Maltrail IOC for 2026-02-24
This report references a Maltrail Indicator of Compromise (IOC) dated 2026-02-24, categorized as malware-related network activity. The information is sourced from the CIRCL OSINT feed and is tagged with medium risk. No specific affected versions, exploits in the wild, or patch information are provided. The IOC appears to be an observation from external OSINT analysis without detailed technical indicators or attack vectors. Given the lack of detailed technical data and absence of known exploits, the threat is assessed as medium severity. Organizations should remain vigilant for suspicious network activity and incorporate this IOC into their threat intelligence monitoring. No direct mitigation patches are available, so defensive measures should focus on network monitoring and anomaly detection. Countries with significant use of network monitoring tools and exposure to malware threats should prioritize awareness. Overall, this is a medium-risk malware-related network threat with limited technical details and no immediate exploit evidence.
AI Analysis
Technical Summary
The provided information describes a Maltrail IOC (Indicator of Compromise) dated February 24, 2026, sourced from the CIRCL OSINT feed. Maltrail is a network traffic detection system that identifies suspicious or malicious network activity by analyzing traffic patterns and known threat indicators. This IOC is categorized under malware and network activity, indicating that it relates to observed malicious network behavior potentially linked to malware infections or communications. The data lacks specific affected software versions, detailed technical indicators such as IP addresses, domain names, or file hashes, and does not report any known exploits in the wild. The absence of patch information suggests that this IOC is observational rather than linked to a specific vulnerability with a remediation path. The tags indicate that this is an unsupervised automated OSINT observation with a medium threat level. The technical details include a UUID and a timestamp but no further actionable intelligence. This suggests the IOC is part of ongoing threat intelligence collection rather than a newly discovered exploit or vulnerability. Organizations receiving this IOC should consider it as a signal to enhance network monitoring and correlate with internal logs to detect potential malware-related network anomalies. Since no direct exploit or vulnerability is identified, the threat is primarily informational but still relevant for proactive defense.
Potential Impact
The potential impact of this threat is medium, primarily affecting the confidentiality and integrity of organizational networks if the malware-related network activity is indicative of ongoing or attempted infections. Without specific exploit details or known active campaigns, the immediate risk of widespread compromise is limited. However, malware-related network activity can lead to data exfiltration, lateral movement within networks, or disruption of services if left undetected. Organizations worldwide that rely on network monitoring and threat intelligence feeds may benefit from incorporating this IOC to detect early signs of compromise. The lack of patch availability means that mitigation depends on detection and response capabilities rather than vulnerability remediation. If ignored, such network activity could enable attackers to maintain persistence or escalate privileges, impacting business operations and data security. The medium severity reflects the balance between the absence of active exploitation and the potential for malware-related harm if the IOC corresponds to real malicious activity.
Mitigation Recommendations
Given the absence of specific patches or exploit details, mitigation should focus on enhancing network detection and response capabilities. Organizations should: 1) Integrate the Maltrail IOC into existing network intrusion detection systems (NIDS) and security information and event management (SIEM) platforms to monitor for related indicators. 2) Conduct thorough network traffic analysis to identify anomalous or suspicious communications that may correlate with the IOC. 3) Employ behavioral analytics to detect unusual patterns that could indicate malware presence or command-and-control activity. 4) Ensure endpoint detection and response (EDR) tools are updated and configured to detect malware-related behaviors. 5) Maintain robust incident response procedures to investigate and contain any detected suspicious activity promptly. 6) Share relevant findings with trusted threat intelligence communities to enhance collective awareness. 7) Regularly update threat intelligence feeds to capture evolving indicators related to this IOC. These steps go beyond generic advice by emphasizing integration of this specific IOC into detection systems and proactive network behavior analysis.
Affected Countries
United States, Germany, France, United Kingdom, Canada, Australia, Netherlands, Japan, South Korea, Singapore
Indicators of Compromise
- url: https://api.github.com/repos/stamparm/maltrail/commits/e53c50beda89b027b090eed0a98c9445a08327ce
- ip: 151.241.154.119
- url: https://api.github.com/repos/stamparm/maltrail/commits/d4716f94d5df29aefb74947468dbd0c4bd0996fc
- domain: tered.pw
- url: https://api.github.com/repos/stamparm/maltrail/commits/1060b34b043498957ee8024d00fb38fa8d4a119f
- domain: rvtoolc.info
- url: https://api.github.com/repos/stamparm/maltrail/commits/8f99fa593c921ab847d4a87ed524e4cb4546d486
- domain: rvtooli.info
- url: https://api.github.com/repos/stamparm/maltrail/commits/5678302f8a5a9f8db722fd68c4378ea5b5fe497f
- domain: account.booklngg.com
- domain: booklngg.com
- domain: nightlywallet.app
- domain: 59xgjeq2.hexalink.digital
- domain: best.deals.my.id
- domain: brandnew.deals.my.id
- domain: buycheap.deals.my.id
- domain: cheapest.deals.my.id
- domain: deals.my.id
- domain: hexalink.digital
- url: https://api.github.com/repos/stamparm/maltrail/commits/daf13720da4344b799ac1bce73959a260ce00a8a
- domain: filecloudgrid.com
- domain: filecloudzip.com
- domain: filedrivenow.com
- domain: filesharegrid.com
- domain: media.megafilehost.cfd
- domain: megafilehost.baby
- domain: megafilehost.xyz
- url: https://api.github.com/repos/stamparm/maltrail/commits/ade51ff5ba6b3ab47046f82970e5cef3a0b4bda4
- url: https://www.virustotal.com/gui/file/5b2977786f032de4a260fe264d36e4a959927e07d558eff259679afc71e87350/detection
- domain: dc.aartzz.pp.ua
- url: https://api.github.com/repos/stamparm/maltrail/commits/c035cfbce3585cd0fdbbca5aa53e8f1a752de647
- domain: demo.ntl-rto.com
- domain: smscup.ir
- url: https://api.github.com/repos/stamparm/maltrail/commits/b282cf463fb1fb9eca272d304565e5df86876a12
- domain: shift4internal.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/d64a7b76f2a61b088b8e0a986367f1c19c1f2652
- domain: chromium-report-tech-331as-2s1-tcd-h143.chartexaapp-razv.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/3d5b8ecc53c8caa045e2d00448c6cdd4b9c8cbcc
- url: https://www.virustotal.com/gui/file/11d7d19fd9ad0d93b2f78d9d2fe802bd457cd6857a890e874a0a326a617567ac/detection
- ip: 65.21.104.235
- domain: forestoaker.com
- domain: pub-22a8dd26de0749d5b900b711deea554b.r2.dev
- url: https://api.github.com/repos/stamparm/maltrail/commits/24035499341e1bb46723e140fac0780173f5585c
- ip: 143.92.60.24
- url: https://api.github.com/repos/stamparm/maltrail/commits/beec27fc466826454389b9f1f468a1eec0a698aa
- domain: cdhhcehkchddeec.top
- domain: mhlgcebldddbidl.top
- url: https://api.github.com/repos/stamparm/maltrail/commits/c1f22ce7a75a4f216756da51df1cd3c39814adf5
- domain: spacesolutionmac.it.com
- domain: storg.pages.dev
- url: https://api.github.com/repos/stamparm/maltrail/commits/efa04e1f95850cc5a6db30e4ff44ccc642432038
- url: https://www.virustotal.com/gui/ip-address/151.245.121.51/relations
- domain: canvasn.top
- domain: convexm.top
- domain: credil.club
- domain: cygnusn.cyou
- domain: darkbq.club
- domain: genetiz.shop
- domain: iivouw.club
- domain: integri.top
- domain: kaboim.club
- domain: mensare.top
- domain: pageld.club
- domain: parabg.club
- domain: screwd.club
- domain: testdf.club
- domain: thinlpr.buzz
- domain: touchfh.shop
- domain: wipez.top
- url: https://api.github.com/repos/stamparm/maltrail/commits/0c50ef33b161dfbf964a1887b3828b58437af244
- url: https://x.com/smica83/status/2026055656638124417
- url: https://tria.ge/260223-1y111sds7a/behavioral1
- ip: 192.159.99.176
- url: https://api.github.com/repos/stamparm/maltrail/commits/5098133f78daf5c6a3c80eee4c98bcb0fd646e05
- url: https://x.com/smica83/status/2026056412049072213
- domain: heads-resistance-august-sweet.trycloudflare.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/5ec67cc9678a13c2f5cc6479bd191ef1d5e7182d
- url: https://x.com/smica83/status/2025979039614177769
- url: https://x.com/smica83/status/2026038524906975421
- domain: advise-visual-playstation-closer.trycloudflare.com
- domain: registry-memory-defines-obtaining.trycloudflare.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/eed2bf66bac09535f533a7f7c4fd5e11fd55a0f2
- domain: chk.nsetverification.mydns.bz
- domain: cvcmains.dns.army
- domain: ips-edocdeliver.mydns.bz
- domain: navlogin.sev.cvcmains.dns.army
- domain: nid-naverhpk.onthewifi.com
- domain: nid-naverjzc.servehalflife.com
- domain: nid-navermly.servegame.com
- domain: nid-naverohn.3utilities.com
- domain: nid-naverxqh.servecounterstrike.com
- domain: nkdocument-hometax.mydns.bz
- domain: nsetverification.mydns.bz
- domain: nuser-login.ips-edocdeliver.mydns.bz
- domain: sev.cvcmains.dns.army
- url: https://api.github.com/repos/stamparm/maltrail/commits/f0c057f37fef906bfeaf8c85eebc02bcc5133d2a
- url: https://www.virustotal.com/gui/file/b804437ff855bd3fd448d2bf76f47ada7dcee6288d8f0a53d41fd3b1361c4c0d/detection
- domain: vvork-space.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/dbf4930c405e099e546da792cde0bf9210bff734
- url: https://www.virustotal.com/gui/file/0e4780dd90a355c293a08c5607887b95ba4d7d5bffea1a8df92450dfc08934ea/detection
- domain: alphazero1-endscape.cc
- domain: alphazero10-endscape.cc
- domain: alphazero2-endscape.cc
- domain: alphazero3-endscape.cc
- domain: alphazero4-endscape.cc
- domain: alphazero5-endscape.cc
- domain: alphazero6-endscape.cc
- domain: alphazero7-endscape.cc
- domain: alphazero8-endscape.cc
- domain: alphazero9-endscape.cc
- url: https://api.github.com/repos/stamparm/maltrail/commits/5ea1173644e6bd59ebd6d5c49fcc62fef5af1b95
- url: https://x.com/tuckner/status/2026069982493229434
- url: https://annex.security/blog/promise-bomb
- domain: page-guard.com
- domain: pixel-defence.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/24f04eb96c56c6f97f1ed248dd1f8f82fc85040c
- url: https://x.com/malwrhunterteam/status/2026251417372049675
- url: https://www.virustotal.com/gui/file/73ae9fe72b3340b95e7187cd51de3b7476cfb84aa20b9903cfaff4f1c96a3e01/detection
- domain: streamcdn.click
- url: https://api.github.com/repos/stamparm/maltrail/commits/2d39fd81500e67b0a26081813c5bb8f46cffe31e
- url: https://www.virustotal.com/gui/ip-address/38.180.80.50/relations
- domain: javascripttestlibrary.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/b3fa70ad54a979c37f8c2de4bf0b6934d0000a24
- domain: chatliveapp.com
- domain: livechathub.org
- url: https://api.github.com/repos/stamparm/maltrail/commits/4df89b99efb34e1f6f58e84340e0f41c59442f61
- domain: liverespond.online
- domain: apicheck.chatliveplus.com
- domain: blog.chatliveplus.com
- domain: chat.eventchatsupport.com
- domain: calendar.livechatlite.com
- domain: mail.chatliveplus.com
- domain: online.eventchatsupport.com
- domain: portal.livechatlite.com
- domain: status.livechatlite.com
- domain: system.eventchatsupport.com
- domain: webdisk.chatliveplus.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/4c405151fc705dbf7e7854e5a799d635c80c97a7
- url: https://x.com/sdcyberresearch/status/2026266049755164860
- domain: chatliveplus.com
- domain: eventchatsupport.com
- domain: livechatlite.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/a26b69e1fc21b37577409db62e93347d90798bfc
- url: https://socket.dev/blog/malicious-chrome-extension-performs-hidden-affiliate-hijacking
- domain: 10xprofit.io
- domain: app.10xprofit.io
- url: https://api.github.com/repos/stamparm/maltrail/commits/66ea3343d6a60f23712520c7d0e9d5d6f72133a1
- url: https://www.cyberproof.com/blog/fake-captcha-attack-uncovered-clickfix-infostealer-campaign
- domain: pinmaha.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/99b248df35bcf6619a11b06548379b4a2a8e6e4a
- url: https://www.virustotal.com/gui/file/8099e85c4aa05f50ff299a130dc26a67b45aed519668e8b1ee1692e0034196c2/detection
- ip: 141.195.117.128
- domain: apuliae.com
- domain: jbactors.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/d1bdbe806e95a93b7d45361744f2184a3731722b
- url: https://x.com/D3LabIT/status/2026278544272232666
- domain: mandatechgroup.com
- domain: eventul.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/756bbf828079b7e8f5b4ba6ef70a5d8df3d92b8a
- url: https://x.com/fbgwls245/status/2026299482477088838
- domain: npmh5ahrgakbniuntyc7io4adm6ietbdbuejrfonowqtyqn24or556qd.onion
- url: https://api.github.com/repos/stamparm/maltrail/commits/1c88d89774aef47e80277d812ab21d7e807c97be
- url: https://x.com/JAMESWT_WT/status/2026300744635129887
- url: https://www.virustotal.com/gui/file/6f8e3ec4e11770eb4202b1ccae2423040c0703f7e7bbfd8330de0a7712f23498/detection
- url: https://www.virustotal.com/gui/file/79d7358fd1cdaecc1adf0c054c2394abef95df87ef5191f70778da24310c790e/detection
- ip: 198.23.175.46
- ip: 38.240.32.108
- domain: jerrymac2008.duckdns.org
- url: https://api.github.com/repos/stamparm/maltrail/commits/b65b06b38cbe5319c83952879cabb4e3cc8bf9d7
- ip: 212.11.64.250
- url: https://api.github.com/repos/stamparm/maltrail/commits/b9bae35324e39b3d63a6ade98778f91a933f9be0
- url: https://x.com/blackorbird/status/2025588291073171714
- url: https://cyberandramen.net/2026/02/21/llms-in-the-kill-chain-inside-a-custom-mcp-targeting-fortigate-devices-across-continents
- url: https://aws.amazon.com/ru/blogs/security/ai-augmented-threat-actor-accesses-fortigate-devices-at-scale
- ip: 103.164.81.110
- ip: 106.52.47.65
- ip: 115.120.233.95
- ip: 118.25.186.119
- ip: 142.171.160.137
- ip: 144.31.224.253
- ip: 146.190.195.154
- ip: 146.190.82.132
- ip: 154.219.114.92
- ip: 156.238.244.173
- ip: 185.196.11.225
- ip: 43.167.237.212
- ip: 47.101.186.156
- ip: 47.95.33.207
- ip: 60.204.227.64
- ip: 62.234.61.215
- domain: drb420.ru
- domain: cyberstrike.drb420.ru
- url: https://api.github.com/repos/stamparm/maltrail/commits/582133a4fc977b91d356ed4d121c6ec0be15ef6f
- url: https://x.com/fbgwls245/status/2025926038845526373
- domain: o3ydbkayttkyg4iw2nc732jxmmex25bjeyqyvuuyngnxmpehdefjr3qd.onion
- url: https://api.github.com/repos/stamparm/maltrail/commits/289ab7eb1c673037bccbe2943cf46f71dc420d61
- url: https://www.virustotal.com/gui/ip-address/20.2.2.169/community
- url: https://www.virustotal.com/gui/ip-address/103.164.203.173/relations
- ip: 20.2.2.169
- ip: 103.164.203.173
- url: https://api.github.com/repos/stamparm/maltrail/commits/677b82dc8b6e4a9a2fa9ecdca81ad5d43c8c9469
- url: https://www.virustotal.com/gui/ip-address/43.164.1.146/community
- ip: 43.164.1.146
- url: https://api.github.com/repos/stamparm/maltrail/commits/efabab581c22a454590bd4e67d5f44807ef786f7
- url: https://www.security.com/blog-post/lazarus-medusa-ransomware
- domain: amazonfiso.com
- domain: human-check.com
- domain: illycafe.my
- domain: illycoffee.my
- domain: markethubuk.com
- domain: sictradingc.com
- domain: trustpdfs.com
- domain: zypras.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/60c20e2c7b759acd5decf91a956b9b68753bf90c
- url: https://x.com/Fact_Finder03/status/2026298291328368975
- ip: 41.216.189.53
Maltrail IOC for 2026-02-24
Description
This report references a Maltrail Indicator of Compromise (IOC) dated 2026-02-24, categorized as malware-related network activity. The information is sourced from the CIRCL OSINT feed and is tagged with medium risk. No specific affected versions, exploits in the wild, or patch information are provided. The IOC appears to be an observation from external OSINT analysis without detailed technical indicators or attack vectors. Given the lack of detailed technical data and absence of known exploits, the threat is assessed as medium severity. Organizations should remain vigilant for suspicious network activity and incorporate this IOC into their threat intelligence monitoring. No direct mitigation patches are available, so defensive measures should focus on network monitoring and anomaly detection. Countries with significant use of network monitoring tools and exposure to malware threats should prioritize awareness. Overall, this is a medium-risk malware-related network threat with limited technical details and no immediate exploit evidence.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The provided information describes a Maltrail IOC (Indicator of Compromise) dated February 24, 2026, sourced from the CIRCL OSINT feed. Maltrail is a network traffic detection system that identifies suspicious or malicious network activity by analyzing traffic patterns and known threat indicators. This IOC is categorized under malware and network activity, indicating that it relates to observed malicious network behavior potentially linked to malware infections or communications. The data lacks specific affected software versions, detailed technical indicators such as IP addresses, domain names, or file hashes, and does not report any known exploits in the wild. The absence of patch information suggests that this IOC is observational rather than linked to a specific vulnerability with a remediation path. The tags indicate that this is an unsupervised automated OSINT observation with a medium threat level. The technical details include a UUID and a timestamp but no further actionable intelligence. This suggests the IOC is part of ongoing threat intelligence collection rather than a newly discovered exploit or vulnerability. Organizations receiving this IOC should consider it as a signal to enhance network monitoring and correlate with internal logs to detect potential malware-related network anomalies. Since no direct exploit or vulnerability is identified, the threat is primarily informational but still relevant for proactive defense.
Potential Impact
The potential impact of this threat is medium, primarily affecting the confidentiality and integrity of organizational networks if the malware-related network activity is indicative of ongoing or attempted infections. Without specific exploit details or known active campaigns, the immediate risk of widespread compromise is limited. However, malware-related network activity can lead to data exfiltration, lateral movement within networks, or disruption of services if left undetected. Organizations worldwide that rely on network monitoring and threat intelligence feeds may benefit from incorporating this IOC to detect early signs of compromise. The lack of patch availability means that mitigation depends on detection and response capabilities rather than vulnerability remediation. If ignored, such network activity could enable attackers to maintain persistence or escalate privileges, impacting business operations and data security. The medium severity reflects the balance between the absence of active exploitation and the potential for malware-related harm if the IOC corresponds to real malicious activity.
Mitigation Recommendations
Given the absence of specific patches or exploit details, mitigation should focus on enhancing network detection and response capabilities. Organizations should: 1) Integrate the Maltrail IOC into existing network intrusion detection systems (NIDS) and security information and event management (SIEM) platforms to monitor for related indicators. 2) Conduct thorough network traffic analysis to identify anomalous or suspicious communications that may correlate with the IOC. 3) Employ behavioral analytics to detect unusual patterns that could indicate malware presence or command-and-control activity. 4) Ensure endpoint detection and response (EDR) tools are updated and configured to detect malware-related behaviors. 5) Maintain robust incident response procedures to investigate and contain any detected suspicious activity promptly. 6) Share relevant findings with trusted threat intelligence communities to enhance collective awareness. 7) Regularly update threat intelligence feeds to capture evolving indicators related to this IOC. These steps go beyond generic advice by emphasizing integration of this specific IOC into detection systems and proactive network behavior analysis.
Technical Details
- Uuid
- b0a9ddc2-de1c-49cb-a8b5-2cd8803e7c35
- Original Timestamp
- 1771948808
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://api.github.com/repos/stamparm/maltrail/commits/e53c50beda89b027b090eed0a98c9445a08327ce | airbot | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/d4716f94d5df29aefb74947468dbd0c4bd0996fc | android_joker | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/1060b34b043498957ee8024d00fb38fa8d4a119f | apt_unc2465 | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/8f99fa593c921ab847d4a87ed524e4cb4546d486 | apt_unc2465 | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/5678302f8a5a9f8db722fd68c4378ea5b5fe497f | ek_clearfake | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/daf13720da4344b799ac1bce73959a260ce00a8a | — | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/ade51ff5ba6b3ab47046f82970e5cef3a0b4bda4 | dcrat | |
urlhttps://www.virustotal.com/gui/file/5b2977786f032de4a260fe264d36e4a959927e07d558eff259679afc71e87350/detection | dcrat | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/c035cfbce3585cd0fdbbca5aa53e8f1a752de647 | fakeapp | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/b282cf463fb1fb9eca272d304565e5df86876a12 | 0ktapus | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/d64a7b76f2a61b088b8e0a986367f1c19c1f2652 | fakeapp | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/3d5b8ecc53c8caa045e2d00448c6cdd4b9c8cbcc | powershell_injector | |
urlhttps://www.virustotal.com/gui/file/11d7d19fd9ad0d93b2f78d9d2fe802bd457cd6857a890e874a0a326a617567ac/detection | powershell_injector | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/24035499341e1bb46723e140fac0780173f5585c | supershell_c2 | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/beec27fc466826454389b9f1f468a1eec0a698aa | mintsloader | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/c1f22ce7a75a4f216756da51df1cd3c39814adf5 | osx_atomic | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/efa04e1f95850cc5a6db30e4ff44ccc642432038 | lummac2 | |
urlhttps://www.virustotal.com/gui/ip-address/151.245.121.51/relations | lummac2 | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/0c50ef33b161dfbf964a1887b3828b58437af244 | quasarrat | |
urlhttps://x.com/smica83/status/2026055656638124417 | quasarrat | |
urlhttps://tria.ge/260223-1y111sds7a/behavioral1 | quasarrat | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/5098133f78daf5c6a3c80eee4c98bcb0fd646e05 | generic | |
urlhttps://x.com/smica83/status/2026056412049072213 | generic | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/5ec67cc9678a13c2f5cc6479bd191ef1d5e7182d | generic | |
urlhttps://x.com/smica83/status/2025979039614177769 | generic | |
urlhttps://x.com/smica83/status/2026038524906975421 | generic | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/eed2bf66bac09535f533a7f7c4fd5e11fd55a0f2 | apt_kimsuky | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/f0c057f37fef906bfeaf8c85eebc02bcc5133d2a | vidar | |
urlhttps://www.virustotal.com/gui/file/b804437ff855bd3fd448d2bf76f47ada7dcee6288d8f0a53d41fd3b1361c4c0d/detection | vidar | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/dbf4930c405e099e546da792cde0bf9210bff734 | powershell_injector | |
urlhttps://www.virustotal.com/gui/file/0e4780dd90a355c293a08c5607887b95ba4d7d5bffea1a8df92450dfc08934ea/detection | powershell_injector | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/5ea1173644e6bd59ebd6d5c49fcc62fef5af1b95 | fakeapp | |
urlhttps://x.com/tuckner/status/2026069982493229434 | fakeapp | |
urlhttps://annex.security/blog/promise-bomb | fakeapp | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/24f04eb96c56c6f97f1ed248dd1f8f82fc85040c | powershell_injector | |
urlhttps://x.com/malwrhunterteam/status/2026251417372049675 | powershell_injector | |
urlhttps://www.virustotal.com/gui/file/73ae9fe72b3340b95e7187cd51de3b7476cfb84aa20b9903cfaff4f1c96a3e01/detection | powershell_injector | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/2d39fd81500e67b0a26081813c5bb8f46cffe31e | magentocore | |
urlhttps://www.virustotal.com/gui/ip-address/38.180.80.50/relations | magentocore | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/b3fa70ad54a979c37f8c2de4bf0b6934d0000a24 | magentocore | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/4df89b99efb34e1f6f58e84340e0f41c59442f61 | magentocore | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/4c405151fc705dbf7e7854e5a799d635c80c97a7 | magentocore | |
urlhttps://x.com/sdcyberresearch/status/2026266049755164860 | magentocore | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/a26b69e1fc21b37577409db62e93347d90798bfc | fakeapp | |
urlhttps://socket.dev/blog/malicious-chrome-extension-performs-hidden-affiliate-hijacking | fakeapp | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/66ea3343d6a60f23712520c7d0e9d5d6f72133a1 | powershell_injector | |
urlhttps://www.cyberproof.com/blog/fake-captcha-attack-uncovered-clickfix-infostealer-campaign | powershell_injector | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/99b248df35bcf6619a11b06548379b4a2a8e6e4a | netsupport | |
urlhttps://www.virustotal.com/gui/file/8099e85c4aa05f50ff299a130dc26a67b45aed519668e8b1ee1692e0034196c2/detection | netsupport | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/d1bdbe806e95a93b7d45361744f2184a3731722b | fakeapp | |
urlhttps://x.com/D3LabIT/status/2026278544272232666 | fakeapp | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/756bbf828079b7e8f5b4ba6ef70a5d8df3d92b8a | atomsilo | |
urlhttps://x.com/fbgwls245/status/2026299482477088838 | atomsilo | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/1c88d89774aef47e80277d812ab21d7e807c97be | remcos | |
urlhttps://x.com/JAMESWT_WT/status/2026300744635129887 | remcos | |
urlhttps://www.virustotal.com/gui/file/6f8e3ec4e11770eb4202b1ccae2423040c0703f7e7bbfd8330de0a7712f23498/detection | remcos | |
urlhttps://www.virustotal.com/gui/file/79d7358fd1cdaecc1adf0c054c2394abef95df87ef5191f70778da24310c790e/detection | remcos | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/b65b06b38cbe5319c83952879cabb4e3cc8bf9d7 | cyberstrikeai | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/b9bae35324e39b3d63a6ade98778f91a933f9be0 | cyberstrikeai | |
urlhttps://x.com/blackorbird/status/2025588291073171714 | cyberstrikeai | |
urlhttps://cyberandramen.net/2026/02/21/llms-in-the-kill-chain-inside-a-custom-mcp-targeting-fortigate-devices-across-continents | cyberstrikeai | |
urlhttps://aws.amazon.com/ru/blogs/security/ai-augmented-threat-actor-accesses-fortigate-devices-at-scale | cyberstrikeai | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/582133a4fc977b91d356ed4d121c6ec0be15ef6f | cipherforce | |
urlhttps://x.com/fbgwls245/status/2025926038845526373 | cipherforce | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/289ab7eb1c673037bccbe2943cf46f71dc420d61 | vshell | |
urlhttps://www.virustotal.com/gui/ip-address/20.2.2.169/community | vshell | |
urlhttps://www.virustotal.com/gui/ip-address/103.164.203.173/relations | vshell | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/677b82dc8b6e4a9a2fa9ecdca81ad5d43c8c9469 | vshell | |
urlhttps://www.virustotal.com/gui/ip-address/43.164.1.146/community | vshell | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/efabab581c22a454590bd4e67d5f44807ef786f7 | apt_lazarus | |
urlhttps://www.security.com/blog-post/lazarus-medusa-ransomware | apt_lazarus | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/60c20e2c7b759acd5decf91a956b9b68753bf90c | toponev | |
urlhttps://x.com/Fact_Finder03/status/2026298291328368975 | toponev |
Ip
| Value | Description | Copy |
|---|---|---|
ip151.241.154.119 | airbot | |
ip65.21.104.235 | powershell_injector | |
ip143.92.60.24 | supershell_c2 | |
ip192.159.99.176 | quasarrat | |
ip141.195.117.128 | netsupport | |
ip198.23.175.46 | remcos | |
ip38.240.32.108 | remcos | |
ip212.11.64.250 | cyberstrikeai | |
ip103.164.81.110 | cyberstrikeai | |
ip106.52.47.65 | cyberstrikeai | |
ip115.120.233.95 | cyberstrikeai | |
ip118.25.186.119 | cyberstrikeai | |
ip142.171.160.137 | cyberstrikeai | |
ip144.31.224.253 | cyberstrikeai | |
ip146.190.195.154 | cyberstrikeai | |
ip146.190.82.132 | cyberstrikeai | |
ip154.219.114.92 | cyberstrikeai | |
ip156.238.244.173 | cyberstrikeai | |
ip185.196.11.225 | cyberstrikeai | |
ip43.167.237.212 | cyberstrikeai | |
ip47.101.186.156 | cyberstrikeai | |
ip47.95.33.207 | cyberstrikeai | |
ip60.204.227.64 | cyberstrikeai | |
ip62.234.61.215 | cyberstrikeai | |
ip20.2.2.169 | vshell | |
ip103.164.203.173 | vshell | |
ip43.164.1.146 | vshell | |
ip41.216.189.53 | toponev |
Domain
| Value | Description | Copy |
|---|---|---|
domaintered.pw | android_joker | |
domainrvtoolc.info | apt_unc2465 | |
domainrvtooli.info | apt_unc2465 | |
domainaccount.booklngg.com | ek_clearfake | |
domainbooklngg.com | ek_clearfake | |
domainnightlywallet.app | ek_clearfake | |
domain59xgjeq2.hexalink.digital | ek_clearfake | |
domainbest.deals.my.id | ek_clearfake | |
domainbrandnew.deals.my.id | ek_clearfake | |
domainbuycheap.deals.my.id | ek_clearfake | |
domaincheapest.deals.my.id | ek_clearfake | |
domaindeals.my.id | ek_clearfake | |
domainhexalink.digital | ek_clearfake | |
domainfilecloudgrid.com | — | |
domainfilecloudzip.com | — | |
domainfiledrivenow.com | — | |
domainfilesharegrid.com | — | |
domainmedia.megafilehost.cfd | — | |
domainmegafilehost.baby | — | |
domainmegafilehost.xyz | — | |
domaindc.aartzz.pp.ua | dcrat | |
domaindemo.ntl-rto.com | fakeapp | |
domainsmscup.ir | fakeapp | |
domainshift4internal.com | 0ktapus | |
domainchromium-report-tech-331as-2s1-tcd-h143.chartexaapp-razv.com | fakeapp | |
domainforestoaker.com | powershell_injector | |
domainpub-22a8dd26de0749d5b900b711deea554b.r2.dev | powershell_injector | |
domaincdhhcehkchddeec.top | mintsloader | |
domainmhlgcebldddbidl.top | mintsloader | |
domainspacesolutionmac.it.com | osx_atomic | |
domainstorg.pages.dev | osx_atomic | |
domaincanvasn.top | lummac2 | |
domainconvexm.top | lummac2 | |
domaincredil.club | lummac2 | |
domaincygnusn.cyou | lummac2 | |
domaindarkbq.club | lummac2 | |
domaingenetiz.shop | lummac2 | |
domainiivouw.club | lummac2 | |
domainintegri.top | lummac2 | |
domainkaboim.club | lummac2 | |
domainmensare.top | lummac2 | |
domainpageld.club | lummac2 | |
domainparabg.club | lummac2 | |
domainscrewd.club | lummac2 | |
domaintestdf.club | lummac2 | |
domainthinlpr.buzz | lummac2 | |
domaintouchfh.shop | lummac2 | |
domainwipez.top | lummac2 | |
domainheads-resistance-august-sweet.trycloudflare.com | generic | |
domainadvise-visual-playstation-closer.trycloudflare.com | generic | |
domainregistry-memory-defines-obtaining.trycloudflare.com | generic | |
domainchk.nsetverification.mydns.bz | apt_kimsuky | |
domaincvcmains.dns.army | apt_kimsuky | |
domainips-edocdeliver.mydns.bz | apt_kimsuky | |
domainnavlogin.sev.cvcmains.dns.army | apt_kimsuky | |
domainnid-naverhpk.onthewifi.com | apt_kimsuky | |
domainnid-naverjzc.servehalflife.com | apt_kimsuky | |
domainnid-navermly.servegame.com | apt_kimsuky | |
domainnid-naverohn.3utilities.com | apt_kimsuky | |
domainnid-naverxqh.servecounterstrike.com | apt_kimsuky | |
domainnkdocument-hometax.mydns.bz | apt_kimsuky | |
domainnsetverification.mydns.bz | apt_kimsuky | |
domainnuser-login.ips-edocdeliver.mydns.bz | apt_kimsuky | |
domainsev.cvcmains.dns.army | apt_kimsuky | |
domainvvork-space.com | vidar | |
domainalphazero1-endscape.cc | powershell_injector | |
domainalphazero10-endscape.cc | powershell_injector | |
domainalphazero2-endscape.cc | powershell_injector | |
domainalphazero3-endscape.cc | powershell_injector | |
domainalphazero4-endscape.cc | powershell_injector | |
domainalphazero5-endscape.cc | powershell_injector | |
domainalphazero6-endscape.cc | powershell_injector | |
domainalphazero7-endscape.cc | powershell_injector | |
domainalphazero8-endscape.cc | powershell_injector | |
domainalphazero9-endscape.cc | powershell_injector | |
domainpage-guard.com | fakeapp | |
domainpixel-defence.com | fakeapp | |
domainstreamcdn.click | powershell_injector | |
domainjavascripttestlibrary.com | magentocore | |
domainchatliveapp.com | magentocore | |
domainlivechathub.org | magentocore | |
domainliverespond.online | magentocore | |
domainapicheck.chatliveplus.com | magentocore | |
domainblog.chatliveplus.com | magentocore | |
domainchat.eventchatsupport.com | magentocore | |
domaincalendar.livechatlite.com | magentocore | |
domainmail.chatliveplus.com | magentocore | |
domainonline.eventchatsupport.com | magentocore | |
domainportal.livechatlite.com | magentocore | |
domainstatus.livechatlite.com | magentocore | |
domainsystem.eventchatsupport.com | magentocore | |
domainwebdisk.chatliveplus.com | magentocore | |
domainchatliveplus.com | magentocore | |
domaineventchatsupport.com | magentocore | |
domainlivechatlite.com | magentocore | |
domain10xprofit.io | fakeapp | |
domainapp.10xprofit.io | fakeapp | |
domainpinmaha.com | powershell_injector | |
domainapuliae.com | netsupport | |
domainjbactors.com | netsupport | |
domainmandatechgroup.com | fakeapp | |
domaineventul.com | fakeapp | |
domainnpmh5ahrgakbniuntyc7io4adm6ietbdbuejrfonowqtyqn24or556qd.onion | atomsilo | |
domainjerrymac2008.duckdns.org | remcos | |
domaindrb420.ru | cyberstrikeai | |
domaincyberstrike.drb420.ru | cyberstrikeai | |
domaino3ydbkayttkyg4iw2nc732jxmmex25bjeyqyvuuyngnxmpehdefjr3qd.onion | cipherforce | |
domainamazonfiso.com | apt_lazarus | |
domainhuman-check.com | apt_lazarus | |
domainillycafe.my | apt_lazarus | |
domainillycoffee.my | apt_lazarus | |
domainmarkethubuk.com | apt_lazarus | |
domainsictradingc.com | apt_lazarus | |
domaintrustpdfs.com | apt_lazarus | |
domainzypras.com | apt_lazarus |
Threat ID: 699dd95dbe58cf853b0239a9
Added to database: 2/24/2026, 5:01:17 PM
Last enriched: 3/13/2026, 7:59:36 PM
Last updated: 4/10/2026, 4:17:37 PM
Views: 378
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.