ThreatFox IOC Database

You are browsing the Indicator Of Compromise (IOC) database of ThreatFox. If you would like to contribute IOCs to the corpuse, you can do so through either the web form or the API.


216

IOCs shared (past 24 hours)

ClearFake

Most seen malware family (past 24 hours)

1'692'429

IOCs in corpus


Using the form below, you can search for malware samples by a hash (MD5, SHA256, SHA1), imphash, tlsh hash, ClamAV signature, tag or malware family.

Browse Database

Search syntax is as follow: keyword:search_term

Following is a list of accepted keywords along with an example search_term

  • ioc:ms-debug-services.com ( run)
  • malware:CobaltStrike ( run)
  • tag:TA505 ( run)
  • threat_type:cc_skimming ( run)
  • uuid:87f310f3-540b-11eb-922c-42010aa4000a ( run)

Date (UTC)IOCMalwareTagsReporter
2026-01-19 23:00143.47.190.197:443 OctopusAS31898 c2 censys ORACLE-BMC-31898 dyingbreeds_
2025-11-30 11:2052.194.231.205:443 OctopusAMAZON-02 AS16509 c2 censys dyingbreeds_
2025-11-29 13:4452.194.231.205:80 OctopusAMAZON-02 AS16509 c2 censys dyingbreeds_
2025-11-07 11:0152.195.10.170:80 OctopusAMAZON-02 AS16509 c2 censys dyingbreeds_
2025-07-03 04:01195.20.17.189:8080 OctopusAS62005 BV-EU-AS c2 censys dyingbreeds_
2025-05-28 05:3134.70.101.232:80 OctopusAS396982 c2 censys GOOGLE-CLOUD-PLATFORM dyingbreeds_
2025-02-11 06:24121.40.17.177:8081 OctopusAS37963 c2 censys dyingbreeds_
2025-02-05 06:4374.226.247.135:80 OctopusAS8075 c2 censys MICROSOFT-CORP-MSN-AS-BLOCK dyingbreeds_
2024-12-18 06:3289.168.124.112:443 OctopusAS31898 c2 censys ORACLE-BMC-31898 dyingbreeds_
2024-12-06 08:5413.231.202.34:80 OctopusAMAZON-02 AS16509 c2 censys dyingbreeds_
2024-02-06 14:46174.138.56.147:8080 OctopusAS14061 c2 censys DIGITALOCEAN-ASN thehappydinoa
2024-01-10 14:04164.92.250.55:443 Octopusc2 censys DIGITALOCEAN-ASN thehappydinoa
2024-01-04 04:1165.108.17.222:8080 Octopusc2 censys HETZNER-AS thehappydinoa
2023-12-20 20:57130.61.242.29:443 Octopusc2 censys ORACLE-BMC-31898 thehappydinoa
2023-12-11 13:4234.173.57.207:80 Octopusc2 censys GOOGLE-CLOUD-PLATFORM thehappydinoa
2023-12-04 22:31167.99.117.245:8080 Octopusc2 censys DIGITALOCEAN-ASN thehappydinoa
2023-12-04 22:31162.248.161.252:443 Octopusc2 censys DATACITY thehappydinoa
2023-12-04 22:31162.248.161.252:80 Octopusc2 censys DATACITY thehappydinoa
2023-12-04 22:31149.81.87.18:8080 Octopusc2 censys SOFTLAYER thehappydinoa
2023-12-04 22:31149.81.74.207:8080 Octopusc2 censys SOFTLAYER thehappydinoa
2023-12-04 22:31149.81.74.205:8080 Octopusc2 censys SOFTLAYER thehappydinoa
2023-12-04 22:31149.81.74.204:8080 Octopusc2 censys SOFTLAYER thehappydinoa
2023-12-04 22:31149.81.74.206:8080 Octopusc2 censys SOFTLAYER thehappydinoa