Maltrail IOC for 2026-02-26
This entry describes a medium-severity malware-related Indicator of Compromise (IOC) published on 2026-02-26 by the CIRCL OSINT Feed. It is categorized as an OSINT observation related to network activity but lacks specific technical details, affected versions, or indicators. No patches or known exploits are associated with this IOC, and it appears to be a general intelligence report rather than a direct vulnerability or active exploit. The threat is assessed as medium severity due to its malware classification and potential network impact, despite limited actionable information. Organizations should monitor relevant threat intelligence feeds and maintain standard malware detection and network monitoring practices. The lack of detailed indicators limits targeted mitigation, so emphasis should be on general defensive hygiene. Countries with significant internet infrastructure and reliance on network security intelligence are more likely to benefit from awareness of this IOC. Overall, this represents a moderate risk intelligence update rather than an immediate critical threat.
AI Analysis
Technical Summary
The provided information pertains to a malware-related Indicator of Compromise (IOC) published by the CIRCL OSINT Feed on February 26, 2026. The IOC is tagged with medium severity and classified under malware and network activity categories. However, the report lacks detailed technical specifics such as affected software versions, exploit mechanisms, or concrete indicators like IP addresses, domains, or file hashes. No patches or known exploits in the wild are reported, indicating this is an intelligence observation rather than a confirmed active threat. The IOC is part of an open-source intelligence (OSINT) feed, collected manually and intended for perpetual use in threat detection and analysis. The absence of CWE identifiers and exploit details suggests this IOC serves as a general alert to potential malware-related network activity rather than a direct vulnerability or exploit. The medium severity rating likely reflects the potential for malware-related network compromise if exploited but tempered by the lack of actionable data and known active exploitation. This type of IOC is useful for organizations to update their detection signatures and network monitoring tools, enhancing situational awareness and early warning capabilities. Given the limited technical details, the IOC should be integrated into broader threat intelligence frameworks and correlated with other data sources for effective use.
Potential Impact
The potential impact of this IOC is moderate, primarily serving as an early warning indicator of possible malware-related network activity. Without specific exploit details or known active attacks, the immediate risk to confidentiality, integrity, or availability is limited. However, failure to incorporate such intelligence into detection systems could delay identification of emerging threats, potentially allowing malware infections to propagate undetected. Organizations relying on network security monitoring and threat intelligence feeds may improve their defensive posture by integrating this IOC, thereby reducing the risk of malware-related incidents. The lack of patches or exploit information means no direct remediation is possible, so the impact is mainly on detection and response capabilities. If related malware were to be exploited in the future, organizations unaware of this IOC might face increased risk of compromise, data loss, or service disruption. Overall, the impact is mitigated by the IOC's role as a supplementary intelligence input rather than a standalone threat vector.
Mitigation Recommendations
Given the nature of this IOC as an intelligence observation without specific indicators or patches, mitigation should focus on enhancing detection and response capabilities. Organizations should: 1) Integrate the CIRCL OSINT Feed and similar threat intelligence sources into their Security Information and Event Management (SIEM) and Intrusion Detection/Prevention Systems (IDS/IPS) to improve early detection of malware-related network activity. 2) Maintain up-to-date malware signatures and behavioral detection rules in endpoint protection platforms to identify potential infections. 3) Conduct regular network traffic analysis to identify anomalous patterns that may correlate with emerging malware threats. 4) Employ threat hunting exercises using contextual information from OSINT feeds to proactively search for signs of compromise. 5) Ensure robust incident response plans are in place to quickly contain and remediate malware infections if detected. 6) Educate security teams on interpreting and leveraging OSINT IOCs for enhanced situational awareness. These steps go beyond generic advice by emphasizing integration of this specific intelligence feed and proactive network monitoring tailored to malware detection.
Affected Countries
United States, Germany, France, United Kingdom, Netherlands, Japan, South Korea, Australia, Canada, Singapore
Indicators of Compromise
- url: https://api.github.com/repos/stamparm/maltrail/commits/0c6667175dd9fba7698bbf1bdf849297b605a2e3
- url: https://x.com/BlinkzSec/status/2026899651345993936
- url: https://www.virustotal.com/gui/file/4f0c95a1885411100649bf8150c2f189dc0941ac569b801b3765d1ca64b760dc/detection
- ip: 186.169.75.221
- domain: oficialrem.duckdns.org
- url: https://api.github.com/repos/stamparm/maltrail/commits/437c2fe3871e35869bc9c67994edd7ce83f20427
- domain: filecindercrate.com
- domain: filedeltaforge.com
- domain: filemodulelink.com
- domain: filemonorailsync.com
- domain: fileoriginvault.com
- domain: filequartzrelay.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/210c5c1185382eb070ddcbbee197d498b2870bce
- domain: a.greetinggleeful.ru
- domain: greetinggleeful.ru
- domain: ns1.yyau.ru
- domain: s.greetinggleeful.ru
- domain: utterdeflected.ru
- domain: yyau.ru
- url: https://api.github.com/repos/stamparm/maltrail/commits/89ff2ed1d3a60e8ab5104cc8b6f398be6d6045ae
- domain: 13nq2ksp.lunarbridge.digital
- domain: 1m89k7yv.primefusion.digital
- domain: 2lrej7f0.microzen.digital
- domain: 2z0nkkls.lumenbit.digital
- domain: 3li6xvqk.rapidmatrix.digital
- domain: 5mf4m58e.lumenbit.digital
- domain: 6u5wy3rf.lunarbridge.digital
- domain: 6ut6sdn1.clearvertex.digital
- domain: 85lgsf41.clearvertex.digital
- domain: activestatushub.snoozetrap.in.net
- domain: advancedsystrace.intricessaucy.in.net
- domain: aerospaceviewport.aircraftmodel.in.net
- domain: agri-tech-monitor.silverfield.ru
- domain: agricultural-monitoring.freshhill.ru
- domain: aidiyet.esb.org.tr
- domain: aircraftmodel.in.net
- domain: alphasync.digital
- domain: applicationbackup.implementnega.in.net
- domain: applynow.approvkrup.in.net
- domain: arctic-data-sync-node.thenorthernvertex.com
- domain: area-grove-sync.brightgrove.ru
- domain: atmospheric-sensor-unit.quietwind.ru
- domain: auditsounder.ru
- domain: authpoint.approvkrup.in.net
- domain: b113a978.alphasync.digital
- domain: b4svvivz.cybervox.digital
- domain: backgroundprocess.snoozetrap.in.net
- domain: basepoint.solidyears.in.net
- domain: baseportion.inherentrecip.ru
- domain: baskadubutil.in.net
- domain: beyondbase.afterlifetap.in.net
- domain: bloodsubsequen.in.net
- domain: bloomshift.takeoverspring.in.net
- domain: blowofmike.in.net
- domain: botanical-research-archive.wildfern.ru
- domain: brannysuppress.ru
- domain: brewshield.brannysuppress.ru
- domain: bright-cliff-edge.brightcliff.in.net
- domain: bright-field-stat.brightvale.ru
- domain: bright-grove-park.brightgrove.ru
- domain: brightcliff.in.net
- domain: brightforfox.in.net
- domain: brightgrove.ru
- domain: brighttail.brightforfox.in.net
- domain: brightvale.ru
- domain: bxp0c9rt.crystalbit.digital
- domain: calcunit.arithmethair.in.net
- domain: calmbreeze.quietwind.in.net
- domain: central-hub-access.urbanlake.ru
- domain: central-monitoring-hub.clearcrest.ru
- domain: central-navigation-hub.thenorthernvertex.com
- domain: central-pine-node.smartpine.ru
- domain: centralcloudservice.lubginany.in.net
- domain: checkstatus.approvkrup.in.net
- domain: checktone.auditsounder.ru
- domain: chillwater.coldinriver.in.net
- domain: chronosyncmanager.swallowtime.in.net
- domain: city-management-portal.urbanlake.ru
- domain: city-ridge-sync.urbanridge.ru
- domain: city-stone-track.urbanstone.in.net
- domain: clear-field-view.clearfield.in.net
- domain: clear-silver-route.silverpath.in.net
- domain: clearatwind.in.net
- domain: clearbreeze.clearatwind.in.net
- domain: clearcrest.ru
- domain: clearfield.in.net
- domain: clearvertex.digital
- domain: cliff-side-sync.brightcliff.in.net
- domain: cliffbird.sparrowinrock.in.net
- domain: cliffroot.wildandstone.in.net
- domain: climatecontrolunit.makeoverwinter.in.net
- domain: coastal-storm-node.stormbay.ru
- domain: coldinriver.in.net
- domain: compactvillage.koreansmall.ru
- domain: complexlogicstream.intricessaucy.in.net
- domain: cool-port-storage.coolharbor.ru
- domain: coolharbor.ru
- domain: core-stone-vault.vividrock.ru
- domain: coreintegratednode.implementnega.in.net
- domain: corenumber.arithmethair.in.net
- domain: crest-logic-point.clearcrest.ru
- domain: crimsonbeat.rockinred.in.net
- domain: crystalbit.digital
- domain: cybervox.digital
- domain: darkbypine.in.net
- domain: darkport.detachfrigate.in.net
- domain: data-clear-sync.clearfield.in.net
- domain: daytrace.hourillusion.in.net
- domain: deep-water-sensor.stormbay.ru
- domain: deploymentsystems.implementnega.in.net
- domain: depth-canyon-monitor.swiftcanyon.ru
- domain: desert-storm-monitor.rapiddune.ru
- domain: detachfrigate.in.net
- domain: digitflow.arithmethair.in.net
- domain: direct-access-line.silverpath.in.net
- domain: dune-logic-base.rapiddune.ru
- domain: dynamicmarketflow.globalstimul.in.net
- domain: echocharge.blowofmike.in.net
- domain: eco-system-track.freshhill.ru
- domain: emberpelt.brightforfox.in.net
- domain: epi66tim.velocore.digital
- domain: esb.org
- domain: f2i32y9f.silvernode.digital
- domain: fast-flow-point.rapidbrook.ru
- domain: fast-port-logic.quickharbor.in.net
- domain: fast-track-sensor.rapidtrail.in.net
- domain: fastleaf.in.net
- domain: fernshade.wildfern.in.net
- domain: field-logic-base.clearfield.in.net
- domain: finalgate.afterlifetap.in.net
- domain: finalstep.approvkrup.in.net
- domain: flightcontrolcenter.aircraftmodel.in.net
- domain: forest-deep-sync-node.wildfern.ru
- domain: forest-logic-center.vividgrove.in.net
- domain: forestfrond.wildfern.in.net
- domain: foxspark.brightforfox.in.net
- domain: fresh-bio-center.freshhill.ru
- domain: fresh-cliff-high.freshcliff.ru
- domain: freshcliff.ru
- domain: freshhill.ru
- domain: freshuprise.takeoverspring.in.net
- domain: frostprotectionsys.makeoverwinter.in.net
- domain: froststream.coldinriver.in.net
- domain: geo-fresh-node.freshcliff.ru
- domain: geo-rock-sync-base.swiftcanyon.ru
- domain: geological-survey-point.vividrock.ru
- domain: globalstimul.in.net
- domain: globalsynchandler.intricessaucy.in.net
- domain: glow-ridge-light.glowridge.ru
- domain: glowridge.ru
- domain: graincontrol.brannysuppress.ru
- domain: grass-land-node.silentmeadow.in.net
- domain: green-grove-sync.vividgrove.in.net
- domain: greenwild.wildfern.in.net
- domain: ground-trail-monitor.rapidtrail.in.net
- domain: h0kuelyp.modernsignal.digital
- domain: hard-rock-base.vividrock.ru
- domain: hardlife.shratsurvivor.in.net
- domain: hardrock.solidyears.in.net
- domain: heat-sync-node.rapiddune.ru
- domain: heropath.shratsurvivor.in.net
- domain: high-altitude-sensor.clearcrest.ru
- domain: high-rise-monitor.urbanridge.ru
- domain: high-wall-monitor.brightcliff.in.net
- domain: hill-side-view-point.freshhill.ru
- domain: historyflowsystem.swallowtime.in.net
- domain: hourillusion.in.net
- domain: humanunit.chelnperson.in.net
- domain: hydrological-collector.rapidbrook.ru
- domain: icetorrent.coldinriver.in.net
- domain: impactanalysisview.globalstimul.in.net
- domain: implementnega.in.net
- domain: infrastructure-service.urbanlake.ru
- domain: innaterecipe.inherentrecip.ru
- domain: internalnodepoint.lubginany.in.net
- domain: intervalchecknode.swallowtime.in.net
- domain: intricessaucy.in.net
- domain: it-pine-management.smartpine.ru
- domain: iwkzzjit.rapidmatrix.digital
- domain: joieshk7.hexalink.digital
- domain: js0qnoh0.alphasync.digital
- domain: jy8vxjxs.lumenbit.digital
- domain: koreansmall.ru
- domain: laststand.shratsurvivor.in.net
- domain: leadgroup.chelnperson.in.net
- domain: lg1kpu12.microzen.digital
- domain: light-grove-hub.brightgrove.ru
- domain: light-valley-hub.brightvale.ru
- domain: littlemarket.koreansmall.ru
- domain: longroad.solidyears.in.net
- domain: lubginany.in.net
- domain: lumenbit.digital
- domain: lunarbridge.digital
- domain: main-cool-harbor-sys.coolharbor.ru
- domain: main-crest-auth.clearcrest.ru
- domain: main-monitoring-station.vividrock.ru
- domain: main-quick-dock.quickharbor.in.net
- domain: maintool.baskadubutil.in.net
- domain: makeoverwinter.in.net
- domain: maltguard.brannysuppress.ru
- domain: mathlogic.arithmethair.in.net
- domain: micblast.blowofmike.in.net
- domain: microzen.digital
- domain: minihouse.koreansmall.ru
- domain: modernsignal.digital
- domain: monitoringservice.snoozetrap.in.net
- domain: mountain-glow-base.glowridge.ru
- domain: nature-grove-data.vividgrove.in.net
- domain: nature-logic-base.wildfern.ru
- domain: nature-silent-sync.silentmeadow.in.net
- domain: navigationsysunit.aircraftmodel.in.net
- domain: networkdatamanager.lubginany.in.net
- domain: nighttimber.darkbypine.in.net
- domain: novacode.digital
- domain: ocean-harbor-gate.coolharbor.ru
- domain: oceanpoint.detachfrigate.in.net
- domain: oldcore.solidyears.in.net
- domain: open-field-data.silverfield.ru
- domain: open-zone-monitor.clearfield.in.net
- domain: openmatrix.digital
- domain: orbit-dash-control.orbitdash.in.net
- domain: orbit-logic-base.orbitdash.in.net
- domain: orbitdash.in.net
- domain: ovfs585i.urbanforge.digital
- domain: path-logic-unit.silverpath.in.net
- domain: peak-vertex-auth.thenorthernvertex.com
- domain: pinegloom.darkbypine.in.net
- domain: pq2uim2y.velocore.digital
- domain: primefusion.digital
- domain: priorityflowcontrol.bloodsubsequen.in.net
- domain: processvalidation.implementnega.in.net
- domain: public-gateway-alpha.urbanlake.ru
- domain: quick-harbor-unit.quickharbor.in.net
- domain: quickharbor.in.net
- domain: quickpetal.fastleaf.in.net
- domain: quiet-air-monitor.quietwind.ru
- domain: quiet-field-monitor.silentmeadow.in.net
- domain: quietwind.in.net
- domain: quietwind.ru
- domain: r615p0ru.lumenbit.digital
- domain: rapid-dune-sand.rapiddune.ru
- domain: rapid-stream-data.rapidbrook.ru
- domain: rapid-trail-path.rapidtrail.in.net
- domain: rapidbrook.ru
- domain: rapiddune.ru
- domain: rapidfern.fastleaf.in.net
- domain: rapidmatrix.digital
- domain: rapidtrail.in.net
- domain: redstone.rockinred.in.net
- domain: region-sync-base.brightvale.ru
- domain: remotedatachannel.intricessaucy.in.net
- domain: ridge-data-point.glowridge.ru
- domain: rngj2amn.openmatrix.digital
- domain: rockember.rockinred.in.net
- domain: rockfeather.sparrowinrock.in.net
- domain: rockgrove.wildandstone.in.net
- domain: rockinred.in.net
- domain: route-logic-sync.rapidtrail.in.net
- domain: s2s942l0.modernsignal.digital
- domain: satellite-data-node.orbitdash.in.net
- domain: seasonaltrendlog.makeoverwinter.in.net
- domain: secure-logic-gateway.thenorthernvertex.com
- domain: secureaccesspoint.lubginany.in.net
- domain: servicedesk.baskadubutil.in.net
- domain: shadowcone.darkbypine.in.net
- domain: shiftview.hourillusion.in.net
- domain: ship-dock-control.coolharbor.ru
- domain: shipnode.detachfrigate.in.net
- domain: shratsurvivor.in.net
- domain: shsq4l7w.urbanforge.digital
- domain: silent-flow-node.quietwind.ru
- domain: silent-meadow-base.silentmeadow.in.net
- domain: silentdraft.quietwind.in.net
- domain: silentmeadow.in.net
- domain: silenttriggerbase.snoozetrap.in.net
- domain: silver-field-base.silverfield.ru
- domain: silver-path-way.silverpath.in.net
- domain: silver-zone-sync.silverfield.ru
- domain: silverfield.ru
- domain: silvermypath.in.net
- domain: silvernode.digital
- domain: silverpath.in.net
- domain: silvertrail.silvermypath.in.net
- domain: skycurrent.clearatwind.in.net
- domain: smart-timber-track.smartpine.ru
- domain: smartpine.ru
- domain: snoozetrap.in.net
- domain: softgust.quietwind.in.net
- domain: solar-energy-control.brightvale.ru
- domain: solar-grove-control.brightgrove.ru
- domain: solidyears.in.net
- domain: soultrack.afterlifetap.in.net
- domain: soundreview.auditsounder.ru
- domain: space-track-system.orbitdash.in.net
- domain: sparrowinrock.in.net
- domain: spiritlink.afterlifetap.in.net
- domain: springclaim.takeoverspring.in.net
- domain: staffbase.chelnperson.in.net
- domain: steady-flow-brook.steadybrook.in.net
- domain: steadybrook.in.net
- domain: stone-solid-base.urbanstone.in.net
- domain: stonewild.wildandstone.in.net
- domain: stonewing.sparrowinrock.in.net
- domain: storm-bay-watch.stormbay.ru
- domain: stormbay.ru
- domain: strategicdatasink.globalstimul.in.net
- domain: street-level-sync.urbanstone.in.net
- domain: summit-cliff-sync.freshcliff.ru
- domain: summit-sync-unit.glowridge.ru
- domain: swallowtime.in.net
- domain: swift-canyon-pass.swiftcanyon.ru
- domain: swift-flow-node.swiftcanyon.ru
- domain: swiftbranch.fastleaf.in.net
- domain: swiftcanyon.ru
- domain: swog3mgt.openmatrix.digital
- domain: t0ijoagy.crystalbit.digital
- domain: takeoverspring.in.net
- domain: tasknode.baskadubutil.in.net
- domain: technicalsupportbox.aircraftmodel.in.net
- domain: temporallogicunit.swallowtime.in.net
- domain: thenorthernvertex.com
- domain: timeloop.hourillusion.in.net
- domain: transit-harbor-node.quickharbor.in.net
- domain: ultranode.ultranet.in.net
- domain: universalreachpoint.globalstimul.in.net
- domain: urban-data-point.urbanridge.ru
- domain: urban-infrastructure-node.urbanstone.in.net
- domain: urban-ridge-city.urbanridge.ru
- domain: urbanforge.digital
- domain: urbanlake.ru
- domain: urbanridge.ru
- domain: urbanstone.in.net
- domain: utilsync.baskadubutil.in.net
- domain: vbb24wmu.lumenbit.digital
- domain: velocore.digital
- domain: verifyecho.auditsounder.ru
- domain: vertical-data-flow.brightcliff.in.net
- domain: vesselhub.detachfrigate.in.net
- domain: vitalstatisticsunit.bloodsubsequen.in.net
- domain: vivid-grove-tree.vividgrove.in.net
- domain: vividgrove.in.net
- domain: vividrock.ru
- domain: vo230hqh.cybervox.digital
- domain: vxnrtubh.primefusion.digital
- domain: watchpoint.hourillusion.in.net
- domain: water-network-node.rapidbrook.ru
- domain: water-stream-analysis.steadybrook.in.net
- domain: weather-station-data.quietwind.ru
- domain: weather-warning-system.stormbay.ru
- domain: wild-leaf-trace.wildfern.ru
- domain: wildandstone.in.net
- domain: wildfern.in.net
- domain: wildfern.ru
- domain: wildhunt.shratsurvivor.in.net
- domain: wind-cliff-monitor.freshcliff.ru
- domain: windglade.clearatwind.in.net
- domain: windvoice.blowofmike.in.net
- domain: winterupdatestack.makeoverwinter.in.net
- domain: wood-processing-unit.smartpine.ru
- domain: workforce.chelnperson.in.net
- domain: zx45t73y.silvernode.digital
- url: https://api.github.com/repos/stamparm/maltrail/commits/6868b1d44903dc8d9bfda77b389aa5619994e003
- domain: additional-final-check.com
- domain: d-apps-exchange.com
- domain: finalise-additiona-update.com
- domain: fjdeljty.info
- url: https://api.github.com/repos/stamparm/maltrail/commits/e94a4d5b5a096f8f6c51332d0450e57a7a28061a
- domain: cac.mitel.cz
- url: https://api.github.com/repos/stamparm/maltrail/commits/f826f1544f6464598ee6ccfd36bd3025314facdb
- domain: luygbgtd.cfd
- domain: mdeshyyeo.click
- url: https://api.github.com/repos/stamparm/maltrail/commits/6557113119e8effc165ced84096ccfe2b7d5fdfb
- ip: 206.206.127.178
- url: https://api.github.com/repos/stamparm/maltrail/commits/f47dd573967b36d8fc914b94f23c655fb4517647
- url: https://x.com/JAMESWT_WT/status/2026920368217190557
- url: https://www.virustotal.com/gui/file/644ef9f5eea1d6a2bc39a62627ee3c7114a14e7050bafab8a76b9aa8069425fa/detection
- domain: uswebzoomus.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/00ed99153c0cf51d9720eb83a27d1fe58a93fc87
- domain: birdbeginner.cfd
- domain: zukharilx.world
- url: https://api.github.com/repos/stamparm/maltrail/commits/28c4054d3b0cfe0a420268880c3ed4a6f4ad5857
- domain: aansyvz3.top
- domain: dlnnbafkfekljei.top
- domain: mcdmbaalgakinec.top
- url: https://api.github.com/repos/stamparm/maltrail/commits/b3328bfb4454f4a8dae12a59c8303b9a76c89007
- domain: kasykmp.cyou
- domain: ridobad.cyou
Maltrail IOC for 2026-02-26
Description
This entry describes a medium-severity malware-related Indicator of Compromise (IOC) published on 2026-02-26 by the CIRCL OSINT Feed. It is categorized as an OSINT observation related to network activity but lacks specific technical details, affected versions, or indicators. No patches or known exploits are associated with this IOC, and it appears to be a general intelligence report rather than a direct vulnerability or active exploit. The threat is assessed as medium severity due to its malware classification and potential network impact, despite limited actionable information. Organizations should monitor relevant threat intelligence feeds and maintain standard malware detection and network monitoring practices. The lack of detailed indicators limits targeted mitigation, so emphasis should be on general defensive hygiene. Countries with significant internet infrastructure and reliance on network security intelligence are more likely to benefit from awareness of this IOC. Overall, this represents a moderate risk intelligence update rather than an immediate critical threat.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The provided information pertains to a malware-related Indicator of Compromise (IOC) published by the CIRCL OSINT Feed on February 26, 2026. The IOC is tagged with medium severity and classified under malware and network activity categories. However, the report lacks detailed technical specifics such as affected software versions, exploit mechanisms, or concrete indicators like IP addresses, domains, or file hashes. No patches or known exploits in the wild are reported, indicating this is an intelligence observation rather than a confirmed active threat. The IOC is part of an open-source intelligence (OSINT) feed, collected manually and intended for perpetual use in threat detection and analysis. The absence of CWE identifiers and exploit details suggests this IOC serves as a general alert to potential malware-related network activity rather than a direct vulnerability or exploit. The medium severity rating likely reflects the potential for malware-related network compromise if exploited but tempered by the lack of actionable data and known active exploitation. This type of IOC is useful for organizations to update their detection signatures and network monitoring tools, enhancing situational awareness and early warning capabilities. Given the limited technical details, the IOC should be integrated into broader threat intelligence frameworks and correlated with other data sources for effective use.
Potential Impact
The potential impact of this IOC is moderate, primarily serving as an early warning indicator of possible malware-related network activity. Without specific exploit details or known active attacks, the immediate risk to confidentiality, integrity, or availability is limited. However, failure to incorporate such intelligence into detection systems could delay identification of emerging threats, potentially allowing malware infections to propagate undetected. Organizations relying on network security monitoring and threat intelligence feeds may improve their defensive posture by integrating this IOC, thereby reducing the risk of malware-related incidents. The lack of patches or exploit information means no direct remediation is possible, so the impact is mainly on detection and response capabilities. If related malware were to be exploited in the future, organizations unaware of this IOC might face increased risk of compromise, data loss, or service disruption. Overall, the impact is mitigated by the IOC's role as a supplementary intelligence input rather than a standalone threat vector.
Mitigation Recommendations
Given the nature of this IOC as an intelligence observation without specific indicators or patches, mitigation should focus on enhancing detection and response capabilities. Organizations should: 1) Integrate the CIRCL OSINT Feed and similar threat intelligence sources into their Security Information and Event Management (SIEM) and Intrusion Detection/Prevention Systems (IDS/IPS) to improve early detection of malware-related network activity. 2) Maintain up-to-date malware signatures and behavioral detection rules in endpoint protection platforms to identify potential infections. 3) Conduct regular network traffic analysis to identify anomalous patterns that may correlate with emerging malware threats. 4) Employ threat hunting exercises using contextual information from OSINT feeds to proactively search for signs of compromise. 5) Ensure robust incident response plans are in place to quickly contain and remediate malware infections if detected. 6) Educate security teams on interpreting and leveraging OSINT IOCs for enhanced situational awareness. These steps go beyond generic advice by emphasizing integration of this specific intelligence feed and proactive network monitoring tailored to malware detection.
Technical Details
- Uuid
- 9291457f-54be-4e1d-b239-3562e18112d7
- Original Timestamp
- 1772096468
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://api.github.com/repos/stamparm/maltrail/commits/0c6667175dd9fba7698bbf1bdf849297b605a2e3 | remcos | |
urlhttps://x.com/BlinkzSec/status/2026899651345993936 | remcos | |
urlhttps://www.virustotal.com/gui/file/4f0c95a1885411100649bf8150c2f189dc0941ac569b801b3765d1ca64b760dc/detection | remcos | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/437c2fe3871e35869bc9c67994edd7ce83f20427 | — | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/210c5c1185382eb070ddcbbee197d498b2870bce | ek_clearfake | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/89ff2ed1d3a60e8ab5104cc8b6f398be6d6045ae | ek_clearfake | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/6868b1d44903dc8d9bfda77b389aa5619994e003 | ek_clearfake | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/e94a4d5b5a096f8f6c51332d0450e57a7a28061a | hak5cloud_c2 | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/f826f1544f6464598ee6ccfd36bd3025314facdb | fakeapp | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/6557113119e8effc165ced84096ccfe2b7d5fdfb | sectoprat | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/f47dd573967b36d8fc914b94f23c655fb4517647 | fakeapp | |
urlhttps://x.com/JAMESWT_WT/status/2026920368217190557 | fakeapp | |
urlhttps://www.virustotal.com/gui/file/644ef9f5eea1d6a2bc39a62627ee3c7114a14e7050bafab8a76b9aa8069425fa/detection | fakeapp | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/00ed99153c0cf51d9720eb83a27d1fe58a93fc87 | osx_atomic | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/28c4054d3b0cfe0a420268880c3ed4a6f4ad5857 | mintsloader | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/b3328bfb4454f4a8dae12a59c8303b9a76c89007 | lummac2 |
Ip
| Value | Description | Copy |
|---|---|---|
ip186.169.75.221 | remcos | |
ip206.206.127.178 | sectoprat |
Domain
| Value | Description | Copy |
|---|---|---|
domainoficialrem.duckdns.org | remcos | |
domainfilecindercrate.com | — | |
domainfiledeltaforge.com | — | |
domainfilemodulelink.com | — | |
domainfilemonorailsync.com | — | |
domainfileoriginvault.com | — | |
domainfilequartzrelay.com | — | |
domaina.greetinggleeful.ru | ek_clearfake | |
domaingreetinggleeful.ru | ek_clearfake | |
domainns1.yyau.ru | ek_clearfake | |
domains.greetinggleeful.ru | ek_clearfake | |
domainutterdeflected.ru | ek_clearfake | |
domainyyau.ru | ek_clearfake | |
domain13nq2ksp.lunarbridge.digital | ek_clearfake | |
domain1m89k7yv.primefusion.digital | ek_clearfake | |
domain2lrej7f0.microzen.digital | ek_clearfake | |
domain2z0nkkls.lumenbit.digital | ek_clearfake | |
domain3li6xvqk.rapidmatrix.digital | ek_clearfake | |
domain5mf4m58e.lumenbit.digital | ek_clearfake | |
domain6u5wy3rf.lunarbridge.digital | ek_clearfake | |
domain6ut6sdn1.clearvertex.digital | ek_clearfake | |
domain85lgsf41.clearvertex.digital | ek_clearfake | |
domainactivestatushub.snoozetrap.in.net | ek_clearfake | |
domainadvancedsystrace.intricessaucy.in.net | ek_clearfake | |
domainaerospaceviewport.aircraftmodel.in.net | ek_clearfake | |
domainagri-tech-monitor.silverfield.ru | ek_clearfake | |
domainagricultural-monitoring.freshhill.ru | ek_clearfake | |
domainaidiyet.esb.org.tr | ek_clearfake | |
domainaircraftmodel.in.net | ek_clearfake | |
domainalphasync.digital | ek_clearfake | |
domainapplicationbackup.implementnega.in.net | ek_clearfake | |
domainapplynow.approvkrup.in.net | ek_clearfake | |
domainarctic-data-sync-node.thenorthernvertex.com | ek_clearfake | |
domainarea-grove-sync.brightgrove.ru | ek_clearfake | |
domainatmospheric-sensor-unit.quietwind.ru | ek_clearfake | |
domainauditsounder.ru | ek_clearfake | |
domainauthpoint.approvkrup.in.net | ek_clearfake | |
domainb113a978.alphasync.digital | ek_clearfake | |
domainb4svvivz.cybervox.digital | ek_clearfake | |
domainbackgroundprocess.snoozetrap.in.net | ek_clearfake | |
domainbasepoint.solidyears.in.net | ek_clearfake | |
domainbaseportion.inherentrecip.ru | ek_clearfake | |
domainbaskadubutil.in.net | ek_clearfake | |
domainbeyondbase.afterlifetap.in.net | ek_clearfake | |
domainbloodsubsequen.in.net | ek_clearfake | |
domainbloomshift.takeoverspring.in.net | ek_clearfake | |
domainblowofmike.in.net | ek_clearfake | |
domainbotanical-research-archive.wildfern.ru | ek_clearfake | |
domainbrannysuppress.ru | ek_clearfake | |
domainbrewshield.brannysuppress.ru | ek_clearfake | |
domainbright-cliff-edge.brightcliff.in.net | ek_clearfake | |
domainbright-field-stat.brightvale.ru | ek_clearfake | |
domainbright-grove-park.brightgrove.ru | ek_clearfake | |
domainbrightcliff.in.net | ek_clearfake | |
domainbrightforfox.in.net | ek_clearfake | |
domainbrightgrove.ru | ek_clearfake | |
domainbrighttail.brightforfox.in.net | ek_clearfake | |
domainbrightvale.ru | ek_clearfake | |
domainbxp0c9rt.crystalbit.digital | ek_clearfake | |
domaincalcunit.arithmethair.in.net | ek_clearfake | |
domaincalmbreeze.quietwind.in.net | ek_clearfake | |
domaincentral-hub-access.urbanlake.ru | ek_clearfake | |
domaincentral-monitoring-hub.clearcrest.ru | ek_clearfake | |
domaincentral-navigation-hub.thenorthernvertex.com | ek_clearfake | |
domaincentral-pine-node.smartpine.ru | ek_clearfake | |
domaincentralcloudservice.lubginany.in.net | ek_clearfake | |
domaincheckstatus.approvkrup.in.net | ek_clearfake | |
domainchecktone.auditsounder.ru | ek_clearfake | |
domainchillwater.coldinriver.in.net | ek_clearfake | |
domainchronosyncmanager.swallowtime.in.net | ek_clearfake | |
domaincity-management-portal.urbanlake.ru | ek_clearfake | |
domaincity-ridge-sync.urbanridge.ru | ek_clearfake | |
domaincity-stone-track.urbanstone.in.net | ek_clearfake | |
domainclear-field-view.clearfield.in.net | ek_clearfake | |
domainclear-silver-route.silverpath.in.net | ek_clearfake | |
domainclearatwind.in.net | ek_clearfake | |
domainclearbreeze.clearatwind.in.net | ek_clearfake | |
domainclearcrest.ru | ek_clearfake | |
domainclearfield.in.net | ek_clearfake | |
domainclearvertex.digital | ek_clearfake | |
domaincliff-side-sync.brightcliff.in.net | ek_clearfake | |
domaincliffbird.sparrowinrock.in.net | ek_clearfake | |
domaincliffroot.wildandstone.in.net | ek_clearfake | |
domainclimatecontrolunit.makeoverwinter.in.net | ek_clearfake | |
domaincoastal-storm-node.stormbay.ru | ek_clearfake | |
domaincoldinriver.in.net | ek_clearfake | |
domaincompactvillage.koreansmall.ru | ek_clearfake | |
domaincomplexlogicstream.intricessaucy.in.net | ek_clearfake | |
domaincool-port-storage.coolharbor.ru | ek_clearfake | |
domaincoolharbor.ru | ek_clearfake | |
domaincore-stone-vault.vividrock.ru | ek_clearfake | |
domaincoreintegratednode.implementnega.in.net | ek_clearfake | |
domaincorenumber.arithmethair.in.net | ek_clearfake | |
domaincrest-logic-point.clearcrest.ru | ek_clearfake | |
domaincrimsonbeat.rockinred.in.net | ek_clearfake | |
domaincrystalbit.digital | ek_clearfake | |
domaincybervox.digital | ek_clearfake | |
domaindarkbypine.in.net | ek_clearfake | |
domaindarkport.detachfrigate.in.net | ek_clearfake | |
domaindata-clear-sync.clearfield.in.net | ek_clearfake | |
domaindaytrace.hourillusion.in.net | ek_clearfake | |
domaindeep-water-sensor.stormbay.ru | ek_clearfake | |
domaindeploymentsystems.implementnega.in.net | ek_clearfake | |
domaindepth-canyon-monitor.swiftcanyon.ru | ek_clearfake | |
domaindesert-storm-monitor.rapiddune.ru | ek_clearfake | |
domaindetachfrigate.in.net | ek_clearfake | |
domaindigitflow.arithmethair.in.net | ek_clearfake | |
domaindirect-access-line.silverpath.in.net | ek_clearfake | |
domaindune-logic-base.rapiddune.ru | ek_clearfake | |
domaindynamicmarketflow.globalstimul.in.net | ek_clearfake | |
domainechocharge.blowofmike.in.net | ek_clearfake | |
domaineco-system-track.freshhill.ru | ek_clearfake | |
domainemberpelt.brightforfox.in.net | ek_clearfake | |
domainepi66tim.velocore.digital | ek_clearfake | |
domainesb.org | ek_clearfake | |
domainf2i32y9f.silvernode.digital | ek_clearfake | |
domainfast-flow-point.rapidbrook.ru | ek_clearfake | |
domainfast-port-logic.quickharbor.in.net | ek_clearfake | |
domainfast-track-sensor.rapidtrail.in.net | ek_clearfake | |
domainfastleaf.in.net | ek_clearfake | |
domainfernshade.wildfern.in.net | ek_clearfake | |
domainfield-logic-base.clearfield.in.net | ek_clearfake | |
domainfinalgate.afterlifetap.in.net | ek_clearfake | |
domainfinalstep.approvkrup.in.net | ek_clearfake | |
domainflightcontrolcenter.aircraftmodel.in.net | ek_clearfake | |
domainforest-deep-sync-node.wildfern.ru | ek_clearfake | |
domainforest-logic-center.vividgrove.in.net | ek_clearfake | |
domainforestfrond.wildfern.in.net | ek_clearfake | |
domainfoxspark.brightforfox.in.net | ek_clearfake | |
domainfresh-bio-center.freshhill.ru | ek_clearfake | |
domainfresh-cliff-high.freshcliff.ru | ek_clearfake | |
domainfreshcliff.ru | ek_clearfake | |
domainfreshhill.ru | ek_clearfake | |
domainfreshuprise.takeoverspring.in.net | ek_clearfake | |
domainfrostprotectionsys.makeoverwinter.in.net | ek_clearfake | |
domainfroststream.coldinriver.in.net | ek_clearfake | |
domaingeo-fresh-node.freshcliff.ru | ek_clearfake | |
domaingeo-rock-sync-base.swiftcanyon.ru | ek_clearfake | |
domaingeological-survey-point.vividrock.ru | ek_clearfake | |
domainglobalstimul.in.net | ek_clearfake | |
domainglobalsynchandler.intricessaucy.in.net | ek_clearfake | |
domainglow-ridge-light.glowridge.ru | ek_clearfake | |
domainglowridge.ru | ek_clearfake | |
domaingraincontrol.brannysuppress.ru | ek_clearfake | |
domaingrass-land-node.silentmeadow.in.net | ek_clearfake | |
domaingreen-grove-sync.vividgrove.in.net | ek_clearfake | |
domaingreenwild.wildfern.in.net | ek_clearfake | |
domainground-trail-monitor.rapidtrail.in.net | ek_clearfake | |
domainh0kuelyp.modernsignal.digital | ek_clearfake | |
domainhard-rock-base.vividrock.ru | ek_clearfake | |
domainhardlife.shratsurvivor.in.net | ek_clearfake | |
domainhardrock.solidyears.in.net | ek_clearfake | |
domainheat-sync-node.rapiddune.ru | ek_clearfake | |
domainheropath.shratsurvivor.in.net | ek_clearfake | |
domainhigh-altitude-sensor.clearcrest.ru | ek_clearfake | |
domainhigh-rise-monitor.urbanridge.ru | ek_clearfake | |
domainhigh-wall-monitor.brightcliff.in.net | ek_clearfake | |
domainhill-side-view-point.freshhill.ru | ek_clearfake | |
domainhistoryflowsystem.swallowtime.in.net | ek_clearfake | |
domainhourillusion.in.net | ek_clearfake | |
domainhumanunit.chelnperson.in.net | ek_clearfake | |
domainhydrological-collector.rapidbrook.ru | ek_clearfake | |
domainicetorrent.coldinriver.in.net | ek_clearfake | |
domainimpactanalysisview.globalstimul.in.net | ek_clearfake | |
domainimplementnega.in.net | ek_clearfake | |
domaininfrastructure-service.urbanlake.ru | ek_clearfake | |
domaininnaterecipe.inherentrecip.ru | ek_clearfake | |
domaininternalnodepoint.lubginany.in.net | ek_clearfake | |
domainintervalchecknode.swallowtime.in.net | ek_clearfake | |
domainintricessaucy.in.net | ek_clearfake | |
domainit-pine-management.smartpine.ru | ek_clearfake | |
domainiwkzzjit.rapidmatrix.digital | ek_clearfake | |
domainjoieshk7.hexalink.digital | ek_clearfake | |
domainjs0qnoh0.alphasync.digital | ek_clearfake | |
domainjy8vxjxs.lumenbit.digital | ek_clearfake | |
domainkoreansmall.ru | ek_clearfake | |
domainlaststand.shratsurvivor.in.net | ek_clearfake | |
domainleadgroup.chelnperson.in.net | ek_clearfake | |
domainlg1kpu12.microzen.digital | ek_clearfake | |
domainlight-grove-hub.brightgrove.ru | ek_clearfake | |
domainlight-valley-hub.brightvale.ru | ek_clearfake | |
domainlittlemarket.koreansmall.ru | ek_clearfake | |
domainlongroad.solidyears.in.net | ek_clearfake | |
domainlubginany.in.net | ek_clearfake | |
domainlumenbit.digital | ek_clearfake | |
domainlunarbridge.digital | ek_clearfake | |
domainmain-cool-harbor-sys.coolharbor.ru | ek_clearfake | |
domainmain-crest-auth.clearcrest.ru | ek_clearfake | |
domainmain-monitoring-station.vividrock.ru | ek_clearfake | |
domainmain-quick-dock.quickharbor.in.net | ek_clearfake | |
domainmaintool.baskadubutil.in.net | ek_clearfake | |
domainmakeoverwinter.in.net | ek_clearfake | |
domainmaltguard.brannysuppress.ru | ek_clearfake | |
domainmathlogic.arithmethair.in.net | ek_clearfake | |
domainmicblast.blowofmike.in.net | ek_clearfake | |
domainmicrozen.digital | ek_clearfake | |
domainminihouse.koreansmall.ru | ek_clearfake | |
domainmodernsignal.digital | ek_clearfake | |
domainmonitoringservice.snoozetrap.in.net | ek_clearfake | |
domainmountain-glow-base.glowridge.ru | ek_clearfake | |
domainnature-grove-data.vividgrove.in.net | ek_clearfake | |
domainnature-logic-base.wildfern.ru | ek_clearfake | |
domainnature-silent-sync.silentmeadow.in.net | ek_clearfake | |
domainnavigationsysunit.aircraftmodel.in.net | ek_clearfake | |
domainnetworkdatamanager.lubginany.in.net | ek_clearfake | |
domainnighttimber.darkbypine.in.net | ek_clearfake | |
domainnovacode.digital | ek_clearfake | |
domainocean-harbor-gate.coolharbor.ru | ek_clearfake | |
domainoceanpoint.detachfrigate.in.net | ek_clearfake | |
domainoldcore.solidyears.in.net | ek_clearfake | |
domainopen-field-data.silverfield.ru | ek_clearfake | |
domainopen-zone-monitor.clearfield.in.net | ek_clearfake | |
domainopenmatrix.digital | ek_clearfake | |
domainorbit-dash-control.orbitdash.in.net | ek_clearfake | |
domainorbit-logic-base.orbitdash.in.net | ek_clearfake | |
domainorbitdash.in.net | ek_clearfake | |
domainovfs585i.urbanforge.digital | ek_clearfake | |
domainpath-logic-unit.silverpath.in.net | ek_clearfake | |
domainpeak-vertex-auth.thenorthernvertex.com | ek_clearfake | |
domainpinegloom.darkbypine.in.net | ek_clearfake | |
domainpq2uim2y.velocore.digital | ek_clearfake | |
domainprimefusion.digital | ek_clearfake | |
domainpriorityflowcontrol.bloodsubsequen.in.net | ek_clearfake | |
domainprocessvalidation.implementnega.in.net | ek_clearfake | |
domainpublic-gateway-alpha.urbanlake.ru | ek_clearfake | |
domainquick-harbor-unit.quickharbor.in.net | ek_clearfake | |
domainquickharbor.in.net | ek_clearfake | |
domainquickpetal.fastleaf.in.net | ek_clearfake | |
domainquiet-air-monitor.quietwind.ru | ek_clearfake | |
domainquiet-field-monitor.silentmeadow.in.net | ek_clearfake | |
domainquietwind.in.net | ek_clearfake | |
domainquietwind.ru | ek_clearfake | |
domainr615p0ru.lumenbit.digital | ek_clearfake | |
domainrapid-dune-sand.rapiddune.ru | ek_clearfake | |
domainrapid-stream-data.rapidbrook.ru | ek_clearfake | |
domainrapid-trail-path.rapidtrail.in.net | ek_clearfake | |
domainrapidbrook.ru | ek_clearfake | |
domainrapiddune.ru | ek_clearfake | |
domainrapidfern.fastleaf.in.net | ek_clearfake | |
domainrapidmatrix.digital | ek_clearfake | |
domainrapidtrail.in.net | ek_clearfake | |
domainredstone.rockinred.in.net | ek_clearfake | |
domainregion-sync-base.brightvale.ru | ek_clearfake | |
domainremotedatachannel.intricessaucy.in.net | ek_clearfake | |
domainridge-data-point.glowridge.ru | ek_clearfake | |
domainrngj2amn.openmatrix.digital | ek_clearfake | |
domainrockember.rockinred.in.net | ek_clearfake | |
domainrockfeather.sparrowinrock.in.net | ek_clearfake | |
domainrockgrove.wildandstone.in.net | ek_clearfake | |
domainrockinred.in.net | ek_clearfake | |
domainroute-logic-sync.rapidtrail.in.net | ek_clearfake | |
domains2s942l0.modernsignal.digital | ek_clearfake | |
domainsatellite-data-node.orbitdash.in.net | ek_clearfake | |
domainseasonaltrendlog.makeoverwinter.in.net | ek_clearfake | |
domainsecure-logic-gateway.thenorthernvertex.com | ek_clearfake | |
domainsecureaccesspoint.lubginany.in.net | ek_clearfake | |
domainservicedesk.baskadubutil.in.net | ek_clearfake | |
domainshadowcone.darkbypine.in.net | ek_clearfake | |
domainshiftview.hourillusion.in.net | ek_clearfake | |
domainship-dock-control.coolharbor.ru | ek_clearfake | |
domainshipnode.detachfrigate.in.net | ek_clearfake | |
domainshratsurvivor.in.net | ek_clearfake | |
domainshsq4l7w.urbanforge.digital | ek_clearfake | |
domainsilent-flow-node.quietwind.ru | ek_clearfake | |
domainsilent-meadow-base.silentmeadow.in.net | ek_clearfake | |
domainsilentdraft.quietwind.in.net | ek_clearfake | |
domainsilentmeadow.in.net | ek_clearfake | |
domainsilenttriggerbase.snoozetrap.in.net | ek_clearfake | |
domainsilver-field-base.silverfield.ru | ek_clearfake | |
domainsilver-path-way.silverpath.in.net | ek_clearfake | |
domainsilver-zone-sync.silverfield.ru | ek_clearfake | |
domainsilverfield.ru | ek_clearfake | |
domainsilvermypath.in.net | ek_clearfake | |
domainsilvernode.digital | ek_clearfake | |
domainsilverpath.in.net | ek_clearfake | |
domainsilvertrail.silvermypath.in.net | ek_clearfake | |
domainskycurrent.clearatwind.in.net | ek_clearfake | |
domainsmart-timber-track.smartpine.ru | ek_clearfake | |
domainsmartpine.ru | ek_clearfake | |
domainsnoozetrap.in.net | ek_clearfake | |
domainsoftgust.quietwind.in.net | ek_clearfake | |
domainsolar-energy-control.brightvale.ru | ek_clearfake | |
domainsolar-grove-control.brightgrove.ru | ek_clearfake | |
domainsolidyears.in.net | ek_clearfake | |
domainsoultrack.afterlifetap.in.net | ek_clearfake | |
domainsoundreview.auditsounder.ru | ek_clearfake | |
domainspace-track-system.orbitdash.in.net | ek_clearfake | |
domainsparrowinrock.in.net | ek_clearfake | |
domainspiritlink.afterlifetap.in.net | ek_clearfake | |
domainspringclaim.takeoverspring.in.net | ek_clearfake | |
domainstaffbase.chelnperson.in.net | ek_clearfake | |
domainsteady-flow-brook.steadybrook.in.net | ek_clearfake | |
domainsteadybrook.in.net | ek_clearfake | |
domainstone-solid-base.urbanstone.in.net | ek_clearfake | |
domainstonewild.wildandstone.in.net | ek_clearfake | |
domainstonewing.sparrowinrock.in.net | ek_clearfake | |
domainstorm-bay-watch.stormbay.ru | ek_clearfake | |
domainstormbay.ru | ek_clearfake | |
domainstrategicdatasink.globalstimul.in.net | ek_clearfake | |
domainstreet-level-sync.urbanstone.in.net | ek_clearfake | |
domainsummit-cliff-sync.freshcliff.ru | ek_clearfake | |
domainsummit-sync-unit.glowridge.ru | ek_clearfake | |
domainswallowtime.in.net | ek_clearfake | |
domainswift-canyon-pass.swiftcanyon.ru | ek_clearfake | |
domainswift-flow-node.swiftcanyon.ru | ek_clearfake | |
domainswiftbranch.fastleaf.in.net | ek_clearfake | |
domainswiftcanyon.ru | ek_clearfake | |
domainswog3mgt.openmatrix.digital | ek_clearfake | |
domaint0ijoagy.crystalbit.digital | ek_clearfake | |
domaintakeoverspring.in.net | ek_clearfake | |
domaintasknode.baskadubutil.in.net | ek_clearfake | |
domaintechnicalsupportbox.aircraftmodel.in.net | ek_clearfake | |
domaintemporallogicunit.swallowtime.in.net | ek_clearfake | |
domainthenorthernvertex.com | ek_clearfake | |
domaintimeloop.hourillusion.in.net | ek_clearfake | |
domaintransit-harbor-node.quickharbor.in.net | ek_clearfake | |
domainultranode.ultranet.in.net | ek_clearfake | |
domainuniversalreachpoint.globalstimul.in.net | ek_clearfake | |
domainurban-data-point.urbanridge.ru | ek_clearfake | |
domainurban-infrastructure-node.urbanstone.in.net | ek_clearfake | |
domainurban-ridge-city.urbanridge.ru | ek_clearfake | |
domainurbanforge.digital | ek_clearfake | |
domainurbanlake.ru | ek_clearfake | |
domainurbanridge.ru | ek_clearfake | |
domainurbanstone.in.net | ek_clearfake | |
domainutilsync.baskadubutil.in.net | ek_clearfake | |
domainvbb24wmu.lumenbit.digital | ek_clearfake | |
domainvelocore.digital | ek_clearfake | |
domainverifyecho.auditsounder.ru | ek_clearfake | |
domainvertical-data-flow.brightcliff.in.net | ek_clearfake | |
domainvesselhub.detachfrigate.in.net | ek_clearfake | |
domainvitalstatisticsunit.bloodsubsequen.in.net | ek_clearfake | |
domainvivid-grove-tree.vividgrove.in.net | ek_clearfake | |
domainvividgrove.in.net | ek_clearfake | |
domainvividrock.ru | ek_clearfake | |
domainvo230hqh.cybervox.digital | ek_clearfake | |
domainvxnrtubh.primefusion.digital | ek_clearfake | |
domainwatchpoint.hourillusion.in.net | ek_clearfake | |
domainwater-network-node.rapidbrook.ru | ek_clearfake | |
domainwater-stream-analysis.steadybrook.in.net | ek_clearfake | |
domainweather-station-data.quietwind.ru | ek_clearfake | |
domainweather-warning-system.stormbay.ru | ek_clearfake | |
domainwild-leaf-trace.wildfern.ru | ek_clearfake | |
domainwildandstone.in.net | ek_clearfake | |
domainwildfern.in.net | ek_clearfake | |
domainwildfern.ru | ek_clearfake | |
domainwildhunt.shratsurvivor.in.net | ek_clearfake | |
domainwind-cliff-monitor.freshcliff.ru | ek_clearfake | |
domainwindglade.clearatwind.in.net | ek_clearfake | |
domainwindvoice.blowofmike.in.net | ek_clearfake | |
domainwinterupdatestack.makeoverwinter.in.net | ek_clearfake | |
domainwood-processing-unit.smartpine.ru | ek_clearfake | |
domainworkforce.chelnperson.in.net | ek_clearfake | |
domainzx45t73y.silvernode.digital | ek_clearfake | |
domainadditional-final-check.com | ek_clearfake | |
domaind-apps-exchange.com | ek_clearfake | |
domainfinalise-additiona-update.com | ek_clearfake | |
domainfjdeljty.info | ek_clearfake | |
domaincac.mitel.cz | hak5cloud_c2 | |
domainluygbgtd.cfd | fakeapp | |
domainmdeshyyeo.click | fakeapp | |
domainuswebzoomus.com | fakeapp | |
domainbirdbeginner.cfd | osx_atomic | |
domainzukharilx.world | osx_atomic | |
domainaansyvz3.top | mintsloader | |
domaindlnnbafkfekljei.top | mintsloader | |
domainmcdmbaalgakinec.top | mintsloader | |
domainkasykmp.cyou | lummac2 | |
domainridobad.cyou | lummac2 |
Threat ID: 69a01513b7ef31ef0be66b83
Added to database: 2/26/2026, 9:40:35 AM
Last enriched: 3/13/2026, 7:58:18 PM
Last updated: 4/13/2026, 1:38:22 AM
Views: 97
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.