Maltrail IOC for 2026-03-02
Maltrail IOC for 2026-03-02
AI Analysis
Technical Summary
This threat intelligence report details a Maltrail Indicator of Compromise (IOC) dated March 2, 2026, sourced from the CIRCL OSINT Feed. Maltrail is a network traffic detection system designed to identify suspicious or malicious network activity by analyzing traffic patterns and known threat indicators. The IOC is classified as malware-related but does not specify affected software versions or detailed technical indicators such as IP addresses, domains, or file hashes. The report is tagged with medium risk and is an observation-type event, indicating it is likely a detection or alert rather than a confirmed active exploit. No patches or mitigations are listed, and no known exploits are reported in the wild, suggesting this is an intelligence update rather than an emergent vulnerability. The technical details include a UUID and a timestamp, but no actionable signatures or behavioral patterns are provided. The lack of CWE entries implies no direct software vulnerability is identified. The IOC's classification under OSINT and network activity suggests it is intended for use in network monitoring and threat detection systems to enhance situational awareness. The medium severity rating reflects a moderate threat level, likely due to the potential for malware-related network anomalies that could impact confidentiality or availability if exploited. However, the absence of detailed indicators limits immediate defensive actions beyond enhanced monitoring and correlation with other threat intelligence sources.
Potential Impact
The potential impact of this threat is moderate. Since it relates to malware detection via network traffic analysis, organizations could face risks such as data exfiltration, network disruption, or unauthorized access if the underlying malware is active within their environments. However, the lack of specific exploit details or known active attacks reduces the immediacy of the threat. Organizations relying heavily on network infrastructure and monitoring tools may experience increased alert volumes or false positives if this IOC is integrated without context. The absence of patches or exploits suggests that the threat is currently more observational, serving as an early warning rather than an active attack vector. If the malware indicated by this IOC were to be exploited, it could affect confidentiality and availability, particularly in sectors with critical network dependencies. Overall, the impact is contained but warrants attention to prevent escalation.
Mitigation Recommendations
1. Integrate the Maltrail IOC into existing network security monitoring and intrusion detection systems to enhance detection capabilities. 2. Conduct regular network traffic analysis focusing on anomalies and patterns consistent with malware activity. 3. Correlate this IOC with other threat intelligence feeds to identify potential related indicators or emerging threats. 4. Maintain up-to-date network device firmware and security configurations to reduce attack surfaces. 5. Implement network segmentation to limit lateral movement in case of malware presence. 6. Educate security teams on interpreting OSINT-based IOCs to avoid alert fatigue and improve response accuracy. 7. Establish incident response procedures that include validation of OSINT alerts and escalation protocols. 8. Continuously monitor CIRCL and other reputable OSINT sources for updates or additional indicators related to this IOC. These steps go beyond generic advice by emphasizing integration, correlation, and operational readiness specific to OSINT-derived network threat intelligence.
Affected Countries
United States, Germany, France, United Kingdom, Netherlands, Japan, South Korea, Australia, Canada, Singapore
Indicators of Compromise
- url: https://api.github.com/repos/stamparm/maltrail/commits/6abf2ca77127c15820535b87c0e19783a2ec4262
- ip: 212.34.134.3
- ip: 31.59.139.31
- ip: 5.178.96.160
- ip: 77.105.139.80
- ip: 89.124.74.114
- ip: 91.84.123.250
- ip: 91.92.243.101
- ip: 94.26.106.194
- url: https://api.github.com/repos/stamparm/maltrail/commits/f485d10ff02729e9f7b3b0f04305c271347450c8
- ip: 216.250.252.103
- url: https://api.github.com/repos/stamparm/maltrail/commits/d6e73f30f2777a8ad6291998a119b57e5bbfc449
- url: https://cyberandramen.net/2026/03/02/before-the-proxy-uncovering-active-plugx-staging-infrastructure-linked-to-three-prc-actors
- domain: adimagemarketing.com
- domain: anbusivam.com
- domain: basecampbox.com
- domain: buywownow.com
- domain: creatday.com
- domain: doorforum.co
- domain: ecoafrique.net
- domain: fruitbrat.com
- domain: gestationsdiabetes.com
- domain: hopelitellc.com
- domain: ombut.com
- domain: phbusiness.net
- domain: turileco.net
- url: https://api.github.com/repos/stamparm/maltrail/commits/0d838114f6a39c38b74e80eb6c8143adeb4bf193
- domain: filedriveway.com
- domain: fileuploadhero.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/d89ed1cdff12d58bda88e4560c05ab2aff277016
- domain: myauthservicepb.com
- domain: userside08-verin0fo45.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/04cc04be52955c2b32613c96466bd63322a51b55
- ip: 115.191.18.57
- ip: 43.139.187.115
- ip: 95.181.162.121
- url: https://api.github.com/repos/stamparm/maltrail/commits/01e0914e85c0f326e1ff444a781ff812435e245a
- domain: aliborhani.ir
- domain: bambooairways.vn
- domain: mytravelfoods.org
- domain: bhgcfdt.cfd
- domain: denhgdxd.cfd
- domain: mlkkiooc.icu
- domain: tyhvcsio.sbs
- url: https://api.github.com/repos/stamparm/maltrail/commits/e38959e4e2db329dc8319c3c92abaf02297a05ff
- domain: metual.cyou
- domain: sremm.uno
- url: https://api.github.com/repos/stamparm/maltrail/commits/ebb03253bb60d473c3a4cecd840e28c84f8b74c3
- domain: airphysicianllc.com
- domain: apnisaree.com
- domain: bharatfinadvisors.com
- domain: grupoamepc.com
- domain: gwinnettveterans.com
- domain: hotelposadalacatrina.com
- domain: lushivf.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/c783cf1764e9201051fefc688da9e81985df9756
- url: https://x.com/JAMESWT_WT/status/2028380625904742532
- url: https://www.virustotal.com/gui/file/5da334eeb99fb0a64315eab4899d90a0db5a6562c406505d789eb1bbde4ed529/detection
- url: https://www.virustotal.com/gui/file/369a079956e89b337f797e4a7e8788c2ab574358c23cb907136144d9f5371e5e/detection
- url: https://www.virustotal.com/gui/file/3a9c1b39fac927a569c014428d75755037c371f6bf8b3cf98dcae8bb35d8eedf/detection
- ip: 116.203.167.195
- url: https://api.github.com/repos/stamparm/maltrail/commits/f89819ca84cd6ed20999608c09e9d87ead3fa55e
- domain: microsoai.com
- domain: shareyourartistry.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/7a0d00f8d50edd83ef462981c46ac4a2611b9d13
- domain: bricodeco.net
- url: https://api.github.com/repos/stamparm/maltrail/commits/ba29a1273db24e8315ea95cbf92706518cee5edb
- domain: seacapecod.net
- url: https://api.github.com/repos/stamparm/maltrail/commits/9ff539e4531feb36123fa5fe71b1b76d03a8ef86
- ip: 103.27.109.117
- ip: 108.165.100.85
- ip: 108.165.147.57
- ip: 108.165.155.157
- ip: 108.165.177.122
- ip: 166.88.100.64
- ip: 182.255.45.45
- ip: 198.20.153.140
- ip: 23.27.0.125
- ip: 23.27.0.237
- ip: 23.27.0.80
- ip: 23.27.199.143
- url: https://api.github.com/repos/stamparm/maltrail/commits/33b40bc68404585bf1be9d743a6e11fdb75a8ddd
- url: https://x.com/k3yp0d/status/2028417699206857158
- url: https://www.virustotal.com/gui/file/a8c380b57cb7c381ca6ba845bd7af7333f52ee4dc4e935e98b48bb81facad72b/detection
- domain: ai-like.net
- domain: bokjojo.com
- domain: boxic.org
- domain: domawe.net
- domain: grtrip.org
- domain: mazafakaerindahouse.info
- domain: nekjojo.com
- domain: yaami.org
- url: https://api.github.com/repos/stamparm/maltrail/commits/6d9952aad5791b4aee48505b7f4dbb1c6aedef79
- domain: farforshop.cfd
- domain: file-epq.pages.dev
- url: https://api.github.com/repos/stamparm/maltrail/commits/61e7913056e88b80fbc84b47d0bffc451118f1e2
- domain: doorforum.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/da0c211f6520db89224bce3a4987313e99e0cb04
- domain: file436518.host40k.cfd
- url: https://api.github.com/repos/stamparm/maltrail/commits/fad4fa56d6a6653e6612ab0fb7647857b6f36f38
- url: https://x.com/StopMalvertisin/status/2028106023228314097
- domain: host40k.cfd
- domain: sharehost13.sbs
- domain: file782747.host40k.cfd
- domain: node4.sharehost13.sbs
- url: https://api.github.com/repos/stamparm/maltrail/commits/00499fcaee1b0c1c45edb117c83a7cb25b24a774
- url: https://tria.ge/260301-qnby2aay9f/behavioral3
- url: https://api.github.com/repos/stamparm/maltrail/commits/e28d86299208bad9edab3036e1e87a4070d55491
- domain: questionic.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/af75795641ec1835bfc028f82e918ec295890987
- domain: account-calendly.com
- domain: account-captcha-desk.com
- domain: accountmime.com
- domain: accounts-help-center.com
- domain: admin-helpdesk.com
- domain: mail.account-help.info
- domain: ns1.account-help.info
- domain: ns2.account-help.info
- domain: redirpagesbkng.top
- domain: sign-in-op-token.com
- domain: thestayreserve.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/0b2bd1b6536e6aa0d8a2ed1b0031b1c5c7eaaa87
- url: https://x.com/JAMESWT_WT/status/2028465380704883183
- url: https://app.any.run/tasks/6b3e9f2a-e512-43b1-a948-2d12177b8734
- ip: 77.91.65.31
- domain: bookstablesoon.com
- domain: checkpulses.com
- domain: stayonbokablesol.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/5c1acf5b013197f889e311db54276d202c943acd
- domain: acconthelpdesk.com
- domain: account-help.info
- domain: account-helpdesk.icu
- domain: account-helpdesk.info
- domain: account-helpdesk.top
- domain: account-helps-desk.com
- domain: account-updatepulse.com
- domain: accountpulse.help
- domain: admin-activitycheck.com
- domain: admin.boikng.com
- domain: backend-dev.cdsuwxs.shop
- domain: boikng.com
- domain: booking.com-hubpartners.com
- domain: cdsuwxs.shop
- domain: checkaccountactivity.com
- domain: checkhelpdesk.com
- domain: com-hubpartners.com
- domain: czehiavin.com
- domain: czvineta.com
- domain: czzvineta.com
- domain: dannyveghs.com
- domain: dev.cdsuwxs.shop
- domain: edailnice-cz.com
- domain: edailnicez.com
- domain: edanice-cz.com
- domain: edanice.com
- domain: edanicecz.com
- domain: edarsite.com
- domain: edlinice-cz.com
- domain: edlinicecz.com
- domain: eviinet-si.com
- domain: evijetas.com
- domain: evinnet-si.com
- domain: evinnett-si.com
- domain: gobooking.cc
- domain: help-desk-account.com
- domain: helpdeskpulse.com
- domain: hoteltasker.top
- domain: keytel.click
- domain: learning-script.co.uk
- domain: lovehun.shop
- domain: marketing-travel-booking.com
- domain: mulia77menang.space
- domain: page-redirector.top
- domain: pre-register-v14.com
- domain: prjbk.com
- domain: prjbooking.com
- domain: promote-booking.com
- domain: pulse-help-desk.com
- domain: reducaodetaxa.info
- domain: rtpmulia77play.cfd
- domain: rtpmulia77play.lol
- domain: rtpmulia77play.mom
- domain: rtpmulia77play.site
- domain: rtpmulia77play.store
- domain: skyhustler.com
- domain: taxaadmistraviva.info
- domain: thepulseactivity.com
- domain: travel-booking.it.com
- domain: viguennte.com
- domain: viguentes.com
- domain: vincarscz.com
- domain: vinetaczc.com
- domain: vinuetis.com
- domain: voucherspider.com
- domain: woolora.pro
- url: https://api.github.com/repos/stamparm/maltrail/commits/8d79be0b0d247bc509d96dac3be62a16c364cc64
- domain: main-8i4.pages.dev
- url: https://api.github.com/repos/stamparm/maltrail/commits/5be26c61dea781592822fc4170d45df07e02da0d
- domain: grace-ayodele.workers.dev
- domain: wild-mud-21fa.grace-ayodele.workers.dev
- domain: shrill-breeze-e0f.grace-ayodele.workers.dev
- url: https://api.github.com/repos/stamparm/maltrail/commits/14e98ae8c9710dea377a6c82dbd672ec6d4fa0b3
- domain: a2aautonomous.com
- domain: a2achatbot.com
- domain: a2acurrency.com
- domain: a2aimpact.com
- domain: a2amodeling.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/076b3f1b3eadba3054e7c23e3f0b52749413d3f7
- url: https://x.com/sdcyberresearch/status/2028457016478281931
- domain: cdn-cloudauth.net
- domain: zip-check.online
- url: https://api.github.com/repos/stamparm/maltrail/commits/31b8a46ffd25034696ee4b8ab9e72f77460d6fa8
- url: https://x.com/k3yp0d/status/2028466573694890280
- url: https://api.github.com/repos/stamparm/maltrail/commits/7b38a8d5cd6d3237f3f5786e3c0202b7124e0c0c
- url: https://x.com/JAMESWT_WT/status/2028467782589796577
- url: https://x.com/JAMESWT_WT/status/2028468660696731907
- url: https://www.virustotal.com/gui/ip-address/62.164.177.230/relations
- url: https://www.virustotal.com/gui/file/ab00b169603439a8dd06a7b8a61d66a4893f33dc5b0b6466e3d5c16222361eb2/detection
- ip: 62.164.177.230
- domain: becauseineed.live
- domain: cloflart.com
- domain: futalong.space
- domain: howtofix.rest
- domain: nobovcs.com
- domain: quicrob.com
- domain: whovcs.com
- domain: gologpoint.com
- domain: josehpjon.com
- domain: proposalsantetic.com
- domain: thesolnov.com
- domain: wheregoesdown.com
- domain: whoiamsal.com
Maltrail IOC for 2026-03-02
Description
Maltrail IOC for 2026-03-02
AI-Powered Analysis
Technical Analysis
This threat intelligence report details a Maltrail Indicator of Compromise (IOC) dated March 2, 2026, sourced from the CIRCL OSINT Feed. Maltrail is a network traffic detection system designed to identify suspicious or malicious network activity by analyzing traffic patterns and known threat indicators. The IOC is classified as malware-related but does not specify affected software versions or detailed technical indicators such as IP addresses, domains, or file hashes. The report is tagged with medium risk and is an observation-type event, indicating it is likely a detection or alert rather than a confirmed active exploit. No patches or mitigations are listed, and no known exploits are reported in the wild, suggesting this is an intelligence update rather than an emergent vulnerability. The technical details include a UUID and a timestamp, but no actionable signatures or behavioral patterns are provided. The lack of CWE entries implies no direct software vulnerability is identified. The IOC's classification under OSINT and network activity suggests it is intended for use in network monitoring and threat detection systems to enhance situational awareness. The medium severity rating reflects a moderate threat level, likely due to the potential for malware-related network anomalies that could impact confidentiality or availability if exploited. However, the absence of detailed indicators limits immediate defensive actions beyond enhanced monitoring and correlation with other threat intelligence sources.
Potential Impact
The potential impact of this threat is moderate. Since it relates to malware detection via network traffic analysis, organizations could face risks such as data exfiltration, network disruption, or unauthorized access if the underlying malware is active within their environments. However, the lack of specific exploit details or known active attacks reduces the immediacy of the threat. Organizations relying heavily on network infrastructure and monitoring tools may experience increased alert volumes or false positives if this IOC is integrated without context. The absence of patches or exploits suggests that the threat is currently more observational, serving as an early warning rather than an active attack vector. If the malware indicated by this IOC were to be exploited, it could affect confidentiality and availability, particularly in sectors with critical network dependencies. Overall, the impact is contained but warrants attention to prevent escalation.
Mitigation Recommendations
1. Integrate the Maltrail IOC into existing network security monitoring and intrusion detection systems to enhance detection capabilities. 2. Conduct regular network traffic analysis focusing on anomalies and patterns consistent with malware activity. 3. Correlate this IOC with other threat intelligence feeds to identify potential related indicators or emerging threats. 4. Maintain up-to-date network device firmware and security configurations to reduce attack surfaces. 5. Implement network segmentation to limit lateral movement in case of malware presence. 6. Educate security teams on interpreting OSINT-based IOCs to avoid alert fatigue and improve response accuracy. 7. Establish incident response procedures that include validation of OSINT alerts and escalation protocols. 8. Continuously monitor CIRCL and other reputable OSINT sources for updates or additional indicators related to this IOC. These steps go beyond generic advice by emphasizing integration, correlation, and operational readiness specific to OSINT-derived network threat intelligence.
Technical Details
- Uuid
- fa6aa843-efeb-47d1-aeb4-37679b1ae471
- Original Timestamp
- 1772463610
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://api.github.com/repos/stamparm/maltrail/commits/6abf2ca77127c15820535b87c0e19783a2ec4262 | sectoprat | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/f485d10ff02729e9f7b3b0f04305c271347450c8 | apt_lazarus | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/d6e73f30f2777a8ad6291998a119b57e5bbfc449 | plugx | |
urlhttps://cyberandramen.net/2026/03/02/before-the-proxy-uncovering-active-plugx-staging-infrastructure-linked-to-three-prc-actors | plugx | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/0d838114f6a39c38b74e80eb6c8143adeb4bf193 | — | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/d89ed1cdff12d58bda88e4560c05ab2aff277016 | ek_clearfake | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/04cc04be52955c2b32613c96466bd63322a51b55 | supershell_c2 | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/01e0914e85c0f326e1ff444a781ff812435e245a | fakeapp | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/e38959e4e2db329dc8319c3c92abaf02297a05ff | android_joker | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/ebb03253bb60d473c3a4cecd840e28c84f8b74c3 | osx_atomic | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/c783cf1764e9201051fefc688da9e81985df9756 | netsupport | |
urlhttps://x.com/JAMESWT_WT/status/2028380625904742532 | netsupport | |
urlhttps://www.virustotal.com/gui/file/5da334eeb99fb0a64315eab4899d90a0db5a6562c406505d789eb1bbde4ed529/detection | netsupport | |
urlhttps://www.virustotal.com/gui/file/369a079956e89b337f797e4a7e8788c2ab574358c23cb907136144d9f5371e5e/detection | netsupport | |
urlhttps://www.virustotal.com/gui/file/3a9c1b39fac927a569c014428d75755037c371f6bf8b3cf98dcae8bb35d8eedf/detection | netsupport | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/f89819ca84cd6ed20999608c09e9d87ead3fa55e | plugx | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/7a0d00f8d50edd83ef462981c46ac4a2611b9d13 | plugx | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/ba29a1273db24e8315ea95cbf92706518cee5edb | plugx | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/9ff539e4531feb36123fa5fe71b1b76d03a8ef86 | plugx | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/33b40bc68404585bf1be9d743a6e11fdb75a8ddd | nightshadec2 | |
urlhttps://x.com/k3yp0d/status/2028417699206857158 | nightshadec2 | |
urlhttps://www.virustotal.com/gui/file/a8c380b57cb7c381ca6ba845bd7af7333f52ee4dc4e935e98b48bb81facad72b/detection | nightshadec2 | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/6d9952aad5791b4aee48505b7f4dbb1c6aedef79 | lummac2 | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/61e7913056e88b80fbc84b47d0bffc451118f1e2 | plugx | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/da0c211f6520db89224bce3a4987313e99e0cb04 | generic | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/fad4fa56d6a6653e6612ab0fb7647857b6f36f38 | generic | |
urlhttps://x.com/StopMalvertisin/status/2028106023228314097 | generic | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/00499fcaee1b0c1c45edb117c83a7cb25b24a774 | sectoprat | |
urlhttps://tria.ge/260301-qnby2aay9f/behavioral3 | sectoprat | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/e28d86299208bad9edab3036e1e87a4070d55491 | apt_lazarus | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/af75795641ec1835bfc028f82e918ec295890987 | ek_clearfake | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/0b2bd1b6536e6aa0d8a2ed1b0031b1c5c7eaaa87 | netsupport | |
urlhttps://x.com/JAMESWT_WT/status/2028465380704883183 | netsupport | |
urlhttps://app.any.run/tasks/6b3e9f2a-e512-43b1-a948-2d12177b8734 | netsupport | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/5c1acf5b013197f889e311db54276d202c943acd | ek_clearfake | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/8d79be0b0d247bc509d96dac3be62a16c364cc64 | apt_lazarus | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/5be26c61dea781592822fc4170d45df07e02da0d | apt_lazarus | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/14e98ae8c9710dea377a6c82dbd672ec6d4fa0b3 | osx_atomic | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/076b3f1b3eadba3054e7c23e3f0b52749413d3f7 | magentocore | |
urlhttps://x.com/sdcyberresearch/status/2028457016478281931 | magentocore | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/31b8a46ffd25034696ee4b8ab9e72f77460d6fa8 | apt_muddywater | |
urlhttps://x.com/k3yp0d/status/2028466573694890280 | apt_muddywater | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/7b38a8d5cd6d3237f3f5786e3c0202b7124e0c0c | netsupport | |
urlhttps://x.com/JAMESWT_WT/status/2028467782589796577 | netsupport | |
urlhttps://x.com/JAMESWT_WT/status/2028468660696731907 | netsupport | |
urlhttps://www.virustotal.com/gui/ip-address/62.164.177.230/relations | netsupport | |
urlhttps://www.virustotal.com/gui/file/ab00b169603439a8dd06a7b8a61d66a4893f33dc5b0b6466e3d5c16222361eb2/detection | netsupport |
Ip
| Value | Description | Copy |
|---|---|---|
ip212.34.134.3 | sectoprat | |
ip31.59.139.31 | sectoprat | |
ip5.178.96.160 | sectoprat | |
ip77.105.139.80 | sectoprat | |
ip89.124.74.114 | sectoprat | |
ip91.84.123.250 | sectoprat | |
ip91.92.243.101 | sectoprat | |
ip94.26.106.194 | sectoprat | |
ip216.250.252.103 | apt_lazarus | |
ip115.191.18.57 | supershell_c2 | |
ip43.139.187.115 | supershell_c2 | |
ip95.181.162.121 | supershell_c2 | |
ip116.203.167.195 | netsupport | |
ip103.27.109.117 | plugx | |
ip108.165.100.85 | plugx | |
ip108.165.147.57 | plugx | |
ip108.165.155.157 | plugx | |
ip108.165.177.122 | plugx | |
ip166.88.100.64 | plugx | |
ip182.255.45.45 | plugx | |
ip198.20.153.140 | plugx | |
ip23.27.0.125 | plugx | |
ip23.27.0.237 | plugx | |
ip23.27.0.80 | plugx | |
ip23.27.199.143 | plugx | |
ip77.91.65.31 | netsupport | |
ip62.164.177.230 | netsupport |
Domain
| Value | Description | Copy |
|---|---|---|
domainadimagemarketing.com | plugx | |
domainanbusivam.com | plugx | |
domainbasecampbox.com | plugx | |
domainbuywownow.com | plugx | |
domaincreatday.com | plugx | |
domaindoorforum.co | plugx | |
domainecoafrique.net | plugx | |
domainfruitbrat.com | plugx | |
domaingestationsdiabetes.com | plugx | |
domainhopelitellc.com | plugx | |
domainombut.com | plugx | |
domainphbusiness.net | plugx | |
domainturileco.net | plugx | |
domainfiledriveway.com | — | |
domainfileuploadhero.com | — | |
domainmyauthservicepb.com | ek_clearfake | |
domainuserside08-verin0fo45.com | ek_clearfake | |
domainaliborhani.ir | fakeapp | |
domainbambooairways.vn | fakeapp | |
domainmytravelfoods.org | fakeapp | |
domainbhgcfdt.cfd | fakeapp | |
domaindenhgdxd.cfd | fakeapp | |
domainmlkkiooc.icu | fakeapp | |
domaintyhvcsio.sbs | fakeapp | |
domainmetual.cyou | android_joker | |
domainsremm.uno | android_joker | |
domainairphysicianllc.com | osx_atomic | |
domainapnisaree.com | osx_atomic | |
domainbharatfinadvisors.com | osx_atomic | |
domaingrupoamepc.com | osx_atomic | |
domaingwinnettveterans.com | osx_atomic | |
domainhotelposadalacatrina.com | osx_atomic | |
domainlushivf.com | osx_atomic | |
domainmicrosoai.com | plugx | |
domainshareyourartistry.com | plugx | |
domainbricodeco.net | plugx | |
domainseacapecod.net | plugx | |
domainai-like.net | nightshadec2 | |
domainbokjojo.com | nightshadec2 | |
domainboxic.org | nightshadec2 | |
domaindomawe.net | nightshadec2 | |
domaingrtrip.org | nightshadec2 | |
domainmazafakaerindahouse.info | nightshadec2 | |
domainnekjojo.com | nightshadec2 | |
domainyaami.org | nightshadec2 | |
domainfarforshop.cfd | lummac2 | |
domainfile-epq.pages.dev | lummac2 | |
domaindoorforum.com | plugx | |
domainfile436518.host40k.cfd | generic | |
domainhost40k.cfd | generic | |
domainsharehost13.sbs | generic | |
domainfile782747.host40k.cfd | generic | |
domainnode4.sharehost13.sbs | generic | |
domainquestionic.com | apt_lazarus | |
domainaccount-calendly.com | ek_clearfake | |
domainaccount-captcha-desk.com | ek_clearfake | |
domainaccountmime.com | ek_clearfake | |
domainaccounts-help-center.com | ek_clearfake | |
domainadmin-helpdesk.com | ek_clearfake | |
domainmail.account-help.info | ek_clearfake | |
domainns1.account-help.info | ek_clearfake | |
domainns2.account-help.info | ek_clearfake | |
domainredirpagesbkng.top | ek_clearfake | |
domainsign-in-op-token.com | ek_clearfake | |
domainthestayreserve.com | ek_clearfake | |
domainbookstablesoon.com | netsupport | |
domaincheckpulses.com | netsupport | |
domainstayonbokablesol.com | netsupport | |
domainacconthelpdesk.com | ek_clearfake | |
domainaccount-help.info | ek_clearfake | |
domainaccount-helpdesk.icu | ek_clearfake | |
domainaccount-helpdesk.info | ek_clearfake | |
domainaccount-helpdesk.top | ek_clearfake | |
domainaccount-helps-desk.com | ek_clearfake | |
domainaccount-updatepulse.com | ek_clearfake | |
domainaccountpulse.help | ek_clearfake | |
domainadmin-activitycheck.com | ek_clearfake | |
domainadmin.boikng.com | ek_clearfake | |
domainbackend-dev.cdsuwxs.shop | ek_clearfake | |
domainboikng.com | ek_clearfake | |
domainbooking.com-hubpartners.com | ek_clearfake | |
domaincdsuwxs.shop | ek_clearfake | |
domaincheckaccountactivity.com | ek_clearfake | |
domaincheckhelpdesk.com | ek_clearfake | |
domaincom-hubpartners.com | ek_clearfake | |
domainczehiavin.com | ek_clearfake | |
domainczvineta.com | ek_clearfake | |
domainczzvineta.com | ek_clearfake | |
domaindannyveghs.com | ek_clearfake | |
domaindev.cdsuwxs.shop | ek_clearfake | |
domainedailnice-cz.com | ek_clearfake | |
domainedailnicez.com | ek_clearfake | |
domainedanice-cz.com | ek_clearfake | |
domainedanice.com | ek_clearfake | |
domainedanicecz.com | ek_clearfake | |
domainedarsite.com | ek_clearfake | |
domainedlinice-cz.com | ek_clearfake | |
domainedlinicecz.com | ek_clearfake | |
domaineviinet-si.com | ek_clearfake | |
domainevijetas.com | ek_clearfake | |
domainevinnet-si.com | ek_clearfake | |
domainevinnett-si.com | ek_clearfake | |
domaingobooking.cc | ek_clearfake | |
domainhelp-desk-account.com | ek_clearfake | |
domainhelpdeskpulse.com | ek_clearfake | |
domainhoteltasker.top | ek_clearfake | |
domainkeytel.click | ek_clearfake | |
domainlearning-script.co.uk | ek_clearfake | |
domainlovehun.shop | ek_clearfake | |
domainmarketing-travel-booking.com | ek_clearfake | |
domainmulia77menang.space | ek_clearfake | |
domainpage-redirector.top | ek_clearfake | |
domainpre-register-v14.com | ek_clearfake | |
domainprjbk.com | ek_clearfake | |
domainprjbooking.com | ek_clearfake | |
domainpromote-booking.com | ek_clearfake | |
domainpulse-help-desk.com | ek_clearfake | |
domainreducaodetaxa.info | ek_clearfake | |
domainrtpmulia77play.cfd | ek_clearfake | |
domainrtpmulia77play.lol | ek_clearfake | |
domainrtpmulia77play.mom | ek_clearfake | |
domainrtpmulia77play.site | ek_clearfake | |
domainrtpmulia77play.store | ek_clearfake | |
domainskyhustler.com | ek_clearfake | |
domaintaxaadmistraviva.info | ek_clearfake | |
domainthepulseactivity.com | ek_clearfake | |
domaintravel-booking.it.com | ek_clearfake | |
domainviguennte.com | ek_clearfake | |
domainviguentes.com | ek_clearfake | |
domainvincarscz.com | ek_clearfake | |
domainvinetaczc.com | ek_clearfake | |
domainvinuetis.com | ek_clearfake | |
domainvoucherspider.com | ek_clearfake | |
domainwoolora.pro | ek_clearfake | |
domainmain-8i4.pages.dev | apt_lazarus | |
domaingrace-ayodele.workers.dev | apt_lazarus | |
domainwild-mud-21fa.grace-ayodele.workers.dev | apt_lazarus | |
domainshrill-breeze-e0f.grace-ayodele.workers.dev | apt_lazarus | |
domaina2aautonomous.com | osx_atomic | |
domaina2achatbot.com | osx_atomic | |
domaina2acurrency.com | osx_atomic | |
domaina2aimpact.com | osx_atomic | |
domaina2amodeling.com | osx_atomic | |
domaincdn-cloudauth.net | magentocore | |
domainzip-check.online | magentocore | |
domainbecauseineed.live | netsupport | |
domaincloflart.com | netsupport | |
domainfutalong.space | netsupport | |
domainhowtofix.rest | netsupport | |
domainnobovcs.com | netsupport | |
domainquicrob.com | netsupport | |
domainwhovcs.com | netsupport | |
domaingologpoint.com | netsupport | |
domainjosehpjon.com | netsupport | |
domainproposalsantetic.com | netsupport | |
domainthesolnov.com | netsupport | |
domainwheregoesdown.com | netsupport | |
domainwhoiamsal.com | netsupport |
Threat ID: 69a5af5e32ffcdb8a243307b
Added to database: 3/2/2026, 3:40:14 PM
Last enriched: 3/2/2026, 3:55:29 PM
Last updated: 3/2/2026, 10:41:35 PM
Views: 9
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
Fake Zoom meeting 'update' silently installs unauthorized version of monitoring tool abused by cybercriminals to spy on victims
MediumPlugX Meeting Invitation via MSBuild and GDATA
MediumAbusing Windows File Explorer and WebDAV for Malware Delivery
MediumKRVTZ-NET IDS alerts for 2026-03-02
LowThreatFox IOCs for 2026-03-01
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.