ThreatFox IOC Database

You are browsing the Indicator Of Compromise (IOC) database of ThreatFox. If you would like to contribute IOCs to the corpuse, you can do so through either the web form or the API.


513

IOCs shared (past 24 hours)

ClearFake

Most seen malware family (past 24 hours)

1'689'026

IOCs in corpus


Using the form below, you can search for malware samples by a hash (MD5, SHA256, SHA1), imphash, tlsh hash, ClamAV signature, tag or malware family.

Browse Database

Search syntax is as follow: keyword:search_term

Following is a list of accepted keywords along with an example search_term

  • ioc:ms-debug-services.com ( run)
  • malware:CobaltStrike ( run)
  • tag:TA505 ( run)
  • threat_type:cc_skimming ( run)
  • uuid:87f310f3-540b-11eb-922c-42010aa4000a ( run)

Date (UTC)IOCMalwareTagsReporter
2026-05-29 19:43162.248.225.165:8603 RansomHubdrb-ra RansomHub abuse_ch
2026-05-29 19:43162.248.225.165:443 RansomHubdrb-ra RansomHub abuse_ch
2026-05-29 19:43162.248.224.236:7492 RansomHubdrb-ra RansomHub abuse_ch
2026-05-29 19:43162.248.224.236:443 RansomHubdrb-ra RansomHub abuse_ch
2026-05-28 09:44193.5.65.169:443 RansomHubdrb-ra RansomHub abuse_ch
2026-05-28 09:44193.5.65.169:4348 RansomHubdrb-ra RansomHub abuse_ch
2026-05-25 19:4545.56.162.61:6031 RansomHubdrb-ra RansomHub abuse_ch
2026-05-25 19:4545.56.162.61:443 RansomHubdrb-ra RansomHub abuse_ch
2026-05-10 19:43195.123.240.236:443 RansomHubdrb-ra RansomHub abuse_ch
2026-05-10 19:43195.123.240.236:8274 RansomHubdrb-ra RansomHub abuse_ch
2026-05-04 10:4345.66.248.82:53802 RansomHubdrb-ra RansomHub abuse_ch
2026-05-04 10:4345.66.248.82:443 RansomHubdrb-ra RansomHub abuse_ch
2026-05-01 18:43195.88.191.41:7666 RansomHubdrb-ra RansomHub abuse_ch
2026-05-01 18:43195.88.191.41:443 RansomHubdrb-ra RansomHub abuse_ch
2026-02-25 09:05185.72.8.121:443 RansomHubdrb-ra RansomHub abuse_ch
2026-02-25 09:05185.72.8.121:1032 RansomHubdrb-ra RansomHub abuse_ch
2026-02-20 08:47185.180.198.3:443 RansomHubdrb-ra RansomHub abuse_ch
2026-02-20 08:47185.180.198.3:2025 RansomHubdrb-ra RansomHub abuse_ch
2026-01-30 08:5945.66.248.150:4201 RansomHubdrb-ra RansomHub abuse_ch
2026-01-30 02:5545.82.85.50:13063 RansomHubdrb-ra RansomHub abuse_ch
2026-01-30 02:5438.135.54.24:443 RansomHubdrb-ra RansomHub abuse_ch
2026-01-30 02:5438.135.54.24:1976 RansomHubdrb-ra RansomHub abuse_ch
2026-01-30 02:43104.238.60.108:54372 RansomHubdrb-ra RansomHub abuse_ch
2026-01-30 02:43104.238.60.108:443 RansomHubdrb-ra RansomHub abuse_ch
2025-10-22 18:45185.72.8.137:7882 RansomHubdrb-ra RansomHub abuse_ch
2025-10-22 18:45185.72.8.137:443 RansomHubdrb-ra RansomHub abuse_ch
2025-08-04 20:45185.233.166.124:9702 RansomHubdrb-ra RansomHub abuse_ch
2025-08-04 20:45185.233.166.124:443 RansomHubdrb-ra RansomHub abuse_ch
2025-07-22 20:44158.255.213.22:443 RansomHubdrb-ra RansomHub abuse_ch
2025-07-22 20:44158.255.213.22:63421 RansomHubdrb-ra RansomHub abuse_ch
2025-07-17 08:45185.72.8.65:9531 RansomHubdrb-ra RansomHub abuse_ch
2025-07-17 08:45185.72.8.65:443 RansomHubdrb-ra RansomHub abuse_ch
2025-06-08 20:45162.248.224.223:7882 RansomHubdrb-ra RansomHub abuse_ch
2025-06-08 20:45162.248.224.223:443 RansomHubdrb-ra RansomHub abuse_ch
2025-02-01 08:44173.44.141.226:443 RansomHubdrb-ra RansomHub abuse_ch
2025-01-31 13:44162.252.173.12:443 RansomHubdrb-ra RansomHub abuse_ch
2025-01-31 12:01162.252.173.12:8000 RansomHubAS9009 backdoor c2 censys M247 RansomHub DonPasci
2025-01-31 08:45193.203.49.90:443 RansomHubdrb-ra RansomHub abuse_ch
2025-01-30 08:4738.146.28.93:443 RansomHubdrb-ra RansomHub abuse_ch
2025-01-30 08:45185.33.86.15:443 RansomHubdrb-ra RansomHub abuse_ch
2025-01-30 08:0138.146.28.93:8000 RansomHubAS174 backdoor c2 censys COGENT-174 RansomHub DonPasci
2025-01-30 08:01193.203.49.90:8000 RansomHubAS204957 backdoor c2 censys GREENFLOID-AS RansomHub DonPasci
2025-01-30 04:01185.33.86.15:8000 RansomHubAS202015 backdoor c2 censys HZ-US-AS RansomHub DonPasci
2025-01-24 08:4538.180.195.187:443 RansomHubdrb-ra RansomHub abuse_ch
2025-01-24 08:0438.180.195.187:8000 RansomHubAS9009 backdoor c2 censys M247 RansomHub DonPasci
2025-01-23 08:44185.219.220.175:443 RansomHubdrb-ra RansomHub abuse_ch
2025-01-23 07:00185.219.220.175:8000 RansomHubAS39378 backdoor c2 censys RansomHub SERVINGA DonPasci
2025-01-23 07:00173.44.141.226:8000 RansomHubAS62904 backdoor c2 censys RansomHub DonPasci
2025-01-22 17:465.8.63.178:443 RansomHubdrb-ra RansomHub abuse_ch
2025-01-22 17:4645.82.85.50:8000 RansomHubdrb-ra RansomHub abuse_ch
2025-01-22 17:4645.82.85.50:443 RansomHubdrb-ra RansomHub abuse_ch
2025-01-17 09:1692.118.112.208:8000 RansomHubdrb-ra RansomHub abuse_ch
2025-01-17 09:1692.118.112.208:443 RansomHubdrb-ra RansomHub abuse_ch
2025-01-17 09:1692.118.112.143:8000 RansomHubdrb-ra RansomHub abuse_ch
2025-01-17 09:1692.118.112.143:443 RansomHubdrb-ra RansomHub abuse_ch
2025-01-17 09:1688.119.175.70:8000 RansomHubdrb-ra RansomHub abuse_ch
2025-01-17 09:1688.119.175.70:443 RansomHubdrb-ra RansomHub abuse_ch
2025-01-17 09:1688.119.175.65:443 RansomHubdrb-ra RansomHub abuse_ch
2025-01-17 09:1688.119.175.65:8000 RansomHubdrb-ra RansomHub abuse_ch
2025-01-17 09:155.8.63.178:1999 RansomHubdrb-ra RansomHub abuse_ch
2025-01-17 09:1545.66.248.150:443 RansomHubdrb-ra RansomHub abuse_ch
2025-01-17 09:1545.66.248.150:1999 RansomHubdrb-ra RansomHub abuse_ch
2025-01-17 09:1538.180.81.153:8000 RansomHubdrb-ra RansomHub abuse_ch
2025-01-17 09:1538.180.81.153:443 RansomHubdrb-ra RansomHub abuse_ch
2025-01-17 09:1537.1.212.18:8000 RansomHubdrb-ra RansomHub abuse_ch
2025-01-17 09:1537.1.212.18:443 RansomHubdrb-ra RansomHub abuse_ch
2025-01-17 09:1523.227.193.172:1999 RansomHubdrb-ra RansomHub abuse_ch
2025-01-17 09:1523.227.193.172:443 RansomHubdrb-ra RansomHub abuse_ch
2025-01-17 09:13185.174.101.69:8000 RansomHubdrb-ra RansomHub abuse_ch
2025-01-17 09:13185.174.101.69:443 RansomHubdrb-ra RansomHub abuse_ch
2025-01-17 09:13185.174.101.240:8000 RansomHubdrb-ra RansomHub abuse_ch
2025-01-17 09:13185.174.101.240:443 RansomHubdrb-ra RansomHub abuse_ch
2025-01-17 09:12108.181.182.143:8000 RansomHubdrb-ra RansomHub abuse_ch
2025-01-17 09:12108.181.182.143:443 RansomHubdrb-ra RansomHub abuse_ch
2025-01-17 09:12108.181.115.171:8000 RansomHubdrb-ra RansomHub abuse_ch
2025-01-17 09:12108.181.115.171:443 RansomHubdrb-ra RansomHub abuse_ch
2025-01-17 09:12104.238.61.144:8000 RansomHubdrb-ra RansomHub abuse_ch
2025-01-17 09:12104.238.61.144:443 RansomHubdrb-ra RansomHub abuse_ch
2024-09-21 12:08http://82.147.85.52/Loader.exe RansomHub johannes