ThreatFox IOC Database

You are browsing the Indicator Of Compromise (IOC) database of ThreatFox. If you would like to contribute IOCs to the corpuse, you can do so through either the web form or the API.


513

IOCs shared (past 24 hours)

ClearFake

Most seen malware family (past 24 hours)

1'689'026

IOCs in corpus


Using the form below, you can search for malware samples by a hash (MD5, SHA256, SHA1), imphash, tlsh hash, ClamAV signature, tag or malware family.

Browse Database

Search syntax is as follow: keyword:search_term

Following is a list of accepted keywords along with an example search_term

  • ioc:ms-debug-services.com ( run)
  • malware:CobaltStrike ( run)
  • tag:TA505 ( run)
  • threat_type:cc_skimming ( run)
  • uuid:87f310f3-540b-11eb-922c-42010aa4000a ( run)

Date (UTC)IOCMalwareTagsReporter
2025-08-08 09:3894.98.188.251:3460 Poison Ivyc2 poison_ivy shodan juroots
2025-07-31 09:2537.106.36.106:3460 Poison Ivyc2 poison_ivy shodan juroots
2025-07-23 13:39145.82.183.176:3460 Poison Ivyc2 poison_ivy shodan juroots
2025-07-15 11:0637.107.173.213:3460 Poison Ivyc2 poison_ivy shodan juroots
2025-07-14 14:1594.99.102.103:3460 Poison Ivyc2 poison_ivy shodan juroots
2025-07-01 06:1794.98.222.175:3460 Poison Ivyc2 poison_ivy shodan juroots
2025-06-09 08:4337.106.35.42:3460 Poison Ivyc2 poison_ivy shodan juroots
2025-06-04 07:4337.106.35.252:3460 Poison Ivyc2 poison_ivy shodan juroots
2025-06-01 07:2337.107.171.53:3460 Poison Ivyc2 poison_ivy shodan juroots
2025-05-07 09:5194.98.211.222:3460 Poison Ivyc2 poison_ivy shodan juroots
2025-04-29 07:0094.98.218.137:3460 Poison Ivyc2 poison_ivy shodan juroots
2025-02-25 14:3494.98.194.15:3460 Poison Ivyc2 poison_ivy shodan juroots
2025-01-15 07:0394.98.225.30:3460 Poison Ivyc2 poison_ivy shodan juroots
2025-01-03 12:0794.98.226.122:3460 Poison Ivyc2 poison_ivy shodan juroots
2024-08-03 16:2294.98.190.50:3460 Poison Ivyc2 poison_ivy malpulse
2024-08-03 16:2294.98.238.247:3460 Poison Ivyc2 poison_ivy malpulse
2024-08-03 16:2294.98.205.22:3460 Poison Ivyc2 poison_ivy malpulse
2024-08-03 16:2294.98.183.93:3460 Poison Ivyc2 poison_ivy malpulse
2024-05-13 18:2894.96.101.221:3460 Poison Ivyc2 poison_ivy malpulse
2024-04-28 18:2094.49.189.224:3460 Poison Ivyc2 poison_ivy malpulse
2024-04-22 13:3494.98.233.242:3460 Poison Ivyc2 poison_ivy malpulse
2024-04-22 13:3494.98.235.90:3460 Poison Ivyc2 poison_ivy malpulse
2024-04-10 18:3494.98.197.28:3460 Poison Ivyc2 poison_ivy malpulse
2024-04-07 13:0494.98.185.133:3460 Poison Ivyc2 poison_ivy malpulse
2024-04-02 23:2594.98.181.154:3460 Poison Ivyc2 poison_ivy malpulse
2024-04-02 23:2594.98.186.180:3460 Poison Ivyc2 poison_ivy malpulse
2024-03-03 13:4194.98.194.203:3460 Poison Ivyc2 poison_ivy malpulse
2024-03-03 13:4194.96.157.6:3460 Poison Ivyc2 poison_ivy malpulse
2024-03-03 13:4194.49.180.101:3460 Poison Ivyc2 poison_ivy malpulse
2024-01-29 23:0694.49.176.147:3460 Poison Ivy malpulse
2024-01-27 08:0694.98.179.7:3460 Poison Ivy malpulse
2024-01-18 05:0594.96.102.52:3460 Poison Ivy malpulse
2024-01-16 08:05118.221.65.69:3460 Poison Ivy malpulse
2024-01-01 02:0594.98.244.216:3460 Poison Ivy malpulse
2023-12-27 22:0694.49.168.110:3460 Poison Ivy malpulse
2023-12-22 00:0694.49.185.150:3460 Poison Ivy malpulse
2023-12-10 18:0594.96.132.230:3460 Poison Ivy malpulse
2023-12-08 17:0594.49.178.155:3460 Poison Ivy malpulse
2023-11-25 10:055.153.123.11:3460 Poison Ivy malpulse
2023-11-23 18:0594.98.183.32:3460 Poison Ivy malpulse
2023-11-19 01:0694.98.229.240:3460 Poison Ivy malpulse
2023-11-10 14:0694.49.183.29:3460 Poison Ivy malpulse
2022-10-03 13:10c616002f3cce0fd52d6ead8621a9f1f1 Poison Ivy Virus_Deck