ThreatFox IOC Database

You are browsing the Indicator Of Compromise (IOC) database of ThreatFox. If you would like to contribute IOCs to the corpuse, you can do so through either the web form or the API.


326

IOCs shared (past 24 hours)

ClearFake

Most seen malware family (past 24 hours)

1'693'370

IOCs in corpus


Using the form below, you can search for malware samples by a hash (MD5, SHA256, SHA1), imphash, tlsh hash, ClamAV signature, tag or malware family.

Browse Database

Search syntax is as follow: keyword:search_term

Following is a list of accepted keywords along with an example search_term

  • ioc:ms-debug-services.com ( run)
  • malware:CobaltStrike ( run)
  • tag:TA505 ( run)
  • threat_type:cc_skimming ( run)
  • uuid:87f310f3-540b-11eb-922c-42010aa4000a ( run)

Date (UTC)IOCMalwareTagsReporter
2026-02-09 17:14http://191.252.214.115/matrix/inspecionando.php MetamorfoMetamorfo abuse_ch
2026-02-09 17:14http://191.252.214.115/ouro/inspecionando.php MetamorfoMetamorfo abuse_ch
2025-12-03 07:14midiavideostv.click Metamorfo Gi7w0rm
2025-12-03 07:14cargafactura.life Metamorfo Gi7w0rm
2025-12-03 07:14url27.shop Metamorfo Gi7w0rm
2025-12-03 07:14adbd.tech Metamorfo Gi7w0rm
2025-12-03 07:14facturas.co.in Metamorfo Gi7w0rm
2025-12-03 07:14archivosdwn.cloud Metamorfo Gi7w0rm
2025-12-03 07:14cfdimex.cloud Metamorfo Gi7w0rm
2025-12-03 07:14facturacioncontable.com Metamorfo Gi7w0rm
2025-12-03 07:14facturasm.cloud Metamorfo Gi7w0rm
2025-12-03 07:14facturasmex.cloud Metamorfo Gi7w0rm
2025-12-03 07:14satventasfac.tech Metamorfo Gi7w0rm
2025-12-03 07:14starlinkspacex.com.br Metamorfo Gi7w0rm
2025-12-03 07:14ventasmex123.com.mx Metamorfo Gi7w0rm
2025-12-03 07:14salvec.tech Metamorfo Gi7w0rm
2025-12-03 07:14archivesautomacion.ddns.net Metamorfo Gi7w0rm
2025-11-16 16:01149.28.108.157:56789 MetamorfoAS-VULTR AS20473 c2 Casbaneiro Metamorfo DonPasci
2025-02-22 07:23http://185.101.93.72/14840646743032CDBOX/14840646743032CDBOX.php Metamorfo abuse_ch
2024-09-06 11:393.145.213.63:80 MetamorfoCasbaneiro Metamorfo abuse_ch
2024-09-06 11:39http://3.145.213.63/contador/serv.php MetamorfoCasbaneiro Metamorfo abuse_ch
2024-06-24 17:1410b2c1b4e596f3696fc3c90b7673eb3c Metamorfo Grim
2024-06-24 17:140bf0eb3822fb47e07d7beabb6f5f8e8d5c76b94ca70bfe379fe0a8b092c8517f Metamorfo Grim
2024-06-24 17:144aed7d18ba7ffb65cf00cdc7e5358040315b5a37 Metamorfo Grim
2023-08-28 09:59fnfactura.cfd MetamorfoMetamorfo abuse_ch
2022-10-20 17:2887254ddf2faa8abecee4c4b8985771a6a858632532868ac5032c0e8fffdea51a Metamorfo Virus_Deck
2022-02-09 14:51loa3.go.dyndns.org MetamorfoBRA geo Metamorfo abuse_ch
2022-02-09 14:49compras2022.homelinux.com MetamorfoBRA geo Metamorfo abuse_ch
2022-02-09 14:49voldaniela.duckdns.org MetamorfoBRA geo Metamorfo abuse_ch
2022-02-09 14:48loa2.kicks-ass.net MetamorfoBRA geo Metamorfo abuse_ch
2022-02-09 14:41http://13.58.89.178/contador/serv.php MetamorfoBRA geo Metamorfo abuse_ch
2022-02-09 09:0918.222.122.216:80 MetamorfoBRA geo Metamorfo abuse_ch
2022-02-09 09:08http://18.222.122.216/Contador/serv.php MetamorfoBRA geo Metamorfo abuse_ch
2022-02-09 09:08http://18.222.122.216/NvCont/serv.php MetamorfoBRA geo Metamorfo abuse_ch
2021-11-19 06:04mod.solidez.top MetamorfoMetamorfo abuse_ch
2021-11-19 06:04solidez.top MetamorfoMetamorfo abuse_ch
2021-10-25 15:4120.206.126.228:55516 Metamorfobanload Culebra mekotio Metamorfo msi AndreGironda
2021-10-14 17:55infodatt.com MetamorfoMetamorfo abuse_ch
2021-10-13 16:43http://bcorvo.com/cookieDatabase/ MetamorfoMetamorfo abuse_ch
2021-10-13 16:42bcorvo.com MetamorfoMetamorfo abuse_ch
2021-10-05 16:14chacaranggtanovoaurhj.com MetamorfoMetamorfo abuse_ch