Reconnecting to live updates…

ThreatFox IOCs for 2026-06-18

Severity: mediumType: malware

AI Analysis

Technical Summary

The report provides OSINT-based IOCs associated with malware activity detected on 2026-06-18. It is intended for situational awareness and threat intelligence purposes. The data lacks detailed technical indicators or affected software version information. No active exploitation or patch status is indicated.

Potential Impact

The impact is limited to the presence of malware-related IOCs that could indicate potential malicious network activity or payload delivery attempts. No direct vulnerability or exploit is described, and no known active exploitation is reported.

Mitigation Recommendations

Since no patch or fix is applicable and no active exploitation is known, no specific remediation actions are recommended beyond standard monitoring and threat intelligence integration. Organizations should incorporate these IOCs into their detection systems as appropriate.

Indicators of Compromise

domain: metrics.demobunfiber.top
url: https://trecoshop.com.br/
domain: xeno.lat
domain: luvioros-play.site
url: https://one-confirm.lol/m
file: 45.32.132.194
hash: 80
hash: 3d1d192e9879d33a954ea6e5eb0199cd3cb03622d88f2aebd50074eade956f61
hash: a8fe7ea23ff20fb3ab2bcd122650e0fd0c6f9d384c11570a37290126f5cbef32
url: https://www.dropbox.com/scl/fi/5s7jeh4brmv6zttfswcd3/kkkkkk1.zip?rlkey=rddyt5s55ghjnv6rgtyzyes4p&dl=1
domain: analyticstrack-pzh.click
domain: analyticstrack-api.click
domain: pixel.analyticstrack-pzh.click
url: https://chinarice.asia/
url: https://ambergallery.top/auth/verify-cookie.js
domain: ambergallery.top
url: https://ambergallery.top/auth/status-partial
url: https://ambergallery.top/auth/rate-view.js
url: https://henriqueq.xyz/file.js
domain: henriqueq.xyz
url: https://henriqueq.xyz/api/v1/session
url: https://henriqueq.xyz/api/v1/verify
url: https://henriqueq.xyz/api/v1/status
url: https://one-check.lol/o
domain: one-check.lol
domain: phwy7fn6.betvarzeshkade.online
domain: helabetkade.com
domain: ddbk25ms.helabetkade.com
domain: 59k3ql4x.akhlagvaahkam.xyz
file: 47.95.223.86
hash: 8090
file: 47.95.223.86
hash: 8085
domain: hokm.bet
domain: f8zkjy83.azmoondadrasi.xyz
domain: assiamakki.com
domain: bit-line.com
domain: divastreet.online
domain: klucasphotography.com
domain: lalogomez.com
domain: livelaughfite.com
domain: madhavsamachar.com
domain: mingliu.com.tw
domain: minowi.com
domain: modhypicapk.com
domain: mralfred.com
domain: nabane.com.mx
domain: neatnquick.com
domain: neptunecloudagency.com
domain: oceane-holding.com
domain: okazionealbania.com
domain: panelmienbac.com
domain: prakashengineering.com
domain: qantify.net
domain: resiliencei.com.sg
domain: shivarana.com
domain: siledepartamentos.com
domain: smartevents.asia
domain: sonofar.com
domain: soukhinbaksho.com
domain: sprayart.com
domain: systemlt.site
domain: vd22.net
domain: volunteerskonect.ca
domain: westpointfulfillment.com
domain: www.babapathanjibangali.com
domain: www.certification-india.com
domain: www.dfwhomeoffers.com
domain: www.harwoodtextiles.co.uk
domain: www.koktengri.com
domain: www.professionalexamtutoring.com
domain: www.tembuyser.be
domain: xairpluming.com
domain: yimmunotek.com
domain: irxbetkade.com
domain: acu1ajv0.irxbetkade.com
file: 43.143.7.85
hash: 443
file: 43.143.7.85
hash: 8080
file: 118.193.36.203
hash: 57800
file: 130.94.95.52
hash: 8084
domain: get.harussm188.top
url: https://get.harussm188.top/
file: 109.248.150.234
hash: 443
domain: fg7za1dh.casinobet.casino
file: 106.14.65.169
hash: 1234
file: 84.252.139.94
hash: 443
file: 51.250.100.14
hash: 443
file: 124.223.112.182
hash: 5555
file: 154.12.45.63
hash: 443
file: 130.94.92.169
hash: 80
file: 203.91.76.75
hash: 20000
domain: khalsebet.com
file: 172.96.161.212
hash: 2375
file: 45.184.226.43
hash: 2375
file: 43.110.37.217
hash: 2375
file: 43.156.71.219
hash: 2375
file: 91.209.228.154
hash: 2375
file: 121.43.211.216
hash: 6379
file: 164.68.108.70
hash: 80
file: 168.144.81.184
hash: 80
file: 118.70.231.249
hash: 80
file: 14.103.10.167
hash: 80
file: 84.252.139.94
hash: 80
file: 84.252.139.94
hash: 8080
url: https://167.233.67.224/
url: https://77.42.32.108/
url: https://167.233.133.99/
file: 167.233.67.224
hash: 443
file: 77.42.32.108
hash: 443
file: 167.233.133.99
hash: 443
file: 45.92.1.172
hash: 443
file: 185.241.211.26
hash: 1212
file: 194.26.192.56
hash: 443
file: 158.173.51.22
hash: 443
file: 124.198.132.188
hash: 443
file: 158.173.51.23
hash: 443
file: 157.173.124.50
hash: 443
url: https://madhavsamachar.com/
file: 20.217.83.155
hash: 7000
domain: hostphpwindowsappsconecting.ydns.eu
domain: office-rechnung.life
domain: rechnung-lexware.top
domain: office-rechnung.icu
domain: office-rechnung.top
domain: small-morning-8be0.fsocietyandtools.workers.dev
domain: notificacionesfiscalescol.github.io
domain: 9jdr35y2.kir.bet
url: https://sonofar.com/
url: https://volunteerskonect.ca/
file: 147.124.212.146
hash: 3096
file: 172.245.195.233
hash: 14643
file: 178.16.55.204
hash: 5022
file: 198.23.185.136
hash: 8008
file: 209.99.191.33
hash: 440
url: https://domokitw.lol/downloads
url: https://voltix.gd/app/voltix.zip
file: 31.77.168.220
hash: 3009
file: 31.77.168.220
hash: 3010
file: 35.254.198.45
hash: 80
file: 54.38.94.225
hash: 8884
file: 83.142.209.31
hash: 7829
file: 91.223.208.217
hash: 7443
file: 98.142.241.170
hash: 31337
file: 98.142.241.170
hash: 8443
url: https://siledepartamentos.com/
url: https://qantify.net/
url: https://nabane.com.mx/
domain: codecerification.beer
domain: birdybird.rest
domain: psh.harussm188.top
url: https://psh.harussm188.top/
domain: psh.rzrrent.com
url: https://psh.rzrrent.com/
domain: 022iqw23.bet303.download
url: https://cdn.jsdelivr.net/gh/arinao7/8327ac99-c06c-422f-bd2e-4a80978d52c9/api-45
domain: lnc1c2cf.anodaz.vip
url: https://mingliu.com.tw/
domain: oxidbetkade.online
file: 103.183.119.48
hash: 12560
file: 188.227.14.105
hash: 547
file: 109.100.14.222
hash: 40628
url: https://birdybird.rest/
domain: 5zn1z0hp.dancebetyek.app
domain: wasthereasolutiin.airdns.org
url: https://cedarlanternhub.top/token/private-sandbox.js
domain: cedarlanternhub.top
url: https://cedarlanternhub.top/token/callback-compiler
url: https://cedarlanternhub.top/token/session-json.js
domain: titlereason.xyz
domain: iridla.space
domain: pinbahiskade.com
domain: 8u88xbeq.pinbahiskade.com
file: 116.204.36.177
hash: 8084
file: 102.204.223.106
hash: 4444
url: https://onetime-v.lol/o
domain: onetime-v.lol
url: https://ivorycompass.top/token/callback-compiler
domain: ivorycompass.top
url: https://ivorycompass.top/token/session-json.js
file: 1.14.46.205
hash: 4782
file: 103.112.97.17
hash: 4782
file: 103.112.97.183
hash: 4782
file: 103.112.97.188
hash: 4782
domain: pornbet.bet
file: 103.112.97.64
hash: 4782
url: https://txs.harussm188.top/
domain: txs.harussm188.top
url: https://txs.rzrrent.com/
domain: txs.rzrrent.com
hash: c263ac4338a05f8a8eac1a2eafb0ea4fac59c5c012a59b927c77dd41fd3536bb
hash: 1805bcb1e9a621d73511e366ddc5a55bd96ec869
hash: 48b039c349e726f4f63ccfd141273bbf
hash: 202dd2a2a83208c237fcc87f2a077792b8e66815ce36d1dcd9de32a5f3ebab5b
hash: c7c3d905ed6cc0219417d83c60a708d9b031617a
hash: 3b7ccb4eb2ba5f3156526ec60cc3033b
hash: 48514edff1519f8be0c8a64511bf60ae8f847f90a6ac1381663c53646b77fb48
hash: 92a9fbdb50864fe117ee69511f8fdd21cd905469
hash: 4d976e55c47a5d72a72b90abbebbd137
hash: f35b27b5ef86f0d4ade3752224fe55641ad7c59976dc085cc5109a4008b7ec1b
hash: 4a866e41b9459a77e0217f9eca877650d553ed9f
hash: ba5cfe07a33b3a75955756fe7fc10b96
hash: c669a2e29833f02b28d5506a3922f3bcf2b506472f2f6bc43610b30b6f724467
hash: 1100d79cb233b3dcf0c7a9231ae1d341e99aa7c0
hash: 6ab9e3c6a1819ae3b3943bc745e33a7a
hash: afd4b76a1c8586d6c9ceeeca30bca4a00778b097a957890c5dbafd76ae8bf918
hash: 97cdf92bed154736457cf67ec2a211b8136ed7ea
hash: b403e6dbe08ecd6f86b3d6858d2e4c7c
hash: aa87d302ef084bc37bdd794fb1f7c600fd438e132e5dd8f51865ef475c7b9a43
hash: 5059272f852dcfb4d2f82f4b0836ea1597e10dab
hash: f116f62d9ccaad036dac5a1965c2de82
hash: da7acbc71a87dcd173d1dfc3a82f40ab784d5896756938afbc1dee2cc5dc7dbe
hash: c322b2d4dab977d16b8bb8241a9f186d75dc5e63
hash: 08f7bd68b412087ec63f76150088d813
hash: b19285bcdf3fed2f9bda055d9f61118a616664ee0a6b594f9731ce20cb67daf5
hash: 4bd8ece432c1638d9e0b7e65e4f13483a7ae9870
hash: db133a7ead8a83e3dd1a6b2bc4ee41c7
hash: 9f844a78cc2cd8d8a426f050a3efe319930f723eb10be231de1c1f1600e82127
hash: fceb71b23ead80d609b2523936fe925e6c1fcb24
hash: 52c1005cff76c7c6f4b21a231ad6e130
file: 103.112.97.29
hash: 4782
domain: 4hjech32.helabetkade.com
url: https://cdn.jsdelivr.net/gh/arinao7/6e91d58f-acdf/e62
domain: 2wr0b5x0.jetbetkade.com
url: https://cdn.jsdelivr.net/gh/arinao7/6e91d58f-acdf/key
domain: inv527xk.testpaye.xyz
domain: bou.harussm188.top
url: https://bou.harussm188.top/
domain: bou.rzrrent.com
url: https://bou.rzrrent.com/
file: 107.173.47.148
hash: 14641
file: 102.220.160.217
hash: 8808
file: 102.220.160.222
hash: 2600
file: 107.172.238.13
hash: 14644
file: 107.172.238.14
hash: 14644
file: 115.190.108.6
hash: 54233
file: 141.98.10.150
hash: 14642
file: 141.98.10.150
hash: 14643
file: 141.98.10.150
hash: 14644
file: 141.98.10.150
hash: 14645
file: 147.93.191.75
hash: 5005
file: 162.35.164.249
hash: 12262
file: 176.12.64.118
hash: 8790
file: 209.54.102.152
hash: 14641
file: 209.54.102.152
hash: 14644
file: 209.54.102.152
hash: 14646
file: 23.95.103.214
hash: 6024
file: 31.76.87.105
hash: 8455
file: 38.242.144.218
hash: 4498
file: 45.91.138.95
hash: 9019
file: 64.89.160.127
hash: 8086
file: 77.237.119.204
hash: 4433
domain: updateyourprogram.com
file: 82.146.52.98
hash: 8790
file: 87.76.179.153
hash: 9521
file: 87.76.179.22
hash: 8814
file: 91.124.19.150
hash: 4509
file: 91.92.240.194
hash: 8848
file: 103.83.87.182
hash: 2222
domain: ef1q7686.enfej.win
domain: 1qmi6vxn.hesabdarinoravesh.xyz
domain: lgoanndm.betvarzeshkade.online
domain: io7yo39n.enfejkade.com
file: 115.190.147.66
hash: 63512

ThreatFox IOCs for 2026-06-18

Severity: medium

Type: malware

ThreatFox IOCs for 2026-06-18

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

domain: metrics.demobunfiber.top
url: https://trecoshop.com.br/
domain: xeno.lat
domain: luvioros-play.site
url: https://one-confirm.lol/m
file: 45.32.132.194
hash: 80
hash: 3d1d192e9879d33a954ea6e5eb0199cd3cb03622d88f2aebd50074eade956f61
hash: a8fe7ea23ff20fb3ab2bcd122650e0fd0c6f9d384c11570a37290126f5cbef32
url: https://www.dropbox.com/scl/fi/5s7jeh4brmv6zttfswcd3/kkkkkk1.zip?rlkey=rddyt5s55ghjnv6rgtyzyes4p&dl=1
domain: analyticstrack-pzh.click
domain: analyticstrack-api.click
domain: pixel.analyticstrack-pzh.click
url: https://chinarice.asia/
url: https://ambergallery.top/auth/verify-cookie.js
domain: ambergallery.top
url: https://ambergallery.top/auth/status-partial
url: https://ambergallery.top/auth/rate-view.js
url: https://henriqueq.xyz/file.js
domain: henriqueq.xyz
url: https://henriqueq.xyz/api/v1/session
url: https://henriqueq.xyz/api/v1/verify
url: https://henriqueq.xyz/api/v1/status
url: https://one-check.lol/o
domain: one-check.lol
domain: phwy7fn6.betvarzeshkade.online
domain: helabetkade.com
domain: ddbk25ms.helabetkade.com
domain: 59k3ql4x.akhlagvaahkam.xyz
file: 47.95.223.86
hash: 8090
file: 47.95.223.86
hash: 8085
domain: hokm.bet
domain: f8zkjy83.azmoondadrasi.xyz
domain: assiamakki.com
domain: bit-line.com
domain: divastreet.online
domain: klucasphotography.com
domain: lalogomez.com
domain: livelaughfite.com
domain: madhavsamachar.com
domain: mingliu.com.tw
domain: minowi.com
domain: modhypicapk.com
domain: mralfred.com
domain: nabane.com.mx
domain: neatnquick.com
domain: neptunecloudagency.com
domain: oceane-holding.com
domain: okazionealbania.com
domain: panelmienbac.com
domain: prakashengineering.com
domain: qantify.net
domain: resiliencei.com.sg
domain: shivarana.com
domain: siledepartamentos.com
domain: smartevents.asia
domain: sonofar.com
domain: soukhinbaksho.com
domain: sprayart.com
domain: systemlt.site
domain: vd22.net
domain: volunteerskonect.ca
domain: westpointfulfillment.com
domain: www.babapathanjibangali.com
domain: www.certification-india.com
domain: www.dfwhomeoffers.com
domain: www.harwoodtextiles.co.uk
domain: www.koktengri.com
domain: www.professionalexamtutoring.com
domain: www.tembuyser.be
domain: xairpluming.com
domain: yimmunotek.com
domain: irxbetkade.com
domain: acu1ajv0.irxbetkade.com
file: 43.143.7.85
hash: 443
file: 43.143.7.85
hash: 8080
file: 118.193.36.203
hash: 57800
file: 130.94.95.52
hash: 8084
domain: get.harussm188.top
url: https://get.harussm188.top/
file: 109.248.150.234
hash: 443
domain: fg7za1dh.casinobet.casino
file: 106.14.65.169
hash: 1234
file: 84.252.139.94
hash: 443
file: 51.250.100.14
hash: 443
file: 124.223.112.182
hash: 5555
file: 154.12.45.63
hash: 443
file: 130.94.92.169
hash: 80
file: 203.91.76.75
hash: 20000
domain: khalsebet.com
file: 172.96.161.212
hash: 2375
file: 45.184.226.43
hash: 2375
file: 43.110.37.217
hash: 2375
file: 43.156.71.219
hash: 2375
file: 91.209.228.154
hash: 2375
file: 121.43.211.216
hash: 6379
file: 164.68.108.70
hash: 80
file: 168.144.81.184
hash: 80
file: 118.70.231.249
hash: 80
file: 14.103.10.167
hash: 80
file: 84.252.139.94
hash: 80
file: 84.252.139.94
hash: 8080
url: https://167.233.67.224/
url: https://77.42.32.108/
url: https://167.233.133.99/
file: 167.233.67.224
hash: 443
file: 77.42.32.108
hash: 443
file: 167.233.133.99
hash: 443
file: 45.92.1.172
hash: 443
file: 185.241.211.26
hash: 1212
file: 194.26.192.56
hash: 443
file: 158.173.51.22
hash: 443
file: 124.198.132.188
hash: 443
file: 158.173.51.23
hash: 443
file: 157.173.124.50
hash: 443
url: https://madhavsamachar.com/
file: 20.217.83.155
hash: 7000
domain: hostphpwindowsappsconecting.ydns.eu
domain: office-rechnung.life
domain: rechnung-lexware.top
domain: office-rechnung.icu
domain: office-rechnung.top
domain: small-morning-8be0.fsocietyandtools.workers.dev
domain: notificacionesfiscalescol.github.io
domain: 9jdr35y2.kir.bet
url: https://sonofar.com/
url: https://volunteerskonect.ca/
file: 147.124.212.146
hash: 3096
file: 172.245.195.233
hash: 14643
file: 178.16.55.204
hash: 5022
file: 198.23.185.136
hash: 8008
file: 209.99.191.33
hash: 440
url: https://domokitw.lol/downloads
url: https://voltix.gd/app/voltix.zip
file: 31.77.168.220
hash: 3009
file: 31.77.168.220
hash: 3010
file: 35.254.198.45
hash: 80
file: 54.38.94.225
hash: 8884
file: 83.142.209.31
hash: 7829
file: 91.223.208.217
hash: 7443
file: 98.142.241.170
hash: 31337
file: 98.142.241.170
hash: 8443
url: https://siledepartamentos.com/
url: https://qantify.net/
url: https://nabane.com.mx/
domain: codecerification.beer
domain: birdybird.rest
domain: psh.harussm188.top
url: https://psh.harussm188.top/
domain: psh.rzrrent.com
url: https://psh.rzrrent.com/
domain: 022iqw23.bet303.download
url: https://cdn.jsdelivr.net/gh/arinao7/8327ac99-c06c-422f-bd2e-4a80978d52c9/api-45
domain: lnc1c2cf.anodaz.vip
url: https://mingliu.com.tw/
domain: oxidbetkade.online
file: 103.183.119.48
hash: 12560
file: 188.227.14.105
hash: 547
file: 109.100.14.222
hash: 40628
url: https://birdybird.rest/
domain: 5zn1z0hp.dancebetyek.app
domain: wasthereasolutiin.airdns.org
url: https://cedarlanternhub.top/token/private-sandbox.js
domain: cedarlanternhub.top
url: https://cedarlanternhub.top/token/callback-compiler
url: https://cedarlanternhub.top/token/session-json.js
domain: titlereason.xyz
domain: iridla.space
domain: pinbahiskade.com
domain: 8u88xbeq.pinbahiskade.com
file: 116.204.36.177
hash: 8084
file: 102.204.223.106
hash: 4444
url: https://onetime-v.lol/o
domain: onetime-v.lol
url: https://ivorycompass.top/token/callback-compiler
domain: ivorycompass.top
url: https://ivorycompass.top/token/session-json.js
file: 1.14.46.205
hash: 4782
file: 103.112.97.17
hash: 4782
file: 103.112.97.183
hash: 4782
file: 103.112.97.188
hash: 4782
domain: pornbet.bet
file: 103.112.97.64
hash: 4782
url: https://txs.harussm188.top/
domain: txs.harussm188.top
url: https://txs.rzrrent.com/
domain: txs.rzrrent.com
hash: c263ac4338a05f8a8eac1a2eafb0ea4fac59c5c012a59b927c77dd41fd3536bb
hash: 1805bcb1e9a621d73511e366ddc5a55bd96ec869
hash: 48b039c349e726f4f63ccfd141273bbf
hash: 202dd2a2a83208c237fcc87f2a077792b8e66815ce36d1dcd9de32a5f3ebab5b
hash: c7c3d905ed6cc0219417d83c60a708d9b031617a
hash: 3b7ccb4eb2ba5f3156526ec60cc3033b
hash: 48514edff1519f8be0c8a64511bf60ae8f847f90a6ac1381663c53646b77fb48
hash: 92a9fbdb50864fe117ee69511f8fdd21cd905469
hash: 4d976e55c47a5d72a72b90abbebbd137
hash: f35b27b5ef86f0d4ade3752224fe55641ad7c59976dc085cc5109a4008b7ec1b
hash: 4a866e41b9459a77e0217f9eca877650d553ed9f
hash: ba5cfe07a33b3a75955756fe7fc10b96
hash: c669a2e29833f02b28d5506a3922f3bcf2b506472f2f6bc43610b30b6f724467
hash: 1100d79cb233b3dcf0c7a9231ae1d341e99aa7c0
hash: 6ab9e3c6a1819ae3b3943bc745e33a7a
hash: afd4b76a1c8586d6c9ceeeca30bca4a00778b097a957890c5dbafd76ae8bf918
hash: 97cdf92bed154736457cf67ec2a211b8136ed7ea
hash: b403e6dbe08ecd6f86b3d6858d2e4c7c
hash: aa87d302ef084bc37bdd794fb1f7c600fd438e132e5dd8f51865ef475c7b9a43
hash: 5059272f852dcfb4d2f82f4b0836ea1597e10dab
hash: f116f62d9ccaad036dac5a1965c2de82
hash: da7acbc71a87dcd173d1dfc3a82f40ab784d5896756938afbc1dee2cc5dc7dbe
hash: c322b2d4dab977d16b8bb8241a9f186d75dc5e63
hash: 08f7bd68b412087ec63f76150088d813
hash: b19285bcdf3fed2f9bda055d9f61118a616664ee0a6b594f9731ce20cb67daf5
hash: 4bd8ece432c1638d9e0b7e65e4f13483a7ae9870
hash: db133a7ead8a83e3dd1a6b2bc4ee41c7
hash: 9f844a78cc2cd8d8a426f050a3efe319930f723eb10be231de1c1f1600e82127
hash: fceb71b23ead80d609b2523936fe925e6c1fcb24
hash: 52c1005cff76c7c6f4b21a231ad6e130
file: 103.112.97.29
hash: 4782
domain: 4hjech32.helabetkade.com
url: https://cdn.jsdelivr.net/gh/arinao7/6e91d58f-acdf/e62
domain: 2wr0b5x0.jetbetkade.com
url: https://cdn.jsdelivr.net/gh/arinao7/6e91d58f-acdf/key
domain: inv527xk.testpaye.xyz
domain: bou.harussm188.top
url: https://bou.harussm188.top/
domain: bou.rzrrent.com
url: https://bou.rzrrent.com/
file: 107.173.47.148
hash: 14641
file: 102.220.160.217
hash: 8808
file: 102.220.160.222
hash: 2600
file: 107.172.238.13
hash: 14644
file: 107.172.238.14
hash: 14644
file: 115.190.108.6
hash: 54233
file: 141.98.10.150
hash: 14642
file: 141.98.10.150
hash: 14643
file: 141.98.10.150
hash: 14644
file: 141.98.10.150
hash: 14645
file: 147.93.191.75
hash: 5005
file: 162.35.164.249
hash: 12262
file: 176.12.64.118
hash: 8790
file: 209.54.102.152
hash: 14641
file: 209.54.102.152
hash: 14644
file: 209.54.102.152
hash: 14646
file: 23.95.103.214
hash: 6024
file: 31.76.87.105
hash: 8455
file: 38.242.144.218
hash: 4498
file: 45.91.138.95
hash: 9019
file: 64.89.160.127
hash: 8086
file: 77.237.119.204
hash: 4433
domain: updateyourprogram.com
file: 82.146.52.98
hash: 8790
file: 87.76.179.153
hash: 9521
file: 87.76.179.22
hash: 8814
file: 91.124.19.150
hash: 4509
file: 91.92.240.194
hash: 8848
file: 103.83.87.182
hash: 2222
domain: ef1q7686.enfej.win
domain: 1qmi6vxn.hesabdarinoravesh.xyz
domain: lgoanndm.betvarzeshkade.online
domain: io7yo39n.enfejkade.com
file: 115.190.147.66
hash: 63512

Source: ThreatFox MISP Feed

Published: Thu Jun 18 2026

ThreatFox IOCs for 2026-06-18

Medium

Malwaretype:osint tlp:white

Published: Thu Jun 18 2026 (06/18/2026, 00:00:00 UTC)

Source: ThreatFox MISP Feed

Description

ThreatFox IOCs for 2026-06-18

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 06/19/2026, 00:19:55 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: 6e3abda9-6ab4-4494-88a4-03644fc59254
Original Timestamp: 1781827386

Indicators of Compromise

Domain

Value	Description	Copy
domainmetrics.demobunfiber.top	Amatera botnet C2 domain (confidence level: 100%)
domainxeno.lat	Unknown malware payload delivery domain (confidence level: 100%)
domainluvioros-play.site	Unknown malware payload delivery domain (confidence level: 100%)
domainanalyticstrack-pzh.click	HijackLoader botnet C2 domain (confidence level: 75%)
domainanalyticstrack-api.click	HijackLoader botnet C2 domain (confidence level: 75%)
domainpixel.analyticstrack-pzh.click	HijackLoader botnet C2 domain (confidence level: 75%)
domainambergallery.top	SmartApeSG payload delivery domain (confidence level: 100%)
domainhenriqueq.xyz	KongTuke payload delivery domain (confidence level: 100%)
domainone-check.lol	KongTuke payload delivery domain (confidence level: 100%)
domainphwy7fn6.betvarzeshkade.online	ClearFake payload delivery domain (confidence level: 100%)
domainhelabetkade.com	ClearFake payload delivery domain (confidence level: 100%)
domainddbk25ms.helabetkade.com	ClearFake payload delivery domain (confidence level: 100%)
domain59k3ql4x.akhlagvaahkam.xyz	ClearFake payload delivery domain (confidence level: 100%)
domainhokm.bet	ClearFake payload delivery domain (confidence level: 100%)
domainf8zkjy83.azmoondadrasi.xyz	ClearFake payload delivery domain (confidence level: 100%)
domainassiamakki.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainbit-line.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domaindivastreet.online	Unknown Stealer payload delivery domain (confidence level: 100%)
domainklucasphotography.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainlalogomez.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainlivelaughfite.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainmadhavsamachar.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainmingliu.com.tw	Unknown Stealer payload delivery domain (confidence level: 100%)
domainminowi.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainmodhypicapk.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainmralfred.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainnabane.com.mx	Unknown Stealer payload delivery domain (confidence level: 100%)
domainneatnquick.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainneptunecloudagency.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainoceane-holding.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainokazionealbania.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainpanelmienbac.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainprakashengineering.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainqantify.net	Unknown Stealer payload delivery domain (confidence level: 100%)
domainresiliencei.com.sg	Unknown Stealer payload delivery domain (confidence level: 100%)
domainshivarana.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainsiledepartamentos.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainsmartevents.asia	Unknown Stealer payload delivery domain (confidence level: 100%)
domainsonofar.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainsoukhinbaksho.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainsprayart.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainsystemlt.site	Unknown Stealer payload delivery domain (confidence level: 100%)
domainvd22.net	Unknown Stealer payload delivery domain (confidence level: 100%)
domainvolunteerskonect.ca	Unknown Stealer payload delivery domain (confidence level: 100%)
domainwestpointfulfillment.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainwww.babapathanjibangali.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainwww.certification-india.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainwww.dfwhomeoffers.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainwww.harwoodtextiles.co.uk	Unknown Stealer payload delivery domain (confidence level: 100%)
domainwww.koktengri.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainwww.professionalexamtutoring.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainwww.tembuyser.be	Unknown Stealer payload delivery domain (confidence level: 100%)
domainxairpluming.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainyimmunotek.com	Unknown Stealer payload delivery domain (confidence level: 100%)
domainirxbetkade.com	ClearFake payload delivery domain (confidence level: 100%)
domainacu1ajv0.irxbetkade.com	ClearFake payload delivery domain (confidence level: 100%)
domainget.harussm188.top	Vidar botnet C2 domain (confidence level: 100%)
domainfg7za1dh.casinobet.casino	ClearFake payload delivery domain (confidence level: 100%)
domainkhalsebet.com	ClearFake payload delivery domain (confidence level: 100%)
domainhostphpwindowsappsconecting.ydns.eu	Vjw0rm payload delivery domain (confidence level: 100%)
domainoffice-rechnung.life	PureLogs Stealer payload delivery domain (confidence level: 100%)
domainrechnung-lexware.top	PureLogs Stealer payload delivery domain (confidence level: 100%)
domainoffice-rechnung.icu	PureLogs Stealer payload delivery domain (confidence level: 100%)
domainoffice-rechnung.top	PureLogs Stealer payload delivery domain (confidence level: 100%)
domainsmall-morning-8be0.fsocietyandtools.workers.dev	PureLogs Stealer payload delivery domain (confidence level: 100%)
domainnotificacionesfiscalescol.github.io	Vjw0rm payload delivery domain (confidence level: 100%)
domain9jdr35y2.kir.bet	ClearFake payload delivery domain (confidence level: 100%)
domaincodecerification.beer	Unknown malware payload delivery domain (confidence level: 100%)
domainbirdybird.rest	Unknown malware payload delivery domain (confidence level: 100%)
domainpsh.harussm188.top	Vidar botnet C2 domain (confidence level: 100%)
domainpsh.rzrrent.com	Vidar botnet C2 domain (confidence level: 100%)
domain022iqw23.bet303.download	ClearFake payload delivery domain (confidence level: 100%)
domainlnc1c2cf.anodaz.vip	ClearFake payload delivery domain (confidence level: 100%)
domainoxidbetkade.online	ClearFake payload delivery domain (confidence level: 100%)
domain5zn1z0hp.dancebetyek.app	ClearFake payload delivery domain (confidence level: 100%)
domainwasthereasolutiin.airdns.org	Remcos botnet C2 domain (confidence level: 75%)
domaincedarlanternhub.top	SmartApeSG payload delivery domain (confidence level: 100%)
domaintitlereason.xyz	Unknown Loader botnet C2 domain (confidence level: 100%)
domainiridla.space	Unknown malware payload delivery domain (confidence level: 100%)
domainpinbahiskade.com	ClearFake payload delivery domain (confidence level: 100%)
domain8u88xbeq.pinbahiskade.com	ClearFake payload delivery domain (confidence level: 100%)
domainonetime-v.lol	KongTuke payload delivery domain (confidence level: 100%)
domainivorycompass.top	SmartApeSG payload delivery domain (confidence level: 100%)
domainpornbet.bet	ClearFake payload delivery domain (confidence level: 100%)
domaintxs.harussm188.top	Vidar botnet C2 domain (confidence level: 75%)
domaintxs.rzrrent.com	Vidar botnet C2 domain (confidence level: 75%)
domain4hjech32.helabetkade.com	ClearFake payload delivery domain (confidence level: 100%)
domain2wr0b5x0.jetbetkade.com	ClearFake payload delivery domain (confidence level: 100%)
domaininv527xk.testpaye.xyz	ClearFake payload delivery domain (confidence level: 100%)
domainbou.harussm188.top	Vidar botnet C2 domain (confidence level: 100%)
domainbou.rzrrent.com	Vidar botnet C2 domain (confidence level: 100%)
domainupdateyourprogram.com	Unknown malware payload delivery domain (confidence level: 100%)
domainef1q7686.enfej.win	ClearFake payload delivery domain (confidence level: 100%)
domain1qmi6vxn.hesabdarinoravesh.xyz	ClearFake payload delivery domain (confidence level: 100%)
domainlgoanndm.betvarzeshkade.online	ClearFake payload delivery domain (confidence level: 100%)
domainio7yo39n.enfejkade.com	ClearFake payload delivery domain (confidence level: 100%)

Url

Value	Description	Copy
urlhttps://trecoshop.com.br/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://one-confirm.lol/m	Unknown malware botnet C2 (confidence level: 75%)
urlhttps://www.dropbox.com/scl/fi/5s7jeh4brmv6zttfswcd3/kkkkkk1.zip?rlkey=rddyt5s55ghjnv6rgtyzyes4p&dl=1	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://chinarice.asia/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://ambergallery.top/auth/verify-cookie.js	SmartApeSG payload delivery URL (confidence level: 100%)
urlhttps://ambergallery.top/auth/status-partial	SmartApeSG payload delivery URL (confidence level: 100%)
urlhttps://ambergallery.top/auth/rate-view.js	SmartApeSG payload delivery URL (confidence level: 100%)
urlhttps://henriqueq.xyz/file.js	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://henriqueq.xyz/api/v1/session	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://henriqueq.xyz/api/v1/verify	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://henriqueq.xyz/api/v1/status	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://one-check.lol/o	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://get.harussm188.top/	Vidar botnet C2 (confidence level: 100%)
urlhttps://167.233.67.224/	Vidar botnet C2 (confidence level: 100%)
urlhttps://77.42.32.108/	Vidar botnet C2 (confidence level: 100%)
urlhttps://167.233.133.99/	Vidar botnet C2 (confidence level: 100%)
urlhttps://madhavsamachar.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://sonofar.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://volunteerskonect.ca/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://domokitw.lol/downloads	Unknown Stealer payload delivery URL (confidence level: 50%)
urlhttps://voltix.gd/app/voltix.zip	Unknown Stealer payload delivery URL (confidence level: 50%)
urlhttps://siledepartamentos.com/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://qantify.net/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://nabane.com.mx/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://psh.harussm188.top/	Vidar botnet C2 (confidence level: 100%)
urlhttps://psh.rzrrent.com/	Vidar botnet C2 (confidence level: 100%)
urlhttps://cdn.jsdelivr.net/gh/arinao7/8327ac99-c06c-422f-bd2e-4a80978d52c9/api-45	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://mingliu.com.tw/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://birdybird.rest/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://cedarlanternhub.top/token/private-sandbox.js	SmartApeSG payload delivery URL (confidence level: 100%)
urlhttps://cedarlanternhub.top/token/callback-compiler	SmartApeSG payload delivery URL (confidence level: 100%)
urlhttps://cedarlanternhub.top/token/session-json.js	SmartApeSG payload delivery URL (confidence level: 100%)
urlhttps://onetime-v.lol/o	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://ivorycompass.top/token/callback-compiler	SmartApeSG payload delivery URL (confidence level: 100%)
urlhttps://ivorycompass.top/token/session-json.js	SmartApeSG payload delivery URL (confidence level: 100%)
urlhttps://txs.harussm188.top/	Vidar botnet C2 (confidence level: 75%)
urlhttps://txs.rzrrent.com/	Vidar botnet C2 (confidence level: 75%)
urlhttps://cdn.jsdelivr.net/gh/arinao7/6e91d58f-acdf/e62	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://cdn.jsdelivr.net/gh/arinao7/6e91d58f-acdf/key	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://bou.harussm188.top/	Vidar botnet C2 (confidence level: 100%)
urlhttps://bou.rzrrent.com/	Vidar botnet C2 (confidence level: 100%)

File

Value	Description	Copy
file45.32.132.194	Unknown malware botnet C2 server (confidence level: 75%)
file47.95.223.86	VShell botnet C2 server (confidence level: 100%)
file47.95.223.86	VShell botnet C2 server (confidence level: 100%)
file43.143.7.85	Unknown malware botnet C2 server (confidence level: 100%)
file43.143.7.85	Unknown malware botnet C2 server (confidence level: 100%)
file118.193.36.203	VShell botnet C2 server (confidence level: 100%)
file130.94.95.52	VShell botnet C2 server (confidence level: 100%)
file109.248.150.234	XWorm botnet C2 server (confidence level: 75%)
file106.14.65.169	Cobalt Strike botnet C2 server (confidence level: 100%)
file84.252.139.94	Cobalt Strike botnet C2 server (confidence level: 100%)
file51.250.100.14	Cobalt Strike botnet C2 server (confidence level: 100%)
file124.223.112.182	Cobalt Strike botnet C2 server (confidence level: 100%)
file154.12.45.63	Cobalt Strike botnet C2 server (confidence level: 100%)
file130.94.92.169	VShell botnet C2 server (confidence level: 100%)
file203.91.76.75	VShell botnet C2 server (confidence level: 100%)
file172.96.161.212	XMRIG payload delivery server (confidence level: 80%)
file45.184.226.43	XMRIG payload delivery server (confidence level: 80%)
file43.110.37.217	XMRIG payload delivery server (confidence level: 80%)
file43.156.71.219	XMRIG payload delivery server (confidence level: 80%)
file91.209.228.154	XMRIG payload delivery server (confidence level: 80%)
file121.43.211.216	XMRIG payload delivery server (confidence level: 80%)
file164.68.108.70	RedTail payload delivery server (confidence level: 80%)
file168.144.81.184	RedTail payload delivery server (confidence level: 80%)
file118.70.231.249	RedTail payload delivery server (confidence level: 80%)
file14.103.10.167	RedTail payload delivery server (confidence level: 80%)
file84.252.139.94	Cobalt Strike botnet C2 server (confidence level: 100%)
file84.252.139.94	Cobalt Strike botnet C2 server (confidence level: 100%)
file167.233.67.224	Vidar botnet C2 server (confidence level: 100%)
file77.42.32.108	Vidar botnet C2 server (confidence level: 100%)
file167.233.133.99	Vidar botnet C2 server (confidence level: 100%)
file45.92.1.172	Vjw0rm payload delivery server (confidence level: 100%)
file185.241.211.26	Vjw0rm botnet C2 server (confidence level: 100%)
file194.26.192.56	Vjw0rm payload delivery server (confidence level: 100%)
file158.173.51.22	Vjw0rm payload delivery server (confidence level: 100%)
file124.198.132.188	Vjw0rm payload delivery server (confidence level: 100%)
file158.173.51.23	Vjw0rm payload delivery server (confidence level: 100%)
file157.173.124.50	Vjw0rm payload delivery server (confidence level: 100%)
file20.217.83.155	Quasar RAT botnet C2 server (confidence level: 100%)
file147.124.212.146	AsyncRAT botnet C2 server (confidence level: 75%)
file172.245.195.233	Remcos botnet C2 server (confidence level: 75%)
file178.16.55.204	DCRat botnet C2 server (confidence level: 75%)
file198.23.185.136	AsyncRAT botnet C2 server (confidence level: 75%)
file209.99.191.33	AdaptixC2 botnet C2 server (confidence level: 75%)
file31.77.168.220	AsyncRAT botnet C2 server (confidence level: 75%)
file31.77.168.220	AsyncRAT botnet C2 server (confidence level: 75%)
file35.254.198.45	AsyncRAT botnet C2 server (confidence level: 75%)
file54.38.94.225	Eye Pyramid botnet C2 server (confidence level: 75%)
file83.142.209.31	AsyncRAT botnet C2 server (confidence level: 75%)
file91.223.208.217	Unknown malware botnet C2 server (confidence level: 75%)
file98.142.241.170	Sliver botnet C2 server (confidence level: 75%)
file98.142.241.170	Sliver botnet C2 server (confidence level: 75%)
file103.183.119.48	Mirai payload delivery server (confidence level: 100%)
file188.227.14.105	Cobalt Strike botnet C2 server (confidence level: 75%)
file109.100.14.222	Mirai payload delivery server (confidence level: 75%)
file116.204.36.177	VShell botnet C2 server (confidence level: 100%)
file102.204.223.106	VShell botnet C2 server (confidence level: 100%)
file1.14.46.205	Quasar RAT botnet C2 server (confidence level: 100%)
file103.112.97.17	Quasar RAT botnet C2 server (confidence level: 100%)
file103.112.97.183	Quasar RAT botnet C2 server (confidence level: 100%)
file103.112.97.188	Quasar RAT botnet C2 server (confidence level: 100%)
file103.112.97.64	Quasar RAT botnet C2 server (confidence level: 100%)
file103.112.97.29	Quasar RAT botnet C2 server (confidence level: 100%)
file107.173.47.148	Remcos botnet C2 server (confidence level: 75%)
file102.220.160.217	AsyncRAT botnet C2 server (confidence level: 75%)
file102.220.160.222	AsyncRAT botnet C2 server (confidence level: 75%)
file107.172.238.13	Remcos botnet C2 server (confidence level: 75%)
file107.172.238.14	Remcos botnet C2 server (confidence level: 75%)
file115.190.108.6	PoshC2 botnet C2 server (confidence level: 75%)
file141.98.10.150	Remcos botnet C2 server (confidence level: 75%)
file141.98.10.150	Remcos botnet C2 server (confidence level: 75%)
file141.98.10.150	Remcos botnet C2 server (confidence level: 75%)
file141.98.10.150	Remcos botnet C2 server (confidence level: 75%)
file147.93.191.75	AsyncRAT botnet C2 server (confidence level: 75%)
file162.35.164.249	AsyncRAT botnet C2 server (confidence level: 75%)
file176.12.64.118	BianLian botnet C2 server (confidence level: 75%)
file209.54.102.152	Remcos botnet C2 server (confidence level: 75%)
file209.54.102.152	Remcos botnet C2 server (confidence level: 75%)
file209.54.102.152	Remcos botnet C2 server (confidence level: 75%)
file23.95.103.214	AsyncRAT botnet C2 server (confidence level: 75%)
file31.76.87.105	Remcos botnet C2 server (confidence level: 75%)
file38.242.144.218	AsyncRAT botnet C2 server (confidence level: 75%)
file45.91.138.95	Remcos botnet C2 server (confidence level: 75%)
file64.89.160.127	AsyncRAT botnet C2 server (confidence level: 75%)
file77.237.119.204	DanaBot botnet C2 server (confidence level: 75%)
file82.146.52.98	BianLian botnet C2 server (confidence level: 75%)
file87.76.179.153	Remcos botnet C2 server (confidence level: 75%)
file87.76.179.22	Remcos botnet C2 server (confidence level: 75%)
file91.124.19.150	Remcos botnet C2 server (confidence level: 75%)
file91.92.240.194	DCRat botnet C2 server (confidence level: 75%)
file103.83.87.182	XWorm botnet C2 server (confidence level: 75%)
file115.190.147.66	Cobalt Strike botnet C2 server (confidence level: 75%)

Hash

Value	Description	Copy
hash80	Unknown malware botnet C2 server (confidence level: 75%)
hash3d1d192e9879d33a954ea6e5eb0199cd3cb03622d88f2aebd50074eade956f61	Unknown malware payload (confidence level: 75%)
hasha8fe7ea23ff20fb3ab2bcd122650e0fd0c6f9d384c11570a37290126f5cbef32	Unknown malware payload (confidence level: 75%)
hash8090	VShell botnet C2 server (confidence level: 100%)
hash8085	VShell botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash8080	Unknown malware botnet C2 server (confidence level: 100%)
hash57800	VShell botnet C2 server (confidence level: 100%)
hash8084	VShell botnet C2 server (confidence level: 100%)
hash443	XWorm botnet C2 server (confidence level: 75%)
hash1234	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash5555	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	VShell botnet C2 server (confidence level: 100%)
hash20000	VShell botnet C2 server (confidence level: 100%)
hash2375	XMRIG payload delivery server (confidence level: 80%)
hash2375	XMRIG payload delivery server (confidence level: 80%)
hash2375	XMRIG payload delivery server (confidence level: 80%)
hash2375	XMRIG payload delivery server (confidence level: 80%)
hash2375	XMRIG payload delivery server (confidence level: 80%)
hash6379	XMRIG payload delivery server (confidence level: 80%)
hash80	RedTail payload delivery server (confidence level: 80%)
hash80	RedTail payload delivery server (confidence level: 80%)
hash80	RedTail payload delivery server (confidence level: 80%)
hash80	RedTail payload delivery server (confidence level: 80%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vjw0rm payload delivery server (confidence level: 100%)
hash1212	Vjw0rm botnet C2 server (confidence level: 100%)
hash443	Vjw0rm payload delivery server (confidence level: 100%)
hash443	Vjw0rm payload delivery server (confidence level: 100%)
hash443	Vjw0rm payload delivery server (confidence level: 100%)
hash443	Vjw0rm payload delivery server (confidence level: 100%)
hash443	Vjw0rm payload delivery server (confidence level: 100%)
hash7000	Quasar RAT botnet C2 server (confidence level: 100%)
hash3096	AsyncRAT botnet C2 server (confidence level: 75%)
hash14643	Remcos botnet C2 server (confidence level: 75%)
hash5022	DCRat botnet C2 server (confidence level: 75%)
hash8008	AsyncRAT botnet C2 server (confidence level: 75%)
hash440	AdaptixC2 botnet C2 server (confidence level: 75%)
hash3009	AsyncRAT botnet C2 server (confidence level: 75%)
hash3010	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	AsyncRAT botnet C2 server (confidence level: 75%)
hash8884	Eye Pyramid botnet C2 server (confidence level: 75%)
hash7829	AsyncRAT botnet C2 server (confidence level: 75%)
hash7443	Unknown malware botnet C2 server (confidence level: 75%)
hash31337	Sliver botnet C2 server (confidence level: 75%)
hash8443	Sliver botnet C2 server (confidence level: 75%)
hash12560	Mirai payload delivery server (confidence level: 100%)
hash547	Cobalt Strike botnet C2 server (confidence level: 75%)
hash40628	Mirai payload delivery server (confidence level: 75%)
hash8084	VShell botnet C2 server (confidence level: 100%)
hash4444	VShell botnet C2 server (confidence level: 100%)
hash4782	Quasar RAT botnet C2 server (confidence level: 100%)
hash4782	Quasar RAT botnet C2 server (confidence level: 100%)
hash4782	Quasar RAT botnet C2 server (confidence level: 100%)
hash4782	Quasar RAT botnet C2 server (confidence level: 100%)
hash4782	Quasar RAT botnet C2 server (confidence level: 100%)
hashc263ac4338a05f8a8eac1a2eafb0ea4fac59c5c012a59b927c77dd41fd3536bb	Phantom Stealer payload (confidence level: 95%)
hash1805bcb1e9a621d73511e366ddc5a55bd96ec869	Phantom Stealer payload (confidence level: 95%)
hash48b039c349e726f4f63ccfd141273bbf	Phantom Stealer payload (confidence level: 95%)
hash202dd2a2a83208c237fcc87f2a077792b8e66815ce36d1dcd9de32a5f3ebab5b	Nanocore RAT payload (confidence level: 95%)
hashc7c3d905ed6cc0219417d83c60a708d9b031617a	Nanocore RAT payload (confidence level: 95%)
hash3b7ccb4eb2ba5f3156526ec60cc3033b	Nanocore RAT payload (confidence level: 95%)
hash48514edff1519f8be0c8a64511bf60ae8f847f90a6ac1381663c53646b77fb48	Luca Stealer payload (confidence level: 95%)
hash92a9fbdb50864fe117ee69511f8fdd21cd905469	Luca Stealer payload (confidence level: 95%)
hash4d976e55c47a5d72a72b90abbebbd137	Luca Stealer payload (confidence level: 95%)
hashf35b27b5ef86f0d4ade3752224fe55641ad7c59976dc085cc5109a4008b7ec1b	WannaCryptor payload (confidence level: 95%)
hash4a866e41b9459a77e0217f9eca877650d553ed9f	WannaCryptor payload (confidence level: 95%)
hashba5cfe07a33b3a75955756fe7fc10b96	WannaCryptor payload (confidence level: 95%)
hashc669a2e29833f02b28d5506a3922f3bcf2b506472f2f6bc43610b30b6f724467	Luca Stealer payload (confidence level: 95%)
hash1100d79cb233b3dcf0c7a9231ae1d341e99aa7c0	Luca Stealer payload (confidence level: 95%)
hash6ab9e3c6a1819ae3b3943bc745e33a7a	Luca Stealer payload (confidence level: 95%)
hashafd4b76a1c8586d6c9ceeeca30bca4a00778b097a957890c5dbafd76ae8bf918	NjRAT payload (confidence level: 95%)
hash97cdf92bed154736457cf67ec2a211b8136ed7ea	NjRAT payload (confidence level: 95%)
hashb403e6dbe08ecd6f86b3d6858d2e4c7c	NjRAT payload (confidence level: 95%)
hashaa87d302ef084bc37bdd794fb1f7c600fd438e132e5dd8f51865ef475c7b9a43	DarkTortilla payload (confidence level: 95%)
hash5059272f852dcfb4d2f82f4b0836ea1597e10dab	DarkTortilla payload (confidence level: 95%)
hashf116f62d9ccaad036dac5a1965c2de82	DarkTortilla payload (confidence level: 95%)
hashda7acbc71a87dcd173d1dfc3a82f40ab784d5896756938afbc1dee2cc5dc7dbe	Luca Stealer payload (confidence level: 95%)
hashc322b2d4dab977d16b8bb8241a9f186d75dc5e63	Luca Stealer payload (confidence level: 95%)
hash08f7bd68b412087ec63f76150088d813	Luca Stealer payload (confidence level: 95%)
hashb19285bcdf3fed2f9bda055d9f61118a616664ee0a6b594f9731ce20cb67daf5	WannaCryptor payload (confidence level: 95%)
hash4bd8ece432c1638d9e0b7e65e4f13483a7ae9870	WannaCryptor payload (confidence level: 95%)
hashdb133a7ead8a83e3dd1a6b2bc4ee41c7	WannaCryptor payload (confidence level: 95%)
hash9f844a78cc2cd8d8a426f050a3efe319930f723eb10be231de1c1f1600e82127	CrossRAT payload (confidence level: 95%)
hashfceb71b23ead80d609b2523936fe925e6c1fcb24	CrossRAT payload (confidence level: 95%)
hash52c1005cff76c7c6f4b21a231ad6e130	CrossRAT payload (confidence level: 95%)
hash4782	Quasar RAT botnet C2 server (confidence level: 100%)
hash14641	Remcos botnet C2 server (confidence level: 75%)
hash8808	AsyncRAT botnet C2 server (confidence level: 75%)
hash2600	AsyncRAT botnet C2 server (confidence level: 75%)
hash14644	Remcos botnet C2 server (confidence level: 75%)
hash14644	Remcos botnet C2 server (confidence level: 75%)
hash54233	PoshC2 botnet C2 server (confidence level: 75%)
hash14642	Remcos botnet C2 server (confidence level: 75%)
hash14643	Remcos botnet C2 server (confidence level: 75%)
hash14644	Remcos botnet C2 server (confidence level: 75%)
hash14645	Remcos botnet C2 server (confidence level: 75%)
hash5005	AsyncRAT botnet C2 server (confidence level: 75%)
hash12262	AsyncRAT botnet C2 server (confidence level: 75%)
hash8790	BianLian botnet C2 server (confidence level: 75%)
hash14641	Remcos botnet C2 server (confidence level: 75%)
hash14644	Remcos botnet C2 server (confidence level: 75%)
hash14646	Remcos botnet C2 server (confidence level: 75%)
hash6024	AsyncRAT botnet C2 server (confidence level: 75%)
hash8455	Remcos botnet C2 server (confidence level: 75%)
hash4498	AsyncRAT botnet C2 server (confidence level: 75%)
hash9019	Remcos botnet C2 server (confidence level: 75%)
hash8086	AsyncRAT botnet C2 server (confidence level: 75%)
hash4433	DanaBot botnet C2 server (confidence level: 75%)
hash8790	BianLian botnet C2 server (confidence level: 75%)
hash9521	Remcos botnet C2 server (confidence level: 75%)
hash8814	Remcos botnet C2 server (confidence level: 75%)
hash4509	Remcos botnet C2 server (confidence level: 75%)
hash8848	DCRat botnet C2 server (confidence level: 75%)
hash2222	XWorm botnet C2 server (confidence level: 75%)
hash63512	Cobalt Strike botnet C2 server (confidence level: 75%)

Threat ID: 6a348b27f198dc38c1c92a17

Added to database: 6/19/2026, 12:19:51 AM

Last enriched: 6/19/2026, 12:19:55 AM

Last updated: 6/19/2026, 5:41:54 AM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited

View courses

ThreatFox IOCs for 2026-06-18

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

ThreatFox IOCs for 2026-06-18

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Technical Details

Indicators of Compromise

Domain

Url

File

Hash

Community Reviews

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility

ThreatFox IOCs for 2026-06-18

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

ThreatFox IOCs for 2026-06-18

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Technical Details

Indicators of Compromise

Domain

Url

File

Hash

Community Reviews

Related Threats

Operation Endgame vs. SocGholish Fake Updates

Okendo Reviews Supply Chain Attack

Twitter Feed - nextronresearch - 17-06-2026

Threat Actors Abuse claude.ai Shared Chat for ClickFix Malvertising Campaign

May 2026 Infostealer Trend Report

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility