	VShell botnet C2 server (confidence level: 100%)
file51.81.101.212	Unknown malware botnet C2 server (confidence level: 100%)
file145.223.69.152	Unknown malware botnet C2 server (confidence level: 100%)
file59.110.81.93	Cobalt Strike botnet C2 server (confidence level: 50%)
file129.204.14.131	Cobalt Strike botnet C2 server (confidence level: 50%)
file172.86.72.240	Cobalt Strike botnet C2 server (confidence level: 50%)
file18.133.255.252	Cobalt Strike botnet C2 server (confidence level: 50%)
file5.101.84.202	Cobalt Strike botnet C2 server (confidence level: 100%)
file180.178.160.215	Cobalt Strike botnet C2 server (confidence level: 100%)
file107.173.38.158	Cobalt Strike botnet C2 server (confidence level: 100%)
file107.173.38.158	Cobalt Strike botnet C2 server (confidence level: 100%)
file206.188.196.227	Unknown malware botnet C2 server (confidence level: 85%)
file216.126.225.129	Unknown malware botnet C2 server (confidence level: 85%)
file216.126.225.129	Unknown malware botnet C2 server (confidence level: 85%)
file143.14.9.56	Unknown malware botnet C2 server (confidence level: 90%)
file151.242.63.220	XWorm botnet C2 server (confidence level: 75%)
file23.236.64.231	Cobalt Strike botnet C2 server (confidence level: 100%)
file202.60.229.22	Cobalt Strike botnet C2 server (confidence level: 100%)
file129.28.26.51	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.236.110.1	Cobalt Strike botnet C2 server (confidence level: 100%)
file193.221.200.161	Cobalt Strike botnet C2 server (confidence level: 100%)
file175.24.175.158	Cobalt Strike botnet C2 server (confidence level: 100%)
file43.173.100.69	Unknown malware botnet C2 server (confidence level: 100%)
file45.154.98.84	AsyncRAT botnet C2 server (confidence level: 100%)
file207.180.250.181	AsyncRAT botnet C2 server (confidence level: 100%)
file39.100.82.149	VShell botnet C2 server (confidence level: 100%)
file145.82.181.218	Xtreme RAT botnet C2 server (confidence level: 75%)
file45.131.3.57	DarkComet botnet C2 server (confidence level: 75%)
file189.150.132.33	DarkComet botnet C2 server (confidence level: 75%)
file151.242.125.187	Dofloo payload delivery server (confidence level: 85%)
file68.134.58.120	Nanocore RAT botnet C2 server (confidence level: 75%)
file176.100.37.216	Unknown malware botnet C2 server (confidence level: 100%)
file147.45.72.199	Sliver botnet C2 server (confidence level: 75%)
file2.27.5.12	SectopRAT botnet C2 server (confidence level: 100%)
file5.188.86.6	SectopRAT botnet C2 server (confidence level: 100%)
file35.220.177.232	Cobalt Strike botnet C2 server (confidence level: 75%)
file46.20.109.225	Cobalt Strike botnet C2 server (confidence level: 75%)
file158.94.173.11	Cobalt Strike botnet C2 server (confidence level: 75%)
file43.138.186.157	Cobalt Strike botnet C2 server (confidence level: 75%)
file123.14.218.45	Mozi botnet C2 server (confidence level: 75%)
file106.14.30.169	Cobalt Strike botnet C2 server (confidence level: 75%)
file118.31.114.149	Cobalt Strike botnet C2 server (confidence level: 75%)
file154.201.68.191	Cobalt Strike botnet C2 server (confidence level: 75%)
file23.106.135.33	Cobalt Strike botnet C2 server (confidence level: 75%)
file23.106.135.33	Cobalt Strike botnet C2 server (confidence level: 75%)
file154.89.149.239	VShell botnet C2 server (confidence level: 100%)
file13.212.52.242	VShell botnet C2 server (confidence level: 100%)
file104.37.174.36	AsyncRAT botnet C2 server (confidence level: 75%)
file104.37.174.36	AsyncRAT botnet C2 server (confidence level: 75%)
file138.9.254.121	Remcos botnet C2 server (confidence level: 75%)
file172.86.123.119	AdaptixC2 botnet C2 server (confidence level: 75%)
file176.119.25.78	AsyncRAT botnet C2 server (confidence level: 75%)
file192.169.7.17	Unknown malware botnet C2 server (confidence level: 75%)
file193.93.194.31	AsyncRAT botnet C2 server (confidence level: 75%)
file31.171.131.118	AsyncRAT botnet C2 server (confidence level: 75%)
file31.171.131.118	AsyncRAT botnet C2 server (confidence level: 75%)
file31.57.184.154	AsyncRAT botnet C2 server (confidence level: 75%)
file45.90.120.36	Unknown malware botnet C2 server (confidence level: 75%)
file46.224.144.82	Unknown malware botnet C2 server (confidence level: 75%)
file54.187.35.128	Unknown malware botnet C2 server (confidence level: 75%)
file88.119.167.143	AdaptixC2 botnet C2 server (confidence level: 75%)
file47.236.110.1	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.236.110.1	Cobalt Strike botnet C2 server (confidence level: 100%)
file156.225.22.84	Cobalt Strike botnet C2 server (confidence level: 100%)
file46.151.182.76	Remcos botnet C2 server (confidence level: 75%)
file180.131.145.97	Cobalt Strike botnet C2 server (confidence level: 75%)
file89.213.118.155	Unknown malware botnet C2 server (confidence level: 100%)
file156.225.22.84	Cobalt Strike botnet C2 server (confidence level: 100%)
file38.146.25.232	AsyncRAT botnet C2 server (confidence level: 100%)
file207.180.250.181	AsyncRAT botnet C2 server (confidence level: 100%)
file207.180.250.181	AsyncRAT botnet C2 server (confidence level: 100%)
file80.211.47.159	Remus botnet C2 server (confidence level: 100%)
file137.184.240.126	Unknown malware botnet C2 server (confidence level: 75%)
file68.183.13.148	Kimwolf botnet C2 server (confidence level: 100%)
file184.82.96.72	Havoc botnet C2 server (confidence level: 100%)
file47.239.50.7	Quasar RAT botnet C2 server (confidence level: 100%)
file110.42.189.163	VShell botnet C2 server (confidence level: 100%)
file161.35.93.156	Kimwolf botnet C2 server (confidence level: 100%)
file31.192.107.180	VShell botnet C2 server (confidence level: 100%)
file192.109.200.183	AsyncRAT botnet C2 server (confidence level: 75%)
file2.59.162.106	Remcos botnet C2 server (confidence level: 75%)
file2.59.162.106	Remcos botnet C2 server (confidence level: 75%)
file2.59.162.106	Remcos botnet C2 server (confidence level: 75%)
file2.59.162.106	Remcos botnet C2 server (confidence level: 75%)
file45.154.98.84	AsyncRAT botnet C2 server (confidence level: 75%)
file45.154.98.84	AsyncRAT botnet C2 server (confidence level: 75%)
file46.29.234.94	Remcos botnet C2 server (confidence level: 75%)
file46.29.234.94	Remcos botnet C2 server (confidence level: 75%)
file5.101.82.98	Remcos botnet C2 server (confidence level: 75%)
file87.251.76.213	AdaptixC2 botnet C2 server (confidence level: 75%)
file88.119.167.142	AdaptixC2 botnet C2 server (confidence level: 75%)

Hash

Value	Description	Copy
hash8888	VShell botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8084	VShell botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 97%)
hash8089	VShell botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash8081	Havoc botnet C2 server (confidence level: 100%)
hash4444	Quasar RAT botnet C2 server (confidence level: 100%)
hash81	VShell botnet C2 server (confidence level: 100%)
hash82	VShell botnet C2 server (confidence level: 100%)
hash8084	VShell botnet C2 server (confidence level: 100%)
hash0759904c16ff6d1f25be53e218f7bb13668a13cf5bd328375bb37941c2c94ab2	Unknown malware payload (confidence level: 75%)
hashd95bb7afd88d684dd99bb0c462fd7e0f81596baa2a2749263c7be4f09b4177ec	Unknown malware payload (confidence level: 75%)
hash0ae0517a518f277c67ae6959e8fb1e75a67ce3c2d1a86af084326f9a6c3c2839	Unknown malware payload (confidence level: 75%)
hashf630d779290a050dbc415863be303b8bb78dbe0bf4ff1ebae5fcbfddeace95b2	Unknown malware payload (confidence level: 75%)
hashd72e75830ccb3a1bb80026081be1b775b3c2b18f91034277a27957a3a4e51632	Unknown malware payload (confidence level: 75%)
hash4e71f0e1b1862492562f7ffada5c1d98e4d9c83cf63cd99636fb7f932d4cb4a7	Unknown malware payload (confidence level: 75%)
hash475a074242f7c58f55fdaa7c2773b1aaf448ce826a8fc98ee76f0dc88eba72b2	Unknown malware payload (confidence level: 75%)
hashd430141b6573335f2eaba7c9dad1729e182432f128c4311a962f77c12d48a82c	Unknown malware payload (confidence level: 75%)
hash2c14abd6082ec4929d7f375f7c264741355e4b28a402c7cf89caac37627e2739	Unknown malware payload (confidence level: 75%)
hashbf1c796dbb2b7d6d3b6820fccd6a5bcd127c0296754680f3f7d067bcca56b1b4	Unknown malware payload (confidence level: 75%)
hashd6aea182e02b91f804b3b80b9e4a754d818c25b5540bfc2f67117d15755dee00	Unknown malware payload (confidence level: 75%)
hash3abe2587ac04cc71fae274401e13cbc6aaa937e4cd76a2c910c2e906bf35988e	Unknown malware payload (confidence level: 75%)
hashb6c95e309ebef7dc253970dec65289cf207ff713594ae33381642f6ac1db27e4	Unknown malware payload (confidence level: 75%)
hasha96edc7a4d5f768974db6100febf6fc7b3628faca3a277e12b3c055ea2707fe6	Unknown malware payload (confidence level: 75%)
hash8a274a2de294dfbc889c5fb4475a1fed986a72eeb75e0f74356bd4f686b69a76	Unknown malware payload (confidence level: 75%)
hashef36aa66e953dfe4a92e1fca37d4a49b481a10f257ea8436b93e3a5738416493	Unknown malware payload (confidence level: 75%)
hash756935b429ab86b428037aaf8d2b4adbb16316472c413730869c1a00a9b0d834	Unknown malware payload (confidence level: 75%)
hashe1c662e5b751306a036fb5de530ca06220ecc6fd2bae8edde3502cbd69222696	Unknown malware payload (confidence level: 75%)
hash2f88f94208b77bb61382494f0c3258e17b28302f7adbe5e3137adadd1504e616	Unknown malware payload (confidence level: 75%)
hash8351db34b7d7f09b7bb38ca3f520f34f48d4cf319ae4629e07a352520e604b78	Unknown malware payload (confidence level: 75%)
hashdc042f848b0cc33903c831e90aae8cdcc0fdaa30c3036e08397ae9df86af7ef8	Unknown malware payload (confidence level: 75%)
hash1234	Unknown malware botnet C2 server (confidence level: 100%)
hash1234	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 50%)
hash44444	Cobalt Strike botnet C2 server (confidence level: 50%)
hash80	Cobalt Strike botnet C2 server (confidence level: 50%)
hash80	Cobalt Strike botnet C2 server (confidence level: 50%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash0fc7aba0497bf6b84fe63cf433f17341fc3629fd76c192108dabfd5b54008b6d	Unknown malware payload (confidence level: 80%)
hash8443	Unknown malware botnet C2 server (confidence level: 85%)
hash8080	Unknown malware botnet C2 server (confidence level: 85%)
hash8443	Unknown malware botnet C2 server (confidence level: 85%)
hash5f4471ee42781ef21b69139e0f68af0954c149a3f1e2bf68daf838b025bb3d16	Unknown malware payload (confidence level: 50%)
hash55802196927754c446ae6bb3596f922b312ab19af8db8270a175c7dcfd286325	Unknown malware payload (confidence level: 50%)
hashb735ba784645811d1a8f965f7094c68465c8bbead033a5f9ef612f1bcfe9d454	Unknown malware payload (confidence level: 50%)
hashc54237095cc681cec78f8291055ee2c5c1260d6aedf781fd6e31116ae0a077ef	Unknown malware payload (confidence level: 50%)
hashf1be89b6f429456d5c653007e7c2d1c7805c86891f0bf2faec71d96904f0e973	Unknown malware payload (confidence level: 50%)
hashda6d18fa9aef1ec337bca6e15675ce0db764c8d67345e8eed55c6c8ddfcf9967	Unknown malware payload (confidence level: 50%)
hash7443	Unknown malware botnet C2 server (confidence level: 90%)
hash98a78797b8a8db6976d8510dc697babfd35892ec6c37aaf5d2b385495aa8d84f	Unknown malware payload (confidence level: 50%)
hashe70e2ca57d3ac6941b419b621cf144d4c3de70dcbaf09446bd3b7d2ead69399f	Unknown malware payload (confidence level: 50%)
hash9985205911ef112161c34c2fd949e5351375f27ee1dce33eaca6e03ef7968537	Unknown malware payload (confidence level: 50%)
hash9860b2cdf23fc044bf7c6715197068b3cf6349f7ffb5e95dfd0229f212c40e63	Unknown malware payload (confidence level: 50%)
hashc21ad347e05405bc23f7efc6022f03951fab7461e7d52661d579a9c651cbf0d2	Unknown malware payload (confidence level: 50%)
hash23e04d32fec762b39dfadc746ee73f22ca83580f30aa8c69fec24afe79f87320	Unknown malware payload (confidence level: 50%)
hash7004	XWorm botnet C2 server (confidence level: 75%)
hash8443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash9000	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888	Unknown malware botnet C2 server (confidence level: 100%)
hash1000	AsyncRAT botnet C2 server (confidence level: 100%)
hash20700	AsyncRAT botnet C2 server (confidence level: 100%)
hash8084	VShell botnet C2 server (confidence level: 100%)
hash11	Xtreme RAT botnet C2 server (confidence level: 75%)
hash1604	DarkComet botnet C2 server (confidence level: 75%)
hash1604	DarkComet botnet C2 server (confidence level: 75%)
hash80	Dofloo payload delivery server (confidence level: 85%)
hash54984	Nanocore RAT botnet C2 server (confidence level: 75%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash31337	Sliver botnet C2 server (confidence level: 75%)
hash9000	SectopRAT botnet C2 server (confidence level: 100%)
hash9000	SectopRAT botnet C2 server (confidence level: 100%)
hash4343	Cobalt Strike botnet C2 server (confidence level: 75%)
hash8999	Cobalt Strike botnet C2 server (confidence level: 75%)
hash12345	Cobalt Strike botnet C2 server (confidence level: 75%)
hash9443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash55442	Mozi botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash4430	Cobalt Strike botnet C2 server (confidence level: 75%)
hash14125	Cobalt Strike botnet C2 server (confidence level: 75%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash18881	VShell botnet C2 server (confidence level: 100%)
hash8084	VShell botnet C2 server (confidence level: 100%)
hash7707	AsyncRAT botnet C2 server (confidence level: 75%)
hash8808	AsyncRAT botnet C2 server (confidence level: 75%)
hash8015	Remcos botnet C2 server (confidence level: 75%)
hash8679	AdaptixC2 botnet C2 server (confidence level: 75%)
hash7707	AsyncRAT botnet C2 server (confidence level: 75%)
hash27443	Unknown malware botnet C2 server (confidence level: 75%)
hash50194	AsyncRAT botnet C2 server (confidence level: 75%)
hash7707	AsyncRAT botnet C2 server (confidence level: 75%)
hash8808	AsyncRAT botnet C2 server (confidence level: 75%)
hash7006	AsyncRAT botnet C2 server (confidence level: 75%)
hash7443	Unknown malware botnet C2 server (confidence level: 75%)
hash7443	Unknown malware botnet C2 server (confidence level: 75%)
hash7443	Unknown malware botnet C2 server (confidence level: 75%)
hash8000	AdaptixC2 botnet C2 server (confidence level: 75%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080	Remcos botnet C2 server (confidence level: 75%)
hash9995	Cobalt Strike botnet C2 server (confidence level: 75%)
hash8443	Unknown malware botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash111	AsyncRAT botnet C2 server (confidence level: 100%)
hash70	AsyncRAT botnet C2 server (confidence level: 100%)
hash7582	Remus botnet C2 server (confidence level: 100%)
hash4e286cd901813a5f80411e417fb5defe25ff9af00706e68509392f6e75cc3908	Satacom payload (confidence level: 100%)
hashf3ef4663e909e2545d25bdd0edc7ba4f88d197760921ca23e7dededf7326aa8e	Satacom payload (confidence level: 100%)
hash9000	Unknown malware botnet C2 server (confidence level: 75%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash443	Quasar RAT botnet C2 server (confidence level: 100%)
hash8084	VShell botnet C2 server (confidence level: 100%)
hash25001	Kimwolf botnet C2 server (confidence level: 100%)
hash7000	VShell botnet C2 server (confidence level: 100%)
hash5566	AsyncRAT botnet C2 server (confidence level: 75%)
hash12639	Remcos botnet C2 server (confidence level: 75%)
hash1298	Remcos botnet C2 server (confidence level: 75%)
hash36125	Remcos botnet C2 server (confidence level: 75%)
hash6698	Remcos botnet C2 server (confidence level: 75%)
hash100	AsyncRAT botnet C2 server (confidence level: 75%)
hash8808	AsyncRAT botnet C2 server (confidence level: 75%)
hash12639	Remcos botnet C2 server (confidence level: 75%)
hash1298	Remcos botnet C2 server (confidence level: 75%)
hash41843	Remcos botnet C2 server (confidence level: 75%)
hash8443	AdaptixC2 botnet C2 server (confidence level: 75%)
hash8000	AdaptixC2 botnet C2 server (confidence level: 75%)

Threat ID: 6a10f16ce1370fbb48691caf

Added to database: 5/23/2026, 12:14:36 AM

Last enriched: 5/23/2026, 12:14:41 AM

Last updated: 5/23/2026, 4:33:24 AM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited

View courses

ThreatFox IOCs for 2026-05-22

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

ThreatFox IOCs for 2026-05-22

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Technical Details

Indicators of Compromise

Url

Domain

File

Hash

Community Reviews

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility

ThreatFox IOCs for 2026-05-22

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

ThreatFox IOCs for 2026-05-22

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Technical Details

Indicators of Compromise

Url

Domain

File

Hash

Community Reviews

Related Threats

Steam game virus?

One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud 'Patriot Bait' Campaign

Maltrail IOC for 2026-05-22

ThreatFox IOCs for 2026-05-21

durabletask (Microsoft's Python Durable Task client) compromised by TeamPCP | same Mini Shai-Hulud payload as last week's TanStack wave

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility