ThreatFox IOC Database

You are browsing the Indicator Of Compromise (IOC) database of ThreatFox. If you would like to contribute IOCs to the corpuse, you can do so through either the web form or the API.

300

IOCs shared (past 24 hours)

ClearFake

Most seen malware family (past 24 hours)

1'626'305

IOCs in corpus

Using the form below, you can search for malware samples by a hash (MD5, SHA256, SHA1), imphash, tlsh hash, ClamAV signature, tag or malware family.

Browse Database

Search syntax is as follow: keyword:search_term

Following is a list of accepted keywords along with an example search_term

ioc:ms-debug-services.com ( run)
malware:CobaltStrike ( run)
tag:TA505 ( run)
threat_type:cc_skimming ( run)
uuid:87f310f3-540b-11eb-922c-42010aa4000a ( run)

Date (UTC)	IOC	Malware	Tags	Reporter
2026-02-20 09:45	saltwave.oceanprim.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-20 09:32	bluecurrent.oceanprim.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-20 09:24	ironclove.bakhkondach.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-20 09:17	blackroot.bakhkondach.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-20 09:00	47.76.249.152:447	ValleyRAT	RAT ValleyRAT	abuse_ch
2026-02-20 08:56	darkspice.bakhkondach.in.net	ClearFake	ClearFake	Anonymous
2026-02-20 08:51	95.216.212.8:8888	Sliver	drb-ra sliver	abuse_ch
2026-02-20 08:50	xworm2026.ddns.net	XWorm	XWorm	abuse_ch
2026-02-20 08:47	185.180.198.3:2025	RansomHub	drb-ra RansomHub	abuse_ch
2026-02-20 08:47	185.180.198.3:443	RansomHub	drb-ra RansomHub	abuse_ch
2026-02-20 08:46	167.172.199.123:443	Sliver	drb-ra sliver	abuse_ch
2026-02-20 08:46	167.172.199.123:8888	Sliver	drb-ra sliver	abuse_ch
2026-02-20 08:46	163.181.208.79:4506	DeimosC2	Deimos drb-ra	abuse_ch
2026-02-20 08:44	13.248.136.191:443	DeimosC2	Deimos drb-ra	abuse_ch
2026-02-20 08:44	firecharge.highexplos.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-20 08:37	shockflare.highexplos.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-20 08:30	blastzone.highexplos.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-20 08:10	rockpanel.flatdon.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-20 08:03	plainforge.flatdon.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-20 08:02	168.245.203.186:3790	Meterpreter	AS58580 c2 censys FASTRACK hacktool MetaSploit Meterpreter	DonPasci
2026-02-20 08:02	103.177.47.207:3790	Meterpreter	AS58580 c2 censys FASTRACK hacktool MetaSploit Meterpreter	DonPasci
2026-02-20 08:02	103.177.47.174:3790	Meterpreter	AS58580 c2 censys FASTRACK hacktool MetaSploit Meterpreter	DonPasci
2026-02-20 08:02	3.107.169.157:2	Meterpreter	AMAZON-02 AS16509 c2 censys hacktool MetaSploit Meterpreter	DonPasci
2026-02-20 08:01	104.223.84.7:14646	Remcos	AS-COLOCROSSING AS36352 c2 censys RAT remcos	DonPasci
2026-02-20 08:01	91.92.41.4:5555	Remcos	AS211443 c2 censys RAT remcos SINOWORLDWIDE	DonPasci
2026-02-20 07:51	dustcrate.flatdon.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-20 07:50	38.46.11.202:1107	ValleyRAT	RAT ValleyRAT	abuse_ch
2026-02-20 07:50	192.163.162.194:447	ValleyRAT	RAT ValleyRAT	abuse_ch
2026-02-20 07:46	193.26.115.60:6000	Remcos	2026 AUTO-REG FEBRERO persistence RAT remcos	Neiki
2026-02-20 07:46	38.49.215.118:8443	PureRAT	collection discovery execution NETREACTOR PureHVNC spyware stealer	Neiki
2026-02-20 07:46	23.94.252.101:7000	XWorm	ARCH-EXEC AUTO-STARTUP discovery NETREACTOR RAT trojan XWorm	Neiki
2026-02-20 07:45	83.142.209.92:11200	PureRAT	discovery NETREACTOR PureHVNC	Neiki
2026-02-20 07:45	https://ainttby.com/6f54.js	KongTuke	Kongtuke	monitorsg
2026-02-20 07:45	ainttby.com	KongTuke	Kongtuke	monitorsg
2026-02-20 07:45	https://ainttby.com/js.php	KongTuke	Kongtuke	monitorsg
2026-02-20 07:45	http://212.85.166.12:22448/.i	Unknown malware	honeypot	greedybear
2026-02-20 07:45	203.192.206.72:1988	AsyncRAT	asyncrat Default discovery NETREACTOR PROTECTOR RAT	Neiki
2026-02-20 07:45	193.124.250.110:8080	XWorm	defense_evasion RAT trojan XWorm	Neiki
2026-02-20 07:45	172.94.111.65:8098	Remcos	discovery RAT remcos REMOTEHOST	Neiki
2026-02-20 07:45	5.101.86.26:49274	Remcos	discovery EXCESSMONEY RAT remcos	Neiki
2026-02-20 07:45	excessmon001.duckdns.org	Remcos	discovery EXCESSMONEY RAT remcos	Neiki
2026-02-20 07:45	x1edaroughgan8hajous20.duckdns.org	Remcos	LAST RAT remcos	Neiki
2026-02-20 07:45	x1edaroughgan8hajous30.duckdns.org	Remcos	LAST RAT remcos	Neiki
2026-02-20 07:45	x1edaroughgan8hajous40.duckdns.org	Remcos	LAST RAT remcos	Neiki
2026-02-20 07:45	https://89.58.25.125/	Unknown malware	ClickFix	CarsonWilliams
2026-02-20 07:45	cygnusn.cyou	Lumma Stealer	domain Lumma Lumma Stealer stealer	RacWatchin8872
2026-02-20 07:45	khantym.cyou	Lumma Stealer	domain Lumma Lumma Stealer stealer	RacWatchin8872
2026-02-20 07:45	salivae.cyou	Lumma Stealer	domain Lumma Lumma Stealer stealer	RacWatchin8872
2026-02-20 07:45	swederq.cyou	Lumma Stealer	domain Lumma Lumma Stealer stealer	RacWatchin8872
2026-02-20 07:45	transpd.cyou	Lumma Stealer	domain Lumma Lumma Stealer stealer	RacWatchin8872
2026-02-20 07:45	tributj.cyou	Lumma Stealer	domain Lumma Lumma Stealer stealer	RacWatchin8872
2026-02-20 07:44	intranet.milnetstresser.ru	Mirai	botnet defense_evasion discovery linux Mirai owari	Neiki
2026-02-20 07:44	87.121.84.58:8080	Mirai	Mirai	elfdigest
2026-02-20 07:43	87.121.84.58:2901	Mirai	Mirai	seckle
2026-02-20 07:43	146.70.51.74:2712	DCRat	AMSI-BYPASS asyncrat dcrat discovery NEWR2712 RAT	Neiki
2026-02-20 07:43	3.127.59.75:11637	NjRAT	?????? AUTO-STARTUP defense_evasion discovery njrat persistence RAT	Neiki
2026-02-20 07:43	193.161.193.99:64601	XWorm	RAT trojan XWorm	Neiki
2026-02-20 07:43	http://198.46.147.169:8888/supershell/login/	Unknown malware	AS36352 HostPapa Supershell	antiphishorg
2026-02-20 07:42	heattrail.agrahurry.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-20 07:27	rushgrain.agrahurry.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-20 07:17	speedcargo.agrahurry.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-20 07:09	81.68.89.216:8088	Cobalt Strike	CobaltStrike cs-watermark-987654321	abuse_ch
2026-02-20 07:00	221.229.53.161:10001	Xtreme RAT	AS146966 c2 censys RAT	dyingbreeds_
2026-02-20 06:52	wildhorn.goatbreed.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-20 06:36	stonegraze.goatbreed.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-20 06:34	share2e2git.autos	Unknown Stealer	c2 domain MacSync stealer VirusTotal	DonPasci
2026-02-20 06:30	stormfield.goatbreed.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-20 06:28	horsten.fun	Unknown Stealer	c2 domain MacSync stealer VirusTotal	DonPasci
2026-02-20 06:23	rocketmoll.com	Unknown Stealer	c2 domain MacSync stealer VirusTotal	DonPasci
2026-02-20 06:22	argoflyleens.city	Unknown Stealer	c2 domain MacSync stealer VirusTotal	DonPasci
2026-02-20 06:19	elfrodbloom.city	Unknown Stealer	c2 domain MacSync stealer VirusTotal	DonPasci
2026-02-20 06:07	159.26.100.159:59476	Nanocore RAT	AS208172 c2 NanoCore RAT triage	DonPasci
2026-02-20 06:05	bluepoint.northlake.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-20 06:02	shroudcloud.ru.com	AsyncRAT	asyncrat c2 domain RAT triage	DonPasci
2026-02-20 06:02	kishlay.in.net	AsyncRAT	asyncrat c2 domain RAT triage	DonPasci
2026-02-20 06:02	hpandroid2025.jp.net	AsyncRAT	asyncrat c2 domain RAT triage	DonPasci
2026-02-20 05:50	icefront.northlake.in.net	ClearFake	ClearFake	Anonymous
2026-02-20 05:39	coldwater.northlake.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-20 05:24	northshore.northlake.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-20 05:20	165.227.177.122:1177	NjRAT	njrat	abuse_ch
2026-02-20 04:46	westwave.westlake.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-20 04:02	168.245.203.199:3790	Meterpreter	AS58580 c2 censys FASTRACK hacktool MetaSploit Meterpreter	DonPasci
2026-02-20 04:02	168.245.203.224:3790	Meterpreter	AS58580 c2 censys FASTRACK hacktool MetaSploit Meterpreter	DonPasci
2026-02-20 04:02	168.245.203.51:3790	Meterpreter	AS58580 c2 censys FASTRACK hacktool MetaSploit Meterpreter	DonPasci
2026-02-20 04:02	168.245.203.231:3790	Meterpreter	AS58580 c2 censys FASTRACK hacktool MetaSploit Meterpreter	DonPasci
2026-02-20 04:01	94.242.52.160:445	Havoc	AS43317 c2 censys Havoc VEESP-AS	DonPasci
2026-02-20 03:36	coolsurf.westlake.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-20 03:32	deepblue.westlake.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-20 02:32	waterfront.westlake.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-20 02:20	greenpath.deepwood.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-20 02:13	wildleaf.deepwood.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-20 02:03	darktimber.deepwood.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-20 01:35	deeproot.deepwood.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-20 01:27	redcore.redwood.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-20 01:20	tallbranch.redwood.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-20 01:06	oldroot.redwood.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-20 00:57	strongleaf.redwood.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-20 00:49	silentnode.darkmoon.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-20 00:41	hiddenside.darkmoon.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-20 00:34	blackorbit.darkmoon.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-20 00:29	shadowphase.darkmoon.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-20 00:23	goldtrace.goldwind.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-20 00:17	fastglow.goldwind.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-20 00:11	shineflow.goldwind.in.net	ClearFake	ClearFake	Anonymous
2026-02-20 00:07	warmbreeze.goldwind.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-20 00:02	heavynode.ironwave.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-20 00:02	138.197.196.147:80	Empire Downloader	AS14061 c2 censys DIGITALOCEAN-ASN PowershellEmpire	DonPasci
2026-02-20 00:02	15.216.95.47:2701	Meterpreter	AMAZON-02 AS16509 c2 censys hacktool MetaSploit Meterpreter	DonPasci
2026-02-20 00:01	91.92.243.47:4449	Venom RAT	AS202412 c2 censys OMEGATECH-AS RAT Venom	DonPasci
2026-02-20 00:01	bkn-connects.com	Havoc	AS13335 c2 censys CLOUDFLARENET Havoc	DonPasci
2026-02-20 00:01	89.40.206.98:2050	Remcos	AS9009 c2 censys M247 RAT remcos	DonPasci
2026-02-19 23:50	powerlink.ironwave.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-19 23:34	hardflow.ironwave.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-19 23:29	steelsync.ironwave.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-19 23:04	coldbeam.coolstar.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-19 23:00	209.74.82.76:3333	Unknown malware	AS22612 censys EvilGoPhish phishing	dyingbreeds_
2026-02-19 23:00	3.85.107.177:8443	Havoc	AS14618 c2 censys	dyingbreeds_
2026-02-19 23:00	3.148.25.195:80	Havoc	AS16509 c2 censys	dyingbreeds_
2026-02-19 23:00	75.119.151.20:80	Havoc	AS51167 c2 censys CONTABO	dyingbreeds_
2026-02-19 23:00	bkn-partr.com	Havoc	AS13335 c2 censys	dyingbreeds_
2026-02-19 23:00	juandaza2025pu.camdvr.org	Remcos	remcos	dyingbreeds_
2026-02-19 23:00	16.58.121.239:443	Unknown malware	AS16509 c2 censys Mythic	dyingbreeds_
2026-02-19 23:00	manager.3utilities.com	Remcos	remcos	dyingbreeds_
2026-02-19 23:00	165.232.45.1:8088	AsyncRAT	AS14061 c2 censys RAT	dyingbreeds_
2026-02-19 23:00	155.138.162.127:443	Sliver	AS20473 c2 censys	dyingbreeds_
2026-02-19 23:00	154.219.97.206:5758	Ghost RAT	AS401701 c2 censys RAT	dyingbreeds_
2026-02-19 23:00	154.219.97.142:5758	Ghost RAT	AS401701 c2 censys RAT	dyingbreeds_
2026-02-19 23:00	154.219.97.70:5758	Ghost RAT	AS401701 c2 censys RAT	dyingbreeds_
2026-02-19 22:46	spaceview.coolstar.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-19 22:40	y5d9oidj.blue128cinder.digital	ClearFake	ClearFake	Anonymous
2026-02-19 22:39	423vlwlb.blue128cinder.digital	ClearFake	ClearFake	threatcat_ch
2026-02-19 22:39	brightpoint.coolstar.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-19 22:25	lightcore.coolstar.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-19 22:16	leadpulse.bluewolf.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-19 22:09	nightrun.bluewolf.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-19 21:56	bluehunt.bluewolf.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-19 21:45	forestnode.graywolf.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-19 21:39	greytrack.graywolf.in.net	ClearFake	ClearFake	Anonymous
2026-02-19 21:34	wildstep.graywolf.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-19 21:24	huntpack.graywolf.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-19 21:14	176.108.250.50:443	Cobalt Strike	Earth Baxia	Rony
2026-02-19 20:41	spacecore.brightstar.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-19 20:33	lightbeam.brightstar.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-19 20:18	northgale.coldwind.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-19 20:07	snowtrack.coldwind.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-19 20:05	156.225.19.99:2324	ValleyRAT	valleyrat_s2	abuse_ch
2026-02-19 20:03	winterblast.coldwind.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-19 20:02	89.58.25.125:443	Unknown malware	AS197540 c2 censys ClickFix first-stage NETCUP-AS	DonPasci
2026-02-19 20:02	54.91.209.10:16930	Meterpreter	AMAZON-AES AS14618 c2 censys hacktool MetaSploit Meterpreter	DonPasci
2026-02-19 20:02	51.92.40.130:1234	Meterpreter	AMAZON-02 AS16509 c2 censys hacktool MetaSploit Meterpreter	DonPasci
2026-02-19 20:02	51.84.9.169:9999	Meterpreter	AMAZON-02 AS16509 c2 censys hacktool MetaSploit Meterpreter	DonPasci
2026-02-19 20:01	18.236.192.145:80	Havoc	AMAZON-02 AS16509 c2 censys Havoc	DonPasci
2026-02-19 20:01	3.140.254.73:443	Havoc	AMAZON-02 AS16509 c2 censys Havoc	DonPasci
2026-02-19 20:01	178.236.252.109:3000	Unknown malware	AS215826 c2 censys Mythic PARTNER-HOSTING-LTD	DonPasci
2026-02-19 20:01	20.39.130.27:443	Unknown malware	AS8075 c2 censys MICROSOFT-CORP-MSN-AS-BLOCK Mythic	DonPasci
2026-02-19 20:01	155.117.40.221:443	Unknown malware	AS32097 c2 censys Mythic WII	DonPasci
2026-02-19 20:01	3.148.25.195:7443	Unknown malware	AMAZON-02 AS16509 c2 censys Mythic	DonPasci
2026-02-19 20:01	159.203.79.29:443	Sliver	AS14061 c2 censys DIGITALOCEAN-ASN sliver	DonPasci
2026-02-19 20:01	18.221.223.195:443	Sliver	AMAZON-02 AS16509 c2 censys sliver	DonPasci
2026-02-19 20:01	87.106.187.97:443	Sliver	AS8560 c2 censys IONOS-AS sliver	DonPasci
2026-02-19 20:01	181.235.2.89:2404	Remcos	AS3816 c2 censys COLOMBIA RAT remcos	DonPasci
2026-02-19 20:01	192.227.219.80:2404	Remcos	AS-COLOCROSSING AS36352 c2 censys RAT remcos	DonPasci
2026-02-19 19:53	freezepoint.coldwind.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-19 19:44	coalbase.firepath.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-19 19:29	glowtrace.firepath.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-19 19:25	95.85.239.201:443	NetSupportManager RAT	NetSupport	abuse_ch
2026-02-19 19:22	ashcloud.firepath.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-19 19:09	hotstone.firepath.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-19 19:05	saltreef.deepwave.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-19 19:00	107.189.27.83:8443	Havoc	AS14956 c2 censys	dyingbreeds_
2026-02-19 19:00	44.198.60.243:443	Havoc	AS14618 c2 censys	dyingbreeds_
2026-02-19 18:58	178.236.252.109:7443	Unknown malware	drb-ra Mythic	abuse_ch
2026-02-19 18:51	149.28.151.106:8888	Sliver	drb-ra sliver	abuse_ch
2026-02-19 18:50	seacurrent.deepwave.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-19 18:46	117.187.252.19:10250	DeimosC2	Deimos drb-ra	abuse_ch
2026-02-19 18:14	darkwater.deepwave.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-19 18:05	95.156.205.13:55575	SpyNote	Android AS57169 c2 Spynote triage	DonPasci
2026-02-19 18:04	178.116.38.74:1912	RedLine Stealer	AS6848 c2 RedLine RedLineStealer stealer triage	DonPasci
2026-02-19 18:02	92lottery.coach	AsyncRAT	asyncrat c2 domain RAT triage	DonPasci
2026-02-19 18:01	172.86.68.38:28886	VShell	AS14956 c2 ROUTERHOSTING VirusTotal Vshell	DonPasci
2026-02-19 18:01	blueocean.deepwave.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-19 18:01	103.83.86.162:1985	XWorm	AS44382 c2 triage XWorm	DonPasci
2026-02-19 18:00	119.45.214.169:8443	VShell	AS45090 c2 TENCENT-NET-AP VirusTotal Vshell	DonPasci
2026-02-19 17:58	39.101.174.60:8084	VShell	ALIBABA-CN-NET AS37963 c2 VirusTotal Vshell	DonPasci
2026-02-19 17:49	softmist.skyrain.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-19 17:38	clearair.skyrain.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-19 17:28	highwind.skyrain.in.net	ClearFake	ClearFake	Anonymous
2026-02-19 17:12	bluecloud.skyrain.in.net	ClearFake	ClearFake	threatcat_ch
2026-02-19 17:05	195.177.94.71:4000	Loda	Loda	abuse_ch
2026-02-19 17:05	136.0.157.17:9304	Quasar RAT	QuasarRAT RAT	abuse_ch
2026-02-19 16:54	globalfruit.kiwi9ship3.coupons	ClearFake	ClearFake	threatcat_ch
2026-02-19 16:38	portside.kiwi9ship3.coupons	ClearFake	ClearFake	threatcat_ch
2026-02-19 16:32	oceanbird.kiwi9ship3.coupons	ClearFake	ClearFake	threatcat_ch
2026-02-19 16:07	kiwitransit.kiwi9ship3.coupons	ClearFake	ClearFake	threatcat_ch
2026-02-19 16:04	stockhub.box671plum.coupons	ClearFake	ClearFake	threatcat_ch
2026-02-19 16:02	15.229.32.243:1234	AdaptixC2	AdaptixC2 AMAZON-02 AS16509 c2 censys	DonPasci
2026-02-19 16:01	69.5.189.249:7701	Remcos	AS42624 c2 censys RAT remcos SWISSNETWORK02	DonPasci
2026-02-19 15:34	blueplum.box671plum.coupons	ClearFake	ClearFake	threatcat_ch
2026-02-19 15:27	heavybox.box671plum.coupons	ClearFake	ClearFake	Anonymous
2026-02-19 15:03	193.161.193.99:63603	XWorm	XWorm	dyingbreeds_
2026-02-19 15:03	37.4.250.173:63603	XWorm	XWorm	dyingbreeds_
2026-02-19 15:02	plumfield.box671plum.coupons	ClearFake	ClearFake	threatcat_ch
2026-02-19 15:01	103.109.234.117:4782	Quasar RAT	quasar	dyingbreeds_
2026-02-19 15:01	vnwns-188-163-102-33.a.free.pinggy.link	Quasar RAT	quasar	dyingbreeds_
2026-02-19 15:01	www.lighter500.com	Remcos	remcos	dyingbreeds_
2026-02-19 15:00	89.125.50.65:7443	Unknown malware	AS212477 c2 censys Mythic ROYALE-AS	dyingbreeds_
2026-02-19 15:00	149.28.151.106:443	Sliver	AS20473 c2 censys	dyingbreeds_
2026-02-19 15:00	abnewszamanpaper72.sa.com	AsyncRAT	asyncrat	dyingbreeds_
2026-02-19 15:00	p-93kketo.ru.com	AsyncRAT	asyncrat	dyingbreeds_
2026-02-19 14:57	boxflow.fig08box.coupons	ClearFake	ClearFake	threatcat_ch
2026-02-19 14:45	megafilehub2.baby	Unknown Stealer	c2 domain MacSync stealer	DonPasci
2026-02-19 14:45	megafilehub3.baby	Unknown Stealer	c2 domain MacSync stealer	DonPasci
2026-02-19 14:45	megafilehub4.baby	Unknown Stealer	c2 domain MacSync stealer	DonPasci
2026-02-19 14:41	freshfig.fig08box.coupons	ClearFake	ClearFake	threatcat_ch
2026-02-19 14:39	5.230.159.62:7000	XWorm	AS12586 ASGHOSTNET c2 XWorm	DonPasci
2026-02-19 14:39	20.234.151.26:6000	XWorm	AS8075 c2 MICROSOFT-CORP-MSN-AS-BLOCK XWorm	DonPasci
2026-02-19 14:39	45.61.149.192:6000	XWorm	AS14956 c2 ROUTERHOSTING XWorm	DonPasci
2026-02-19 14:39	45.137.98.189:6666	XWorm	AS49581 c2 FERDINANDZINK XWorm	DonPasci
2026-02-19 14:39	45.141.26.201:6000	XWorm	AS142299 c2 CLOUDFORESTCOLTD-AS-AP XWorm	DonPasci
2026-02-19 14:39	82.26.104.128:6000	XWorm	AS63989 c2 DE-CORP XWorm	DonPasci
2026-02-19 14:39	91.208.197.30:1605	XWorm	ALEXHOST AS200019 c2 XWorm	DonPasci
2026-02-19 14:36	kys.li	Unknown Stealer	c2 domain phexia stealer	DonPasci
2026-02-19 14:35	virtualspeechtherapists.com	Unknown Stealer	c2 domain MacSync stealer	DonPasci
2026-02-19 14:35	megafilehub1.baby	Unknown Stealer	c2 domain MacSync stealer	DonPasci
2026-02-19 14:31	103.163.219.252:7000	XWorm	AS140787 c2 LAMA-AS-VN XWorm	DonPasci
2026-02-19 14:31	141.11.213.91:8282	XWorm	AS212477 c2 ROYALE-AS XWorm	DonPasci
2026-02-19 14:31	147.45.45.110:7777	XWorm	AS215826 c2 PARTNER-HOSTING-LTD XWorm	DonPasci
2026-02-19 14:31	193.233.113.137:7000	XWorm	AS215826 c2 PARTNER-HOSTING-LTD XWorm	DonPasci
2026-02-19 14:30	134.122.152.135:7000	XWorm	AS152194 c2 CTGSERVERLIMITED-AS-AP XWorm	DonPasci
2026-02-19 14:30	134.122.154.171:7000	XWorm	AS152194 c2 CTGSERVERLIMITED-AS-AP XWorm	DonPasci
2026-02-19 14:30	202.95.17.184:7000	XWorm	AS152194 c2 CTGSERVERLIMITED-AS-AP XWorm	DonPasci
2026-02-19 14:30	202.95.18.16:7000	XWorm	AS152194 c2 CTGSERVERLIMITED-AS-AP XWorm	DonPasci
2026-02-19 14:30	134.122.140.89:7000	XWorm	AS152194 c2 CTGSERVERLIMITED-AS-AP XWorm	DonPasci
2026-02-19 14:20	smallbox.fig08box.coupons	ClearFake	ClearFake	threatcat_ch
2026-02-19 14:16	figbranch.fig08box.coupons	ClearFake	ClearFake	threatcat_ch
2026-02-19 14:08	coalpoint.darkfire.coupons	ClearFake	ClearFake	threatcat_ch
2026-02-19 13:57	smoketrace.darkfire.coupons	ClearFake	ClearFake	threatcat_ch
2026-02-19 13:54	hotelement.darkfire.coupons	ClearFake	ClearFake	threatcat_ch
2026-02-19 13:19	sys-kernel-update.to	XOR DDoS	xorddos	abuse_ch
2026-02-19 13:19	telemetry-pipe.sh	XOR DDoS	xorddos	abuse_ch
2026-02-19 13:18	blackfire.darkfire.coupons	ClearFake	ClearFake	threatcat_ch
2026-02-19 13:17	velvet-parrot.com	SantaStealer	c2 SantaStealer	burger
2026-02-19 13:17	api-metadata-v6.is	XOR DDoS	ANTIVM botnet discovery Downloader execution linux persistence xorddos	Neiki
2026-02-19 13:16	213.152.161.162:5103	XWorm	AMSI-BYPASS AUTO-REG persistence RAT trojan XWorm	Neiki
2026-02-19 13:16	https://trofeyincs.top/login/middleware-json.php	SmartApeSG	SmartApeSG	monitorsg
2026-02-19 13:16	trofeyincs.top	SmartApeSG	SmartApeSG	monitorsg
2026-02-19 13:16	https://trofeyincs.top/login/auth-response.js	SmartApeSG	SmartApeSG	monitorsg
2026-02-19 13:16	https://trombolistic.com/111-file-r	SmartApeSG	SmartApeSG	monitorsg
2026-02-19 13:16	https://79.141.163.163/320-zip	SmartApeSG	SmartApeSG	monitorsg
2026-02-19 13:10	farmfresh.pear7pack.coupons	ClearFake	ClearFake	threatcat_ch
2026-02-19 13:05	goldpack.pear7pack.coupons	ClearFake	ClearFake	threatcat_ch
2026-02-19 12:50	pizzashop.kozow.com	AsyncRAT	asyncrat	abuse_ch
2026-02-19 12:50	brotherspizza.kozow.com	AsyncRAT	asyncrat	abuse_ch
2026-02-19 12:47	sweetfruit.pear7pack.coupons	ClearFake	ClearFake	threatcat_ch
2026-02-19 12:23	pearline.pear7pack.coupons	ClearFake	ClearFake	threatcat_ch
2026-02-19 12:11	stormtrack.westwind.coupons	ClearFake	ClearFake	threatcat_ch
2026-02-19 12:02	168.245.203.52:3790	Meterpreter	AS58580 c2 censys FASTRACK hacktool MetaSploit Meterpreter	DonPasci
2026-02-19 12:02	168.245.203.54:3790	Meterpreter	AS58580 c2 censys FASTRACK hacktool MetaSploit Meterpreter	DonPasci
2026-02-19 12:02	65.87.7.237:8888	AdaptixC2	AdaptixC2 AS215659 c2 censys MOEMOEKYUN	DonPasci
2026-02-19 12:02	80.71.235.24:8888	AdaptixC2	AdaptixC2 AS211673 c2 censys MYNYMBOX	DonPasci
2026-02-19 12:02	94.237.58.158:8000	MimiKatz	AS202053 c2 censys hacktool Mimikatz open-dir UPCLOUD	DonPasci
2026-02-19 12:01	178.16.53.96:888	Remcos	AS202412 c2 censys OMEGATECH-AS RAT remcos	DonPasci
2026-02-19 11:54	172.94.100.227:29811	Remcos	discovery LAST RAT remcos	Neiki
2026-02-19 11:54	apiv4.frostapi.com	Unknown Stealer	c2 FrostStealer	burger
2026-02-19 11:39	openfield.westwind.coupons	ClearFake	ClearFake	threatcat_ch
2026-02-19 11:16	strongblow.westwind.coupons	ClearFake	ClearFake	threatcat_ch
2026-02-19 11:07	westcoast.westwind.coupons	ClearFake	ClearFake	threatcat_ch
2026-02-19 11:03	bra.gadgetwalabd.com	Vidar	Vidar	crep1x
2026-02-19 11:03	bra.alpinematters.com	Vidar	Vidar	crep1x
2026-02-19 11:03	https://bra.alpinematters.com/	Vidar	Vidar	crep1x
2026-02-19 11:03	https://bra.gadgetwalabd.com/	Vidar	Vidar	crep1x
2026-02-19 11:02	dawdawf-45472.portmap.host	XWorm	XWorm	dyingbreeds_
2026-02-19 11:00	223.109.90.98:10001	Xtreme RAT	AS56046 c2 censys RAT	dyingbreeds_
2026-02-19 11:00	183.2.143.61:43350	Xtreme RAT	AS4134 c2 censys RAT	dyingbreeds_
2026-02-19 11:00	183.2.143.61:10001	Xtreme RAT	AS4134 c2 censys RAT	dyingbreeds_
2026-02-19 11:00	62.102.148.154:3066	Remcos	remcos	dyingbreeds_
2026-02-19 11:00	daroughgan1.com	Remcos	remcos	dyingbreeds_
2026-02-19 11:00	daroughgan8hajous30.duckdns.org	Remcos	remcos	dyingbreeds_
2026-02-19 11:00	daroughgan8hajous40.duckdns.org	Remcos	remcos	dyingbreeds_
2026-02-19 11:00	daroughgan8hajous50.duckdns.org	Remcos	remcos	dyingbreeds_
2026-02-19 11:00	83.228.224.244:7443	Unknown malware	AS29222 c2 censys INFOMANIAK-AS Mythic	dyingbreeds_
2026-02-19 11:00	158.94.210.95:6606	AsyncRAT	AS202412 c2 censys OMEGATECH-AS RAT	dyingbreeds_
2026-02-19 11:00	789f.br.com	AsyncRAT	asyncrat	dyingbreeds_
2026-02-19 11:00	bertran.ru.com	AsyncRAT	asyncrat	dyingbreeds_
2026-02-19 11:00	frunglewump.gb.net	AsyncRAT	asyncrat	dyingbreeds_
2026-02-19 11:00	hcolaba.ru.com	AsyncRAT	asyncrat	dyingbreeds_
2026-02-19 11:00	wwn.uk.com	AsyncRAT	asyncrat	dyingbreeds_
2026-02-19 11:00	hg0088.co.com	AsyncRAT	asyncrat	dyingbreeds_
2026-02-19 11:00	wsc.in.net	AsyncRAT	asyncrat	dyingbreeds_
2026-02-19 11:00	colaba.ru.com	AsyncRAT	asyncrat	dyingbreeds_
2026-02-19 10:56	skyline.ship46kiwi.coupons	ClearFake	ClearFake	threatcat_ch
2026-02-19 10:45	fastkiwi.ship46kiwi.coupons	ClearFake	ClearFake	threatcat_ch
2026-02-19 10:22	greenbird.ship46kiwi.coupons	ClearFake	ClearFake	threatcat_ch
2026-02-19 10:15	kiwitalk.ship46kiwi.coupons	ClearFake	ClearFake	threatcat_ch
2026-02-19 10:09	138.199.59.6:60736	Remcos	2026 collection defense_evasion discovery execution RAT remcos SUSP-POWERSHELL	Neiki
2026-02-19 10:09	fastpack.ship48mint.coupons	ClearFake	19February2026 ClearFake Commandline Windows	Gi7w0rm