ThreatFox IOC Database

You are browsing the Indicator Of Compromise (IOC) database of ThreatFox. If you would like to contribute IOCs to the corpuse, you can do so through either the web form or the API.

1'266

IOCs shared (past 24 hours)

AsyncRAT

Most seen malware family (past 24 hours)

1'558'140

IOCs in corpus

Using the form below, you can search for malware samples by a hash (MD5, SHA256, SHA1), imphash, tlsh hash, ClamAV signature, tag or malware family.

Browse Database

Search syntax is as follow: keyword:search_term

Following is a list of accepted keywords along with an example search_term

ioc:ms-debug-services.com ( run)
malware:CobaltStrike ( run)
tag:TA505 ( run)
threat_type:cc_skimming ( run)
uuid:87f310f3-540b-11eb-922c-42010aa4000a ( run)

Date (UTC)	IOC	Malware	Tags	Reporter
2025-12-13 04:27	soft.hi8hmu1berry.ru	ClearFake	ClearFake	threatcat_ch
2025-12-13 04:18	a0a.hi8hmu1berry.ru	ClearFake	ClearFake	threatcat_ch
2025-12-13 04:08	h819.hi8hmu1berry.ru	ClearFake	ClearFake	threatcat_ch
2025-12-13 04:01	43.163.201.222:443	Unknown malware	AS132203 c2 censys ClickFix first-stage TENCENT-NET-AP-CN	DonPasci
2025-12-13 04:01	178.210.92.124:443	Unknown malware	AS48287 c2 censys ClickFix first-stage RU-CENTER	DonPasci
2025-12-13 04:01	216.92.153.103:80	Unknown malware	AS7859 c2 censys ClickFix first-stage PAIR-NETWORKS	DonPasci
2025-12-13 04:01	103.177.46.46:3790	Meterpreter	AS58580 c2 censys FASTRACK hacktool MetaSploit Meterpreter	DonPasci
2025-12-13 04:01	103.177.46.123:3790	Meterpreter	AS58580 c2 censys FASTRACK hacktool MetaSploit Meterpreter	DonPasci
2025-12-13 04:01	103.177.46.59:3790	Meterpreter	AS58580 c2 censys FASTRACK hacktool MetaSploit Meterpreter	DonPasci
2025-12-13 04:01	103.177.46.69:3790	Meterpreter	AS58580 c2 censys FASTRACK hacktool MetaSploit Meterpreter	DonPasci
2025-12-13 04:01	103.177.46.65:3790	Meterpreter	AS58580 c2 censys FASTRACK hacktool MetaSploit Meterpreter	DonPasci
2025-12-13 04:01	103.177.46.70:3790	Meterpreter	AS58580 c2 censys FASTRACK hacktool MetaSploit Meterpreter	DonPasci
2025-12-13 04:01	103.177.46.79:3790	Meterpreter	AS58580 c2 censys FASTRACK hacktool MetaSploit Meterpreter	DonPasci
2025-12-13 04:01	103.177.46.48:3790	Meterpreter	AS58580 c2 censys FASTRACK hacktool MetaSploit Meterpreter	DonPasci
2025-12-13 04:01	103.177.46.66:3790	Meterpreter	AS58580 c2 censys FASTRACK hacktool MetaSploit Meterpreter	DonPasci
2025-12-13 04:01	103.177.46.56:3790	Meterpreter	AS58580 c2 censys FASTRACK hacktool MetaSploit Meterpreter	DonPasci
2025-12-13 04:01	103.177.46.89:3790	Meterpreter	AS58580 c2 censys FASTRACK hacktool MetaSploit Meterpreter	DonPasci
2025-12-13 04:01	103.177.46.43:3790	Meterpreter	AS58580 c2 censys FASTRACK hacktool MetaSploit Meterpreter	DonPasci
2025-12-13 04:01	103.177.46.42:3790	Meterpreter	AS58580 c2 censys FASTRACK hacktool MetaSploit Meterpreter	DonPasci
2025-12-13 04:01	103.177.46.45:3790	Meterpreter	AS58580 c2 censys FASTRACK hacktool MetaSploit Meterpreter	DonPasci
2025-12-13 04:00	80.66.72.158:80	Hook	AS215540 c2 censys GCS-AS HookBot	DonPasci
2025-12-13 04:00	62.60.158.9:80	Hook	AEZA-AS AS210644 c2 censys HookBot	DonPasci
2025-12-13 04:00	41.142.94.71:8808	AsyncRAT	AS36903 asyncrat c2 censys MT-MPLS RAT	DonPasci
2025-12-13 04:00	107.189.24.49:2404	Remcos	AS14956 c2 censys RAT remcos ROUTERHOSTING	DonPasci
2025-12-13 04:00	172.111.139.186:2405	Remcos	AS212238 c2 CDNEXT censys RAT remcos	DonPasci
2025-12-13 04:00	106.53.0.150:443	Latrodectus	AS45090 c2 censys Latrodectus TENCENT-NET-AP	DonPasci
2025-12-13 03:58	nx.hi8hmu1berry.ru	ClearFake	ClearFake	threatcat_ch
2025-12-13 03:42	i5xu.sc2ntrepid2t.ru	ClearFake	ClearFake	threatcat_ch
2025-12-13 03:38	flare.sc2ntrepid2t.ru	ClearFake	ClearFake	threatcat_ch
2025-12-13 03:28	iyp61.sc2ntrepid2t.ru	ClearFake	ClearFake	threatcat_ch
2025-12-13 03:17	deep.sc2ntrepid2t.ru	ClearFake	ClearFake	threatcat_ch
2025-12-13 03:07	w10ok.f1ercen1ivin.ru	ClearFake	ClearFake	threatcat_ch
2025-12-13 02:57	yxvgh.f1ercen1ivin.ru	ClearFake	ClearFake	threatcat_ch
2025-12-13 02:49	156.234.216.161:8712	Cobalt Strike	CobaltStrike drb-ra	abuse_ch
2025-12-13 02:47	champ.f1ercen1ivin.ru	ClearFake	ClearFake	threatcat_ch
2025-12-13 02:36	zh8qj.f1ercen1ivin.ru	ClearFake	ClearFake	threatcat_ch
2025-12-13 02:28	fh9.f0undst2rve.ru	ClearFake	ClearFake	threatcat_ch
2025-12-13 02:17	blood.f0undst2rve.ru	ClearFake	ClearFake	threatcat_ch
2025-12-13 02:07	8y.f0undst2rve.ru	ClearFake	ClearFake	threatcat_ch
2025-12-13 01:57	dsav5.f0undst2rve.ru	ClearFake	ClearFake	threatcat_ch
2025-12-13 01:47	crest.p2rabpr0nos.ru	ClearFake	ClearFake	threatcat_ch
2025-12-13 01:37	book.p2rabpr0nos.ru	ClearFake	ClearFake	threatcat_ch
2025-12-13 01:27	di.p2rabpr0nos.ru	ClearFake	ClearFake	threatcat_ch
2025-12-13 01:17	dz4y1.p2rabpr0nos.ru	ClearFake	ClearFake	threatcat_ch
2025-12-13 01:07	lqd.champm2loma1.ru	ClearFake	ClearFake	threatcat_ch
2025-12-13 01:00	45.133.180.154:6677	XWorm	XWorm	abuse_ch
2025-12-13 00:55	wy1.champm2loma1.ru	ClearFake	ClearFake	threatcat_ch
2025-12-13 00:48	ocean.champm2loma1.ru	ClearFake	ClearFake	threatcat_ch
2025-12-13 00:38	shadow.champm2loma1.ru	ClearFake	ClearFake	threatcat_ch
2025-12-13 00:27	z6.neur0l5uptn.ru	ClearFake	ClearFake	threatcat_ch
2025-12-13 00:17	bridge.neur0l5uptn.ru	ClearFake	ClearFake	threatcat_ch
2025-12-13 00:07	light.neur0l5uptn.ru	ClearFake	ClearFake	threatcat_ch
2025-12-13 00:05	93.127.143.43:443	Unknown malware	AS401479 c2 censys ClickFix DBM-ASN-KC first-stage	DonPasci
2025-12-13 00:05	13.212.0.221:80	Unknown malware	AMAZON-02 AS16509 c2 censys ClickFix first-stage	DonPasci
2025-12-13 00:05	37.77.107.49:443	Unknown malware	AS9123 c2 censys ClickFix first-stage TIMEWEB-AS	DonPasci
2025-12-13 00:04	72.62.60.228:8080	Empire Downloader	AS-HOSTINGER AS47583 c2 censys StarKillerC2	DonPasci
2025-12-13 00:04	54.145.191.161:623	Meterpreter	AMAZON-AES AS14618 c2 censys hacktool MetaSploit Meterpreter	DonPasci
2025-12-13 00:04	103.231.174.35:6443	AdaptixC2	AdaptixC2 AS45753 c2 censys NETSEC-HK	DonPasci
2025-12-13 00:04	3.226.247.149:8000	MimiKatz	AMAZON-AES AS14618 c2 censys hacktool Mimikatz open-dir	DonPasci
2025-12-12 23:57	yzmbi.neur0l5uptn.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 23:47	storm.c0nju8maraf.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 23:36	wild.c0nju8maraf.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 23:22	guard.c0nju8maraf.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 23:17	trace.c0nju8maraf.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 23:07	spark.f1fthudde7.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 22:57	jtp4r.f1fthudde7.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 22:47	ember.f1fthudde7.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 22:37	2ic.f1fthudde7.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 22:29	neuro.b0okca7niv.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 22:19	byte.b0okca7niv.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 22:07	zeq3.b0okca7niv.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 21:57	mint.b0okca7niv.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 21:47	sabr6.b1o0dmanneq.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 21:44	epfe.b1o0dmanneq.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 21:37	p8.b1o0dmanneq.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 21:30	http://towerbingobongoboom.com:8080/updater?for=81D1B730207B50BC16231686B723B33F	Unknown malware	GoProxy	abuse_ch
2025-12-12 21:28	field.b1o0dmanneq.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 21:25	m9dbmhskb.localto.net	XWorm	XWorm	abuse_ch
2025-12-12 21:17	q1.interk2ts2v.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 21:15	80.211.137.34:4230	XWorm	XWorm	abuse_ch
2025-12-12 21:07	bbpa.interk2ts2v.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 20:58	dndhub.xyz	ClearFake	ClickFix PureHVNC	threatcat_ch
2025-12-12 20:57	vdf.interk2ts2v.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 20:47	core.interk2ts2v.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 20:38	3w.sh0rtwe5ter.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 20:27	z4l.sh0rtwe5ter.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 20:17	lq.sh0rtwe5ter.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 20:07	yl90o.sh0rtwe5ter.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 20:03	162.215.130.152:443	Unknown malware	AS46606 c2 censys ClickFix first-stage UNIFIEDLAYER-AS-1	DonPasci
2025-12-12 20:03	78.40.218.123:80	Unknown malware	AS9123 c2 censys ClickFix first-stage TIMEWEB-AS	DonPasci
2025-12-12 20:03	72.62.60.228:443	Empire Downloader	AS-HOSTINGER AS47583 c2 censys PowershellEmpire	DonPasci
2025-12-12 20:03	54.82.226.86:80	Meterpreter	AMAZON-AES AS14618 c2 censys hacktool MetaSploit Meterpreter	DonPasci
2025-12-12 20:03	54.82.226.86:2380	Meterpreter	AMAZON-AES AS14618 c2 censys hacktool MetaSploit Meterpreter	DonPasci
2025-12-12 20:03	54.82.226.86:8880	Meterpreter	AMAZON-AES AS14618 c2 censys hacktool MetaSploit Meterpreter	DonPasci
2025-12-12 20:03	34.238.116.93:1317	Meterpreter	AMAZON-AES AS14618 c2 censys hacktool MetaSploit Meterpreter	DonPasci
2025-12-12 20:03	199.101.111.188:3790	Meterpreter	AS58580 c2 censys FASTRACK hacktool MetaSploit Meterpreter	DonPasci
2025-12-12 20:03	199.101.111.205:3790	Meterpreter	AS58580 c2 censys FASTRACK hacktool MetaSploit Meterpreter	DonPasci
2025-12-12 20:03	89.58.41.159:443	MimiKatz	AS197540 c2 censys hacktool Mimikatz NETCUP-AS open-dir	DonPasci
2025-12-12 20:03	89.58.41.159:80	MimiKatz	AS197540 c2 censys hacktool Mimikatz NETCUP-AS open-dir	DonPasci
2025-12-12 20:03	fpt.dfp.abdullah-sharif.com	Havoc	AS-VULTR AS20473 c2 censys Havoc	DonPasci
2025-12-12 20:03	arabsea.testingweblink.com	Havoc	AS14061 c2 censys DIGITALOCEAN-ASN Havoc	DonPasci
2025-12-12 20:03	adfs.abdullah-sharif.com	Havoc	AS-VULTR AS20473 c2 censys Havoc	DonPasci
2025-12-12 20:02	1.52.28.182:443	Quasar RAT	AS18403 c2 censys FPT-AS-AP quasar RAT	DonPasci
2025-12-12 20:02	83.136.254.247:443	Sliver	AS202053 c2 censys sliver UPCLOUD	DonPasci
2025-12-12 20:02	186.169.56.216:2404	Remcos	AS3816 c2 censys COLOMBIA RAT remcos	DonPasci
2025-12-12 20:02	158.94.210.63:9090	Remcos	AS214943 c2 censys RAILNET RAT remcos	DonPasci
2025-12-12 20:02	31.97.76.25:30303	Remcos	AS-HOSTINGER AS47583 c2 censys RAT remcos	DonPasci
2025-12-12 20:02	38.246.245.82:80	Cobalt Strike	AS979 c2 censys CobaltStrike cs-watermark-426352781 NETLAB-SDN	DonPasci
2025-12-12 20:02	39.104.81.39:8080	Cobalt Strike	ALIBABA-CN-NET AS37963 c2 censys CobaltStrike cs-watermark-666666666	DonPasci
2025-12-12 20:02	47.92.196.59:80	Cobalt Strike	ALIBABA-CN-NET AS37963 c2 censys CobaltStrike cs-watermark-666666666	DonPasci
2025-12-12 20:02	43.255.30.4:443	Cobalt Strike	AS133199 c2 censys CobaltStrike cs-watermark-666666666 SONDERCLOUDLIMITED-AS-AP	DonPasci
2025-12-12 20:02	156.234.252.86:8712	Cobalt Strike	AS138415 c2 censys CobaltStrike cs-watermark-987654321 YANCYLIMITED-AS-HK	DonPasci
2025-12-12 20:02	156.234.101.173:8712	Cobalt Strike	AS138415 c2 censys CobaltStrike cs-watermark-987654321 YANCYLIMITED-AS-HK	DonPasci
2025-12-12 20:02	156.234.145.34:8712	Cobalt Strike	AS138415 c2 censys CobaltStrike cs-watermark-987654321 YANCYLIMITED-AS-HK	DonPasci
2025-12-12 20:02	119.91.141.52:31303	Cobalt Strike	AS45090 c2 censys CobaltStrike cs-watermark-987654321 TENCENT-NET-AP	DonPasci
2025-12-12 20:02	156.234.216.171:8712	Cobalt Strike	AS138415 c2 censys CobaltStrike cs-watermark-987654321 YANCYLIMITED-AS-HK	DonPasci
2025-12-12 20:02	156.234.252.66:8712	Cobalt Strike	AS138415 c2 censys CobaltStrike cs-watermark-987654321 YANCYLIMITED-AS-HK	DonPasci
2025-12-12 20:02	156.234.145.35:8712	Cobalt Strike	AS138415 c2 censys CobaltStrike cs-watermark-987654321 YANCYLIMITED-AS-HK	DonPasci
2025-12-12 20:02	195.177.94.233:443	Cobalt Strike	AS214961 c2 censys CobaltStrike cs-watermark-987654321 STELLARGROUPSAS	DonPasci
2025-12-12 20:02	156.234.145.45:8712	Cobalt Strike	AS138415 c2 censys CobaltStrike cs-watermark-987654321 YANCYLIMITED-AS-HK	DonPasci
2025-12-12 19:57	short.n0uvpu7itan.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 19:47	6xy2.n0uvpu7itan.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 19:35	fdvfr.n0uvpu7itan.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 19:27	hill.n0uvpu7itan.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 19:17	dur71.pr2ctsu7v.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 19:07	flame.pr2ctsu7v.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 18:54	157.230.131.89:8001	Aisuru	AISURU	abuse_ch
2025-12-12 18:54	167.172.56.254:8001	Aisuru	AISURU	abuse_ch
2025-12-12 18:54	167.99.207.16:8001	Aisuru	AISURU	abuse_ch
2025-12-12 18:54	165.22.156.232:8001	Aisuru	AISURU	abuse_ch
2025-12-12 18:54	143.110.168.110:8001	Aisuru	AISURU	abuse_ch
2025-12-12 18:54	192.241.141.249:8001	Aisuru	AISURU	abuse_ch
2025-12-12 18:54	147.182.138.189:8001	Aisuru	AISURU	abuse_ch
2025-12-12 18:54	206.189.66.166:8001	Aisuru	AISURU	abuse_ch
2025-12-12 18:54	64.227.55.187:8001	Aisuru	AISURU	abuse_ch
2025-12-12 18:52	beta.pr2ctsu7v.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 18:47	31.220.89.71:8080	DeimosC2	Deimos drb-ra	abuse_ch
2025-12-12 18:46	k5i.pr2ctsu7v.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 18:46	184.174.32.240:7443	Unknown malware	drb-ra Mythic	abuse_ch
2025-12-12 18:44	136.0.157.158:7707	AsyncRAT	asyncrat drb-ra RAT	abuse_ch
2025-12-12 18:43	109.145.252.9:2222	QakBot	drb-ra QakBot qbot Quakbot	abuse_ch
2025-12-12 18:38	165.227.234.4:8001	Aisuru	AISURU	abuse_ch
2025-12-12 18:38	omega.1nju5tred.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 18:35	80.211.137.34:3413	XWorm	XWorm	abuse_ch
2025-12-12 18:27	6t5.1nju5tred.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 18:17	river.1nju5tred.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 18:07	au.1nju5tred.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 18:02	sodendick-39162.portmap.host	Quasar RAT	c2 domain quasar RAT triage	DonPasci
2025-12-12 18:02	1.tcp.clar.io	XWorm	c2 domain triage XWorm	DonPasci
2025-12-12 18:02	2.56.165.27:9111	XWorm	AS204914 c2 triage XWorm	DonPasci
2025-12-12 18:02	8.tcp.clar.top	XWorm	c2 domain triage XWorm	DonPasci
2025-12-12 18:02	entire-so.gl.at.ply.gg	XWorm	c2 domain triage XWorm	DonPasci
2025-12-12 18:02	dad9idois-44752.portmap.host	XWorm	c2 domain triage XWorm	DonPasci
2025-12-12 17:58	xk8.adm1rep1ay.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 17:48	hdbg.adm1rep1ay.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 17:34	sdsu.adm1rep1ay.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 17:28	2vv6.adm1rep1ay.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 17:17	inter.co0perport5.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 17:07	wind.co0perport5.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 17:05	leqdger.click	ClearFake	ClearFake ClickFix	threatcat_ch
2025-12-12 16:57	8cu.co0perport5.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 16:54	124.220.231.155:443	Cobalt Strike	CobaltStrike drb-ra	abuse_ch
2025-12-12 16:52	9vq0tzgx64793.cfc-execute.bj.baidubce.com	Cobalt Strike	CobaltStrike drb-ra	abuse_ch
2025-12-12 16:47	i6.co0perport5.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 16:43	138.68.136.84:8001	Aisuru	AISURU	abuse_ch
2025-12-12 16:38	1tza.starl1tewave.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 16:36	91.92.243.254:80	Loki Password Stealer (PWS)	LokiBot ViriBack	abuse_ch
2025-12-12 16:27	188.166.181.135:8001	Aisuru	AISURU	abuse_ch
2025-12-12 16:27	164.90.203.98:8001	Aisuru	AISURU	abuse_ch
2025-12-12 16:27	139.59.78.96:8001	Aisuru	AISURU	abuse_ch
2025-12-12 16:27	209.97.182.186:8001	Aisuru	AISURU	abuse_ch
2025-12-12 16:27	139.59.125.228:8001	Aisuru	AISURU	abuse_ch
2025-12-12 16:27	143.110.188.80:8001	Aisuru	AISURU	abuse_ch
2025-12-12 16:27	157.245.146.209:8001	Aisuru	AISURU	abuse_ch
2025-12-12 16:27	139.59.39.130:8001	Aisuru	AISURU	abuse_ch
2025-12-12 16:27	206.189.127.228:8001	Aisuru	AISURU	abuse_ch
2025-12-12 16:27	68.183.176.122:8001	Aisuru	AISURU	abuse_ch
2025-12-12 16:27	mouc.starl1tewave.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 16:24	http://77.105.161.133	Stealc	Stealc	amznemu
2025-12-12 16:24	intercttp.xyz	Unknown malware	c2	burger
2025-12-12 16:24	italy-divine.gl.at.ply.gg	XWorm	XWorm	amznemu
2025-12-12 16:24	147.185.221.31:63171	XWorm	XWorm	amznemu
2025-12-12 16:24	185.91.127.175:1330	XWorm	XWorm	amznemu
2025-12-12 16:24	content-v2-verisoiu.icu	Stealc	Stealc	amznemu
2025-12-12 16:24	joyeriatauro.com	Stealc	Stealc	amznemu
2025-12-12 16:21	208.123.119.235:8443	Mirai	Mirai	abuse_ch
2025-12-12 16:21	216.189.145.14:8443	Mirai	Mirai	abuse_ch
2025-12-12 16:21	208.123.119.236:8443	Mirai	Mirai	abuse_ch
2025-12-12 16:21	208.123.119.198:8443	Mirai	Mirai	abuse_ch
2025-12-12 16:18	alpha.starl1tewave.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 16:07	z9s.starl1tewave.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 16:04	18.140.146.3:80	Unknown malware	AMAZON-02 AS16509 c2 censys ClickFix first-stage	DonPasci
2025-12-12 16:04	144.22.251.16:443	Unknown malware	AS31898 c2 censys ClickFix first-stage ORACLE-BMC-31898	DonPasci
2025-12-12 16:04	98.93.225.126:20547	Meterpreter	AMAZON-AES AS14618 c2 censys hacktool MetaSploit Meterpreter	DonPasci
2025-12-12 16:04	100.31.160.236:53695	Meterpreter	AMAZON-AES AS14618 c2 censys hacktool MetaSploit Meterpreter	DonPasci
2025-12-12 16:04	52.91.221.78:771	Meterpreter	AMAZON-AES AS14618 c2 censys hacktool MetaSploit Meterpreter	DonPasci
2025-12-12 16:04	199.101.111.96:3790	Meterpreter	AS58580 c2 censys FASTRACK hacktool MetaSploit Meterpreter	DonPasci
2025-12-12 16:04	52.91.221.78:21	Meterpreter	AMAZON-AES AS14618 c2 censys hacktool MetaSploit Meterpreter	DonPasci
2025-12-12 16:03	62.60.135.119:9000	SectopRAT	AS208137 c2 censys FPS12 RAT sectop	DonPasci
2025-12-12 16:02	212.64.215.198:4444	DarkComet	AS197450 c2 censys darkcomet RAT SUNUCUN	DonPasci
2025-12-12 16:02	204.77.130.20:80	Cobalt Strike	AS139880 c2 censys CobaltStrike cs-watermark-666666666 OWGELS-AS-AP	DonPasci
2025-12-12 16:02	8.134.55.194:443	Cobalt Strike	ALIBABA-CN-NET AS37963 c2 censys CobaltStrike cs-watermark-391144938	DonPasci
2025-12-12 15:58	peak.nightl1ne.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 15:55	134.209.89.14:8001	Aisuru	AISURU	abuse_ch
2025-12-12 15:55	178.128.2.44:8001	Aisuru	AISURU	abuse_ch
2025-12-12 15:54	165.22.136.66:8001	Aisuru	AISURU	abuse_ch
2025-12-12 15:48	zj3m0.nightl1ne.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 15:39	206.189.198.144:8001	Aisuru	AISURU	abuse_ch
2025-12-12 15:39	142.93.135.82:8001	Aisuru	AISURU	abuse_ch
2025-12-12 15:39	159.65.205.44:8001	Aisuru	AISURU	abuse_ch
2025-12-12 15:39	68.183.6.51:8001	Aisuru	AISURU	abuse_ch
2025-12-12 15:39	167.172.205.144:8001	Aisuru	AISURU	abuse_ch
2025-12-12 15:39	157.245.180.129:8001	Aisuru	AISURU	abuse_ch
2025-12-12 15:39	134.209.27.68:8001	Aisuru	AISURU	abuse_ch
2025-12-12 15:37	branch.nightl1ne.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 15:35	45.141.215.133:4444	XenoRAT	XenoRAT	abuse_ch
2025-12-12 15:28	uqdz.nightl1ne.ru	ClearFake	ClearFake	Anonymous
2025-12-12 15:21	clear.brightgate.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 15:11	t84g.brightgate.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 15:08	174.138.7.252:8001	Aisuru	AISURU	abuse_ch
2025-12-12 15:08	142.93.254.14:8001	Aisuru	AISURU	abuse_ch
2025-12-12 15:08	206.189.5.192:8001	Aisuru	AISURU	abuse_ch
2025-12-12 15:08	64.227.93.213:8001	Aisuru	AISURU	abuse_ch
2025-12-12 15:08	i3o.brightgate.ru	ClearFake	ClearFake	Anonymous
2025-12-12 15:08	159.65.85.62:8001	Aisuru	AISURU	abuse_ch
2025-12-12 15:08	188.166.23.66:8001	Aisuru	AISURU	abuse_ch
2025-12-12 15:08	147.182.216.151:8001	Aisuru	AISURU	abuse_ch
2025-12-12 15:08	104.131.168.18:8001	Aisuru	AISURU	abuse_ch
2025-12-12 15:08	167.172.60.110:8001	Aisuru	AISURU	abuse_ch
2025-12-12 15:08	165.22.47.134:8001	Aisuru	AISURU	abuse_ch
2025-12-12 14:57	oput.brightgate.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 14:52	178.62.204.148:8001	Aisuru	AISURU	abuse_ch
2025-12-12 14:52	134.209.204.135:8001	Aisuru	AISURU	abuse_ch
2025-12-12 14:52	134.209.91.203:8001	Aisuru	AISURU	abuse_ch
2025-12-12 14:52	157.245.123.120:8001	Aisuru	AISURU	abuse_ch
2025-12-12 14:52	165.227.28.253:8001	Aisuru	AISURU	abuse_ch
2025-12-12 14:52	143.110.132.186:8001	Aisuru	AISURU	abuse_ch
2025-12-12 14:52	165.227.65.246:8001	Aisuru	AISURU	abuse_ch
2025-12-12 14:52	161.35.152.74:8001	Aisuru	AISURU	abuse_ch
2025-12-12 14:52	68.183.155.83:8001	Aisuru	AISURU	abuse_ch
2025-12-12 14:52	165.22.117.74:8001	Aisuru	AISURU	abuse_ch
2025-12-12 14:41	hcg.cloudreach.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 14:37	ihokolkasdiemh.com	Latrodectus	c2 censys domain Latrodectus	DonPasci
2025-12-12 14:36	aniradodokloiure.com	Latrodectus	c2 censys domain Latrodectus	DonPasci
2025-12-12 14:34	jiontrusdergaseol.com	Latrodectus	c2 censys domain Latrodectus	DonPasci
2025-12-12 14:34	gastroikoliojauiol.com	Latrodectus	c2 censys domain Latrodectus	DonPasci
2025-12-12 14:30	http://91.92.243.254/kelly/five/fre.php	Loki Password Stealer (PWS)	Loki	abuse_ch
2025-12-12 14:29	https://evanderupdate.com/	Unknown malware	ClickFix	CarsonWilliams
2025-12-12 14:29	https://code.hybclient.com/	Unknown malware	ClickFix	CarsonWilliams
2025-12-12 14:29	http://178.17.59.88/api/NTEsN2QsN2UsNTgsNWIsNjAsNjIsNjcsYyw3OSw=	SmartLoader	SmartLoader	tcains1
2025-12-12 14:29	138.226.236.29:443	Vidar	c2 ip Vidar	burger
2025-12-12 14:29	https://138.226.236.29/	Vidar	c2 URL Vidar	burger
2025-12-12 14:29	kevincheat.com	Unknown Stealer		burger
2025-12-12 14:29	buradakimvar.xyz	Unknown Stealer	c2 stealer	burger
2025-12-12 14:19	https://18plus.tiktok.market.google.b44brha.top/	Unknown malware		juroots
2025-12-12 14:19	https://18plus.tiktok.market.google.101uu6.top/	Unknown malware		juroots
2025-12-12 14:19	https://18plus.tiktok.market.google.pinklotusfoundation.online/	Unknown malware		juroots
2025-12-12 14:19	https://18plus.tiktok.market.google.cuocsong.store/	Unknown malware		juroots
2025-12-12 14:19	https://poidx.777md.xyz/	Unknown malware		juroots
2025-12-12 14:19	https://18plus.tiktok.market.google.2049uu.top/	Unknown malware		juroots
2025-12-12 14:19	https://18plus.tiktok.market.google.totti911-aakk04.store/	Unknown malware		juroots
2025-12-12 14:19	https://18plus.tiktok.market.google.976uu9.top/	Unknown malware		juroots
2025-12-12 14:19	https://googleplaycr.pages.dev/	Unknown malware		juroots
2025-12-12 14:19	https://play-app.huami123.online/	Unknown malware		juroots
2025-12-12 14:19	https://18plus.tiktok.market.google.luxelockssalon.shop/	Unknown malware		juroots
2025-12-12 14:19	https://ucd.ru.com/MSteamss/teams/Windows/invite.php	Unknown malware		juroots
2025-12-12 14:19	https://blvas.online/Zoooom/Windows/invite.php	Unknown malware		juroots
2025-12-12 14:19	https://prominencecleaners.com/excell/Windows/invite.php	Unknown malware		juroots
2025-12-12 14:19	https://com-a2gamepromotwo-eg--112a2-com---ad.pages.dev/	Unknown malware		juroots
2025-12-12 14:19	https://mart.delipack.shop/	Unknown malware		juroots
2025-12-12 14:19	https://zoomteammeeting.im/Windows/invite.php	Unknown malware		juroots
2025-12-12 14:19	https://teaminvitemeeting.im/Windows/invite.php	Unknown malware		juroots
2025-12-12 14:19	https://2z1alloom2.click/zoom/Windows/invite.php	Unknown malware		juroots
2025-12-12 14:19	https://zoommeetingsetup.vip/webzu0sju/Windows/invite.php	Unknown malware		juroots
2025-12-12 14:19	https://chandhandicrafts.com/MicrosoftTeam/teamsfinal/teams/Windows/invite.php	Unknown malware		juroots
2025-12-12 14:19	https://institutoalfrednobel.edu.mx/meet/567/Windows/invite.php	Unknown malware		juroots
2025-12-12 14:08	s9ps.cloudreach.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 13:57	tp.cloudreach.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 13:50	cwci.oceandrift.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 13:46	ic7y.oceandrift.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 13:37	gsv54.oceandrift.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 13:28	gamma.oceandrift.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 13:17	7yyu6.snowcrest.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 13:15	38.49.210.241:22100	PureLogs Stealer	PureLogsStealer	abuse_ch
2025-12-12 13:08	zwo.snowcrest.ru	ClearFake	ClearFake	Anonymous
2025-12-12 12:57	vz.snowcrest.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 12:55	cacodsq.click	Lumma Stealer	c2 domain Lumma stealer	DonPasci
2025-12-12 12:53	raisinc.cyou	Lumma Stealer	c2 domain Lumma stealer	DonPasci
2025-12-12 12:53	genustt.cyou	Lumma Stealer	c2 domain Lumma stealer	DonPasci
2025-12-12 12:53	servilg.click	Lumma Stealer	c2 domain Lumma stealer	DonPasci
2025-12-12 12:53	fixedwr.click	Lumma Stealer	c2 domain Lumma stealer	DonPasci
2025-12-12 12:53	dhulhxu.click	Lumma Stealer	c2 domain Lumma stealer	DonPasci
2025-12-12 12:51	151.241.100.116:2700	AsyncRAT	AS215703 asyncrat c2 FREAKHOSTING RAT	DonPasci
2025-12-12 12:47	night.snowcrest.ru	ClearFake	ClearFake	Anonymous
2025-12-12 12:44	162.251.123.238:5353	XWorm	AS64236 c2 UNREAL-SERVERS XWorm	DonPasci
2025-12-12 12:44	166.88.185.88:8000	XWorm	AS400212 c2 VERGETEL-GROUP-LLC XWorm	DonPasci
2025-12-12 12:44	177.136.203.81:7050	XWorm	AS262415 c2 OPEN XWorm	DonPasci
2025-12-12 12:44	208.91.189.160:6922	XWorm	1GSERVERS AS14315 c2 XWorm	DonPasci
2025-12-12 12:43	45.141.26.243:6000	XWorm	AS142299 c2 CLOUDFORESTCOLTD-AS-AP XWorm	DonPasci
2025-12-12 12:37	wind.mounta1npath.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 12:27	nh60c.mounta1npath.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 12:25	asirojointofucks.com	Latrodectus	c2 censys domain Latrodectus	DonPasci
2025-12-12 12:19	neurolattice.com	Matanbuchus	c2 domain matanbuchus VirusTotal	DonPasci
2025-12-12 12:18	core.mounta1npath.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 12:07	s9i01.mounta1npath.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 12:05	162.215.130.152:80	Unknown malware	AS46606 c2 censys ClickFix first-stage UNIFIEDLAYER-AS-1	DonPasci
2025-12-12 12:05	213.35.114.163:8888	Meterpreter	AS31898 c2 censys hacktool MetaSploit Meterpreter ORACLE-BMC-31898	DonPasci
2025-12-12 12:05	34.227.242.206:33070	Meterpreter	AMAZON-AES AS14618 c2 censys hacktool MetaSploit Meterpreter	DonPasci
2025-12-12 12:04	185.208.156.159:5555	Unknown malware	Albiriox Android AS42624 censys SWISSNETWORK02	DonPasci
2025-12-12 12:03	217.60.249.161:9000	SectopRAT	AS56971 c2 censys RAT sectop	DonPasci
2025-12-12 12:03	213.176.79.226:9000	SectopRAT	AS215826 c2 censys PARTNER-HOSTING-LTD RAT sectop	DonPasci
2025-12-12 12:03	45.156.87.240:777	AsyncRAT	AS51396 asyncrat c2 censys PFCLOUD RAT	DonPasci
2025-12-12 12:02	190.255.86.132:5060	Remcos	AS3816 c2 censys COLOMBIA RAT remcos	DonPasci
2025-12-12 12:02	81.92.219.143:60000	Remcos	AS27176 c2 censys DATAWAGON RAT remcos	DonPasci
2025-12-12 12:02	89.149.243.170:8080	Remcos	AS60781 c2 censys LEASEWEB-NL-AMS-01 RAT remcos	DonPasci
2025-12-12 12:02	register.spc.jp.net	AsyncRAT	asyncrat c2 domain RAT triage	DonPasci
2025-12-12 12:02	156.234.216.182:8712	Cobalt Strike	AS138415 c2 censys CobaltStrike cs-watermark-987654321 YANCYLIMITED-AS-HK	DonPasci
2025-12-12 11:57	k38.deepbreez3.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 11:50	baritale.com	Matanbuchus		plebourhis
2025-12-12 11:50	47.92.196.59:443	Cobalt Strike	AS37963 c2 censys	dyingbreeds_
2025-12-12 11:50	117.72.99.21:9999	Cobalt Strike	AS141679 c2 censys	dyingbreeds_
2025-12-12 11:50	167.71.90.208:8888	Unknown malware	AS14061 c2 censys DIGITALOCEAN-ASN Supershell	dyingbreeds_
2025-12-12 11:50	208.69.78.184:31337	Sliver	AS-GLOBALTELEHOST AS63023 c2 censys	dyingbreeds_
2025-12-12 11:50	144.172.114.13:443	Unknown malware	AS14956 c2 censys Mythic ROUTERHOSTING	dyingbreeds_
2025-12-12 11:50	45.130.166.85:443	Unknown malware	AS36007 c2 censys KAMATERA Mythic	dyingbreeds_
2025-12-12 11:50	202.189.12.194:5566	Quasar RAT	AS139180 c2 censys RAT	dyingbreeds_
2025-12-12 11:50	125.168.249.139:8443	Unknown malware	AS9443 botnet byob c2 censys	dyingbreeds_
2025-12-12 11:50	75.66.72.160:8443	Unknown malware	AS7922 botnet byob c2 censys COMCAST-7922	dyingbreeds_
2025-12-12 11:50	75.133.120.54:8443	Unknown malware	AS20115 botnet byob c2 censys CHARTER-20115	dyingbreeds_
2025-12-12 11:50	24.235.137.164:8443	Unknown malware	AS7992 botnet byob c2 censys COGECOWAVE	dyingbreeds_
2025-12-12 11:50	91.158.199.43:8443	Unknown malware	AS719 botnet byob c2 censys	dyingbreeds_
2025-12-12 11:50	67.254.169.34:8443	Unknown malware	AS12271 botnet byob c2 censys TWC-12271-NYC	dyingbreeds_
2025-12-12 11:50	78.27.85.26:8443	Unknown malware	AS16086 botnet byob c2 censys DNA	dyingbreeds_
2025-12-12 11:50	46.162.105.194:8443	Unknown malware	AS29518 botnet BREDBAND2 byob c2 censys	dyingbreeds_
2025-12-12 11:50	107.179.200.87:8443	Unknown malware	AS5645 botnet byob c2 censys TEKSAVVY	dyingbreeds_
2025-12-12 11:50	136.24.74.5:8443	Unknown malware	AS19165 botnet byob c2 censys WEBPASS	dyingbreeds_
2025-12-12 11:50	175.182.177.198:8443	Unknown malware	AS4780 botnet byob c2 censys	dyingbreeds_
2025-12-12 11:50	24.47.51.37:8443	Unknown malware	AS6128 botnet byob c2 CABLE-NET-1 censys	dyingbreeds_
2025-12-12 11:50	125.224.153.221:8443	Unknown malware	AS3462 botnet byob c2 censys	dyingbreeds_
2025-12-12 11:50	220.246.204.92:8443	Unknown malware	AS4760 botnet byob c2 censys	dyingbreeds_
2025-12-12 11:50	66.190.34.226:8443	Unknown malware	AS20115 botnet byob c2 censys CHARTER-20115	dyingbreeds_
2025-12-12 11:50	165.227.48.115:3333	Unknown malware	AS14061 censys DIGITALOCEAN-ASN GoPhish phishing	dyingbreeds_
2025-12-12 11:50	47.239.201.21:60000	Unknown malware	AS45102 censys Viper	dyingbreeds_
2025-12-12 11:50	206.189.160.102:443	Unknown malware	AS14061 censys DIGITALOCEAN-ASN GoPhish phishing	dyingbreeds_
2025-12-12 11:50	195.88.24.103:8033	Unknown malware	AS36007 censys GoPhish KAMATERA phishing	dyingbreeds_
2025-12-12 11:50	167.99.26.105:3333	Unknown malware	AS14061 censys DIGITALOCEAN-ASN GoPhish phishing	dyingbreeds_
2025-12-12 11:50	82.156.210.64:10813	Unknown malware	AS45090 censys GoPhish phishing	dyingbreeds_
2025-12-12 11:50	3.148.221.7:8085	Unknown malware	AMAZON-02 AS16509 censys GoPhish phishing	dyingbreeds_
2025-12-12 11:50	111.230.103.245:3333	Unknown malware	AS45090 censys GoPhish phishing	dyingbreeds_
2025-12-12 11:47	8wp1.deepbreez3.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 11:30	stone.deepbreez3.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 11:28	field.deepbreez3.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 11:17	z24rf.mistyshore.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 11:07	q71t.mistyshore.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 10:57	ue.mistyshore.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 10:47	shore.mistyshore.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 10:37	fox.clears0ft.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 10:28	jt77.clears0ft.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 10:18	3e.clears0ft.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 10:08	http://123.56.48.58:8888/supershell/login/	Unknown malware	AS37963 Supershell	antiphishorg
2025-12-12 10:08	208.87.205.54:81	Cobalt Strike	AS133199 c2 Cobalt Strike threatquery	threatquery
2025-12-12 10:08	https://wooddecor.com.br.kbral.com.br/	Unknown malware	ClickFix	CarsonWilliams
2025-12-12 10:07	drift.clears0ft.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 09:57	zgeg.forestcl0ud.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 09:46	e08z3.forestcl0ud.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 09:38	host.forestcl0ud.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 09:34	3gky.forestcl0ud.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 09:32	jjt.f0xwave.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 09:27	mist.f0xwave.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 09:17	554r5.f0xwave.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 09:06	kp3uw.f0xwave.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 08:58	forest.clearh0st.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 08:52	https://roku.jnishop.com/	Unknown malware	ClickFix	CarsonWilliams
2025-12-12 08:52	https://rummagewi.com/	Unknown malware	ClickFix	CarsonWilliams
2025-12-12 08:52	https://sageproductions.tv/	Unknown malware	ClickFix	CarsonWilliams
2025-12-12 08:52	https://schluesselringe.de/	Unknown malware	ClickFix	CarsonWilliams
2025-12-12 08:52	https://red-eyesecurity.com/	Unknown malware	ClickFix	CarsonWilliams
2025-12-12 08:52	https://rummagewi.drcs-solutions.com/	Unknown malware	ClickFix	CarsonWilliams
2025-12-12 08:52	https://qka.poy.temporary.site/	Unknown malware	ClickFix	CarsonWilliams
2025-12-12 08:52	https://roumanie.sandierrot.fr/	Unknown malware	ClickFix	CarsonWilliams
2025-12-12 08:52	https://portaldesigngrafico.com.br.agenciadelivearte.com.br/	Unknown malware	ClickFix	CarsonWilliams
2025-12-12 08:52	https://psicologowil.com.br/	Unknown malware	ClickFix	CarsonWilliams
2025-12-12 08:52	https://quabala-quabala.com/	Unknown malware	ClickFix	CarsonWilliams
2025-12-12 08:52	https://shop.net-gazet.ru/	Unknown malware	ClickFix	CarsonWilliams
2025-12-12 08:52	https://singlevendor.ninetysix.in/	Unknown malware	ClickFix	CarsonWilliams
2025-12-12 08:52	https://sebastiancafe.kbral.com.br/	Unknown malware	ClickFix	CarsonWilliams
2025-12-12 08:52	https://teresina.oligoflora.com.br/	Unknown malware	ClickFix	CarsonWilliams
2025-12-12 08:52	https://syuchan.com/	Unknown malware	ClickFix	CarsonWilliams
2025-12-12 08:52	https://tanakazu1977.com/	Unknown malware	ClickFix	CarsonWilliams
2025-12-12 08:52	https://supvitalfree.verslo.io/	Unknown malware	ClickFix	CarsonWilliams
2025-12-12 08:52	https://staging.trytebox.com/	Unknown malware	ClickFix	CarsonWilliams
2025-12-12 08:52	https://stazio54.com/	Unknown malware	ClickFix	CarsonWilliams
2025-12-12 08:52	https://stavby.sk/	Unknown malware	ClickFix	CarsonWilliams
2025-12-12 08:52	https://suzuya-basketball-dog-house.com/	Unknown malware	ClickFix	CarsonWilliams
2025-12-12 08:52	https://vendamaiscomthiago.ads360imob.com.br/	Unknown malware	ClickFix	CarsonWilliams
2025-12-12 08:52	https://webmail.mega77b.com/	Unknown malware	ClickFix	CarsonWilliams
2025-12-12 08:52	https://webmail.giracoin.io/	Unknown malware	ClickFix	CarsonWilliams
2025-12-12 08:52	https://urbiagua.pt/	Unknown malware	ClickFix	CarsonWilliams
2025-12-12 08:52	https://teenpattijawaan.com/	Unknown malware	ClickFix	CarsonWilliams
2025-12-12 08:52	https://tes-totaleng.com/	Unknown malware	ClickFix	CarsonWilliams
2025-12-12 08:52	https://study.bisabarengoby.id/	Unknown malware	ClickFix	CarsonWilliams
2025-12-12 08:52	https://vitaricca-1.com/	Unknown malware	ClickFix	CarsonWilliams
2025-12-12 08:52	https://wordt-ontwikkeldbe.site.tb-hosting.com/	Unknown malware	ClickFix	CarsonWilliams
2025-12-12 08:52	https://vegasvalleycommercial.com/	Unknown malware	ClickFix	CarsonWilliams
2025-12-12 08:52	https://yellowbird.siulyn.fr/	Unknown malware	ClickFix	CarsonWilliams
2025-12-12 08:52	https://webdisk.kasatnews.com/	Unknown malware	ClickFix	CarsonWilliams
2025-12-12 08:52	https://whm.tamiltotamil.com/	Unknown malware	ClickFix	CarsonWilliams
2025-12-12 08:52	https://whm.umeedshiksharath.org/	Unknown malware	ClickFix	CarsonWilliams
2025-12-12 08:52	https://ysetechnologies.com.appniacs.com/	Unknown malware	ClickFix	CarsonWilliams
2025-12-12 08:52	https://watabaran.se/	Unknown malware	ClickFix	CarsonWilliams
2025-12-12 08:52	https://tlcmaui.com/	Unknown malware	ClickFix	CarsonWilliams
2025-12-12 08:52	https://quamecheng.co.zm/	Unknown malware	ClickFix	CarsonWilliams
2025-12-12 08:48	mint.clearh0st.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 08:48	64.111.92.248:8888	Sliver	drb-ra sliver	abuse_ch
2025-12-12 08:44	137.131.241.10:8443	Sliver	drb-ra sliver	abuse_ch
2025-12-12 08:40	river.clearh0st.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 08:31	8l8gr.clearh0st.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 08:27	crest.m1stleaf.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 08:18	cwt.m1stleaf.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 08:17	77.83.240.193:8001	Aisuru	AISURU	abuse_ch
2025-12-12 08:17	77.83.240.194:8001	Aisuru	AISURU	abuse_ch
2025-12-12 08:17	45.92.218.126:8001	Aisuru	AISURU	abuse_ch
2025-12-12 08:17	77.83.240.196:8001	Aisuru	AISURU	abuse_ch
2025-12-12 08:05	qo1u.m1stleaf.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 08:03	78.40.218.123:443	Unknown malware	AS9123 c2 censys ClickFix first-stage TIMEWEB-AS	DonPasci
2025-12-12 08:03	89.111.149.164:80	Unknown malware	AS48287 c2 censys ClickFix first-stage RU-CENTER	DonPasci
2025-12-12 08:03	3.85.126.181:1963	Meterpreter	AMAZON-AES AS14618 c2 censys hacktool MetaSploit Meterpreter	DonPasci
2025-12-12 08:03	3.85.126.181:1913	Meterpreter	AMAZON-AES AS14618 c2 censys hacktool MetaSploit Meterpreter	DonPasci
2025-12-12 08:02	45.156.27.23:443	Unknown malware	AS56971 c2 censys Mythic	DonPasci
2025-12-12 08:02	89.125.209.173:7443	Unknown malware	AS212477 c2 censys Mythic ROYALE-AS	DonPasci
2025-12-12 08:02	178.16.53.119:4444	AsyncRAT	AS214943 asyncrat c2 censys RAILNET RAT	DonPasci
2025-12-12 08:02	44.200.209.5:8080	Sliver	AMAZON-AES AS14618 c2 censys payload sliver	DonPasci
2025-12-12 08:02	44.200.209.5:443	Sliver	AMAZON-AES AS14618 c2 censys sliver	DonPasci
2025-12-12 08:02	137.131.241.10:443	Sliver	AS31898 c2 censys ORACLE-BMC-31898 sliver	DonPasci
2025-12-12 08:02	178.16.53.165:443	Latrodectus	AS214943 c2 censys Latrodectus RAILNET	DonPasci
2025-12-12 08:02	178.16.53.175:443	Latrodectus	AS214943 c2 censys Latrodectus RAILNET	DonPasci
2025-12-12 08:02	38.54.88.89:80	Cobalt Strike	AS138915 c2 censys CobaltStrike cs-watermark-666666666 KAOPU-HK	DonPasci
2025-12-12 08:02	121.43.230.164:8080	Cobalt Strike	ALIBABA-CN-NET AS37963 c2 censys CobaltStrike cs-watermark-391144938	DonPasci
2025-12-12 08:02	192.210.215.210:443	Cobalt Strike	AS-COLOCROSSING AS36352 c2 censys CobaltStrike cs-watermark-987654321	DonPasci
2025-12-12 07:57	yljy.m1stleaf.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 07:42	0s.frostbranch.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 07:38	d5.frostbranch.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 07:25	ffmg.frostbranch.ru	ClearFake	ClearFake	Anonymous
2025-12-12 07:19	195.177.94.107:56238	Unknown malware		abuse_ch
2025-12-12 07:18	sky.frostbranch.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 07:17	216.126.239.157:8888	Cobalt Strike	CobaltStrike cs-watermark-987654321	abuse_ch
2025-12-12 07:17	45.192.248.45:8088	Cobalt Strike	CobaltStrike cs-watermark-426352781	abuse_ch
2025-12-12 07:17	36.253.9.57:8081	Cobalt Strike	CobaltStrike cs-watermark-987654321	abuse_ch
2025-12-12 07:17	8.148.211.47:9999	Cobalt Strike	CobaltStrike cs-watermark-391144938	abuse_ch
2025-12-12 07:17	45.207.208.83:443	Cobalt Strike	CobaltStrike cs-watermark-666666666	abuse_ch
2025-12-12 07:16	15.204.59.20:80	Cobalt Strike	CobaltStrike cs-watermark-391144938	abuse_ch
2025-12-12 07:16	213.209.143.34:59666	Mirai	Mirai	seckle
2025-12-12 07:15	144.202.27.199:31337	Sliver	c2 sliver	juroots
2025-12-12 07:07	nova.cleardawn.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 07:07	http://bamboopaw2021.sbs/b5a52ebb310b65f06dd10cfe69f72363/	Unknown Stealer	MaskGramStealer	abuse_ch
2025-12-12 07:07	bamboopaw2021.sbs	Unknown Stealer	MaskGramStealer	abuse_ch
2025-12-12 06:58	e5w.cleardawn.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 06:53	193.27.90.80:5010	Unknown malware	dropped-by-amadey	abuse_ch
2025-12-12 06:47	60sek.cleardawn.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 06:37	bridge.cleardawn.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 06:36	brands.khaitara.com	Unknown malware	c2 TA569	juroots
2025-12-12 06:35	api.qtss.cc	Unknown malware	c2 PeerBlight	juroots
2025-12-12 06:35	vps-zap812595-1.zap-srv.com	Unknown malware	c2 PeerBlight	juroots
2025-12-12 06:35	help.093214.xyz	Unknown malware	c2 PeerBlight	juroots
2025-12-12 06:35	keep.camdvr.org	Unknown malware	c2 PeerBlight	juroots
2025-12-12 06:34	app.enzirt.com	Unknown Loader	c2 Gholoader	juroots
2025-12-12 06:34	api.htscefh.com	Unknown Loader	c2 Gholoader	juroots
2025-12-12 06:34	https://api-w11c.onrender.com/api/send	Unknown Stealer	c2 SilentStealer	burger
2025-12-12 06:34	206.206.127.137:8041	Unknown RAT	ConnectWise ScreenConnect	tanner
2025-12-12 06:34	microservice-update-s1-bucket.cc	Amatera	amatera payload	burger
2025-12-12 06:34	https://microservice-update-s1-bucket.cc/HollyPriest.docx	Amatera	amatera payload	burger
2025-12-12 06:34	microservice-update-s2-bucket.cc	Amatera	AmateraStealer payload	burger
2025-12-12 06:34	api-w11c.onrender.com	Unknown Stealer	c2 SilentStealer	burger
2025-12-12 06:34	94.183.183.52:443	Amatera	amatera c2	burger
2025-12-12 06:34	213.176.16.165:443	Amatera	amatera c2	burger
2025-12-12 06:34	https://lingering-my-verify-clouds-1.pages.dev/	Unknown malware	ClickFix	CarsonWilliams
2025-12-12 06:34	95.182.101.109:80	Stealc	Loader Stealc stealer	Bitsight
2025-12-12 06:34	nkpoor.sa.com	AsyncRAT	asyncrat botnet c2	Amethyste
2025-12-12 06:34	download.nkpoor.sa.com	AsyncRAT	asyncrat botnet c2	Amethyste
2025-12-12 06:34	http://47.243.211.91:8888/supershell/login/	Unknown malware	AS45102 Supershell	antiphishorg
2025-12-12 06:34	198.251.84.61:80	Stealc	Loader Stealc stealer	Bitsight
2025-12-12 06:34	http://154.61.77.105:8082/	Unknown malware	exploit react2shell	TheRavenFile
2025-12-12 06:34	totalservices.info	Unknown malware	c2 ShadowAgent TA396	juroots
2025-12-12 06:34	broughservice.info	Unknown malware	c2 ShadowAgent TA396	juroots
2025-12-12 06:34	theoyservices.info	Unknown malware	c2 ShadowAgent TA396	juroots
2025-12-12 06:34	excesswintex.info	Unknown malware	c2 ShadowAgent TA396	juroots
2025-12-12 06:34	brityservice.info	Unknown malware	c2 ShadowAgent TA396	juroots
2025-12-12 06:34	bijoyshare.buzz	Unknown malware	c2 ShadowAgent TA396	juroots
2025-12-12 06:34	sharetobijoy.buzz	Unknown malware	c2 ShadowAgent TA396	juroots
2025-12-12 06:34	gov.hanel.work	Vidar	c2 domain Vidar	burger
2025-12-12 06:34	157.180.22.193:443	Vidar	c2 ip Vidar	burger
2025-12-12 06:34	de5fcb3128ab96a7c5e45d93ed01498102aacde90552b9bffc581fa94d5c8e6a	Coinminer	dugganusa Github	duggusa
2025-12-12 06:34	22804099ed114502613561e19c39b08d85532366de6aa7dc7b648da51d4a7515	Quasar RAT	dugganusa Github pulsar quasar RAT	duggusa
2025-12-12 06:34	ca49f69a007de870c0ae4c9cabaa4707ad73c9735d643c7bfcdc2a4cf2ba9765	Quasar RAT	dugganusa Github	duggusa
2025-12-12 06:34	158.94.210.44:1312	Mirai	Mirai	seckle
2025-12-12 06:33	wwexp.com	FAKEUPDATES	LandUpdate808	juroots
2025-12-12 06:31	116.103.90.20:4411	XWorm	c2 XWorm	juroots
2025-12-12 06:30	https://raw.githubusercontent.com/locsucc/cac/refs/heads/master/c	XWorm	c2 XWorm	juroots
2025-12-12 06:30	country-tex.gl.at.ply.gg	XWorm	c2 XWorm	juroots
2025-12-12 06:30	https://t.me/takecareandkeepitup	Raccoon	c2 raccoon	juroots
2025-12-12 06:30	https://t.me/borderxra	Raccoon	c2 raccoon	juroots
2025-12-12 06:30	https://t.me/jredmankun	Raccoon	c2 raccoon	juroots
2025-12-12 06:30	https://t.me/masseffectus2	Raccoon	c2 raccoon	juroots
2025-12-12 06:30	https://t.me/oh12manymarty	Raccoon	c2 raccoon	juroots
2025-12-12 06:30	http://telegatt.top/oh12manymarty	Raccoon	c2 raccoon	juroots
2025-12-12 06:30	http://telegin.top/oh12manymarty	Raccoon	c2 raccoon	juroots
2025-12-12 06:30	http://telegka.top/oh12manymarty	Raccoon	c2 raccoon	juroots
2025-12-12 06:29	gugugulol.kenkejai.com	Mirai	c2 Mirai	juroots
2025-12-12 06:29	195.85.207.132:1337	DCRat	c2 dcrat	juroots
2025-12-12 06:29	google.motchilltv.red	DCRat	c2 dcrat	juroots
2025-12-12 06:29	sarefy07.top	CryptBot	c2 cryptbot	juroots
2025-12-12 06:29	sarjeb09.top	CryptBot	c2 cryptbot	juroots
2025-12-12 06:29	damysa10.top	CryptBot	c2 cryptbot	juroots
2025-12-12 06:28	http://knuywu58.top/index.php	CryptBot	c2 cryptbot	juroots
2025-12-12 06:28	http://lysuht78.top/index.php	CryptBot	c2 cryptbot	juroots
2025-12-12 06:28	http://morisc07.top/index.php	CryptBot	c2 cryptbot	juroots
2025-12-12 06:28	http://morjeo05.top/index.php	CryptBot	c2 cryptbot	juroots
2025-12-12 06:28	http://morwye06.top/index.php	CryptBot	c2 cryptbot	juroots
2025-12-12 06:28	http://knumfl68.top/index.php	CryptBot	c2 cryptbot	juroots
2025-12-12 06:28	http://sarefy07.top/download.php?file=lv.exe	CryptBot	cryptbot	juroots
2025-12-12 06:28	http://sarjeb09.top/download.php?file=lv.exe	CryptBot	cryptbot	juroots
2025-12-12 06:28	http://damysa10.top/download.php?file=lv.exe	CryptBot	cryptbot	juroots
2025-12-12 06:26	eia.dr1ftshade.ru	ClearFake	ClearFake	Anonymous
2025-12-12 06:18	ebsk.dr1ftshade.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 06:07	range.dr1ftshade.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 06:03	malware.quality.it.com	AsyncRAT	asyncrat c2 domain RAT triage	DonPasci
2025-12-12 06:03	quality.it.com	AsyncRAT	asyncrat c2 domain RAT triage	DonPasci
2025-12-12 06:02	malware.medcom.it.com	AsyncRAT	asyncrat c2 domain RAT triage	DonPasci
2025-12-12 06:02	medcom.it.com	AsyncRAT	asyncrat c2 domain RAT triage	DonPasci
2025-12-12 06:02	91.202.233.215:2404	Remcos	AS200593 c2 RAT remcos triage	DonPasci
2025-12-12 06:02	mariajose12.duckdns.org	Remcos	c2 domain RAT remcos triage	DonPasci
2025-12-12 06:02	halahtyb-45632.portmap.host	XWorm	c2 domain triage XWorm	DonPasci
2025-12-12 06:02	halahtyb-41206.portmap.host	XWorm	c2 domain triage XWorm	DonPasci
2025-12-12 05:55	xew2z.dr1ftshade.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 05:41	wave.skyf1eld.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 05:36	x93.skyf1eld.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 05:27	6rpmj.skyf1eld.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 05:19	beta.skyf1eld.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 05:17	r8x.l1ghtshore.ru	ClearFake	ClearFake	Anonymous
2025-12-12 05:07	omega.l1ghtshore.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 04:57	cr.l1ghtshore.ru	ClearFake	ClearFake	threatcat_ch
2025-12-12 04:48	p1fb9.l1ghtshore.ru	ClearFake	ClearFake	threatcat_ch