Reconnecting to live updates…
Maltrail IOC for 2026-03-12
Severity: mediumType: malware
The provided information describes a Maltrail Indicator of Compromise (IOC) dated March 12, 2026, sourced from the CIRCL OSINT feed. It is classified as malware-related network activity with a medium risk level. No specific affected versions, exploits in the wild, or patches are indicated. The IOC appears to be an observation from open-source intelligence without detailed technical indicators or attack vectors. Due to the lack of detailed technical data and absence of known exploits, the threat is assessed as medium severity. Organizations should monitor network traffic for suspicious activity and maintain updated threat intelligence feeds. The threat is relevant globally but especially for countries with high internet infrastructure usage and malware monitoring capabilities. Practical mitigations include enhancing network monitoring, employing threat intelligence integration, and ensuring incident response readiness. No direct CVSS score is available, so severity is based on potential impact and available data.
AI Analysis
Technical Summary
This threat report concerns a Maltrail IOC dated March 12, 2026, sourced from the CIRCL OSINT feed, which is a recognized open-source intelligence provider. Maltrail is a network traffic detection system that identifies suspicious or malicious activity by analyzing network traffic patterns and known indicators. The IOC is categorized under malware and network activity, indicating detection of potentially malicious network behavior. However, the report lacks specific technical indicators such as IP addresses, domain names, or file hashes, and no affected software versions or exploits in the wild are reported. The medium severity classification suggests a moderate risk based on observed network activity rather than confirmed active exploitation. The absence of patches or mitigation links implies this is an observational report rather than a vulnerability requiring immediate remediation. The technical details include a UUID and a timestamp but no further actionable data. This type of IOC is typically used by security teams to update detection rules and enhance monitoring capabilities rather than to respond to an active exploit campaign. The threat intelligence is tagged as unsupervised manual collection, indicating it was gathered through manual OSINT methods without automated validation. Overall, this IOC serves as a network threat indicator to be integrated into security monitoring systems to detect potential malware-related network anomalies.
Potential Impact
The potential impact of this IOC is primarily on network security monitoring and threat detection capabilities. Organizations worldwide could experience increased detection of suspicious network activity related to malware, enabling earlier identification of potential compromises. However, since no active exploits or specific malware payloads are identified, the direct impact on confidentiality, integrity, or availability is limited unless correlated with other threat intelligence. The medium severity suggests that while the threat is notable, it does not represent an immediate or critical risk. Organizations lacking robust network monitoring may miss early signs of malware activity, potentially leading to delayed incident response. Conversely, those with mature security operations can leverage this IOC to enhance detection and reduce dwell time of threats. The absence of patchable vulnerabilities means the impact is more about detection and response rather than prevention through software updates. Overall, the impact is moderate and focused on improving situational awareness and network defense posture.
Mitigation Recommendations
To effectively mitigate risks associated with this IOC, organizations should integrate the Maltrail IOC data into their existing Security Information and Event Management (SIEM) and Intrusion Detection/Prevention Systems (IDS/IPS). Enhancing network traffic analysis capabilities to detect anomalies consistent with malware activity is critical. Regularly updating threat intelligence feeds, including CIRCL OSINT and Maltrail data, ensures timely detection of emerging threats. Security teams should conduct proactive network traffic baselining to distinguish normal from suspicious behavior. Implementing network segmentation can limit lateral movement if malware is detected. Incident response plans should be updated to include procedures for investigating and responding to network activity alerts derived from such IOCs. Additionally, organizations should train security analysts to interpret and act on OSINT-derived indicators, given their unsupervised collection nature. Since no patches are available, focusing on detection, monitoring, and rapid response is essential. Finally, sharing findings and IOC updates with trusted cybersecurity communities can enhance collective defense.
Affected Countries
United States, Germany, France, United Kingdom, Canada, Australia, Netherlands, Japan, South Korea, Singapore
Indicators of Compromise
- url: https://api.github.com/repos/stamparm/maltrail/commits/d9bb2f4d09e548d600187533dc2941b94dc2c345
- domain: huangchaodh.buzz
- url: https://api.github.com/repos/stamparm/maltrail/commits/cc12eb9068ae6d23eb4a60975fefeec1ff17ad8b
- domain: empornium.site
- url: https://api.github.com/repos/stamparm/maltrail/commits/df5f3eb4437edbb248be18c3a4b9518338c764e6
- domain: rvtoolsai.com
- domain: rvtoolsbox.com
- domain: rvtoolsit.com
- domain: rvtoolsrun.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/9f4c1a3e6c3723e553b4f1c82bc59a3689361142
- domain: cswift.help
- domain: cyrebu.shop
- url: https://api.github.com/repos/stamparm/maltrail/commits/91098f030d46e7d2555124dcace97b67492ba770
- domain: account-kakao.dynv6.net
- domain: login.account-kakao.dynv6.net
- domain: nid-naverdqy.3utilities.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/dc076787db00e6207af4de667ec2d7137ec1b763
- domain: app.highmatch.cloud
- domain: app.jumpshare.online
- domain: highmatch.cloud
- domain: jumpshare.online
- domain: socket.decentralizeddataexchangeinferencelayer.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/13af0511d6bbf918fe453e96f00a4172f53b93f1
- ip: 43.99.37.69
- url: https://api.github.com/repos/stamparm/maltrail/commits/48bf09f33d66ad849d9bb2b2cb52f3b8813d8434
- domain: amazoninternal.com
- domain: mydisneysso.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/872a00327c55d40d6b9babce40c7e778331afcd3
- domain: 247quantumcore.click
- domain: 365orbitgroup.sbs
- domain: advanta24investments.click
- domain: aleespace.click
- domain: allegrolokalnie.pls2gkjrekor25xk.sbs
- domain: alpha1network.click
- domain: arcanaspace.digital
- domain: argoletspace.digital
- domain: axisoneunion.digital
- domain: backletcloud.click
- domain: baluthub.digital
- domain: batlanbase.click
- domain: baxerekuisholdings99.digital
- domain: bebravehub.digital
- domain: beladleworksco.digital
- domain: belvioraquin.sbs
- domain: besekotuyiussystems24.digital
- domain: bilidizexsolutions88.click
- domain: bineduexconsulting.digital
- domain: bomuduwiexresources.digital
- domain: brisanceworks.digital
- domain: broughtlayer.digital
- domain: bugupiiacapitalinc.digital
- domain: carinalspace.digital
- domain: centernovacorex.click
- domain: cevevoumadvisory12.digital
- domain: ceweboloranalyticsinc.click
- domain: chicagolayer.click
- domain: chivarroflowco.digital
- domain: chowanocstudio.digital
- domain: cilowuyionpartners.click
- domain: cojuqicusoperations.click
- domain: coliqaveisanalyticsnet.click
- domain: contactstudio.click
- domain: copoduaventures16.click
- domain: corsetrybase.digital
- domain: crimmerbase.click
- domain: crockygrid.digital
- domain: cutenuhormanagementnet.digital
- domain: cyberchain1.sbs
- domain: cylorelira.sbs
- url: https://api.github.com/repos/stamparm/maltrail/commits/38d671a21ccdc601fbd42034f59aa4a6de1e34a7
- url: https://www.virustotal.com/gui/ip-address/152.32.138.225/relations
- domain: appdocdynamic.mydns.bz
- domain: blogreference.dynuddns.net
- domain: bloguresource.mydns.bz
- domain: chk.controlbloginfo.mydns.bz
- domain: chk.ercmbasedoc.mydns.bz
- domain: chk.supportnpdisp.mydns.bz
- domain: doc.docrequireaccess.mydns.bz
- domain: doc.lnkuserauth.giize.com
- domain: doc.supportnpdisp.mydns.bz
- domain: docinfo.appdocdynamic.mydns.bz
- domain: docinfo.blogreference.dynuddns.net
- domain: docinfo.bloguresource.mydns.bz
- domain: docinfo.dkimbasedoc.mydns.bz
- url: https://api.github.com/repos/stamparm/maltrail/commits/2278dd9c9e5af1581597f9f8a7ec90ba2ddba412
- domain: acessointamacaoeletronica.com
- domain: eldoradocounty.biz
- domain: gochev.org
- domain: hairdb.com
- domain: hamdgallop.online
- domain: homeaction.sbs
- domain: mailverificaoutlook.com
- domain: notificacao-intimacao-eletronica.com
- domain: rectalmania.com
- domain: zhamzuo.com
- domain: zhoppers-nl.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/2b172a22608fdc46652e60135f5161ccae95dc92
- url: https://x.com/asilva_fk/status/2031764392195297566
- url: https://public.vydar.net/ZenoX%20-%20VENON-%20O%20Primeiro%20Banker%20RAT%20Brasileiro%20em%20Rust%20-%20Versa%cc%83o%20Aberta%20-%20EN.pdf
- ip: 149.33.22.222
- ip: 149.56.205.237
- ip: 192.99.226.117
- ip: 206.0.29.58
- ip: 212.69.5.12
- ip: 212.69.5.84
- ip: 34.227.229.85
- ip: 51.222.75.248
- ip: 51.222.75.250
- domain: brasildigitalmotors.com
- domain: brasilmotorsvs14.com
- domain: brasilonlineweb15.com
- domain: btowersfundoinvt.com.br
- domain: clubedosbichos.bet
- domain: conectividadeprime.site
- domain: consultarempresas.com
- domain: digitalmoineyp.com
- domain: fastsoluction.site
- domain: lazybearpottery.net
- domain: nvlink-servicebr.com
- domain: portalhondihs.com
- domain: adm.clubedosbichos.bet
- domain: ip248.ip-51-222-75.net
- domain: ip250.ip-51-222-75.net
- domain: mail.btowersfundoinvt.com.br
- domain: portal.portalhondihs.com
- domain: rifa.brasdasorte.site
- url: https://api.github.com/repos/stamparm/maltrail/commits/089e52d2e25965b9483ee25bb33c36644f0b58d0
- url: https://sansec.io/research/sessionreaper
- domain: sagecrafft.com
- domain: worcksbot.com
- domain: tecnokauf.ru
- domain: docinfo.ntaddressdoc.mydns.bz
- domain: docinfo.ntsgojilists.mydns.bz
- domain: docrequireaccess.mydns.bz
- domain: edoc.appdocdynamic.mydns.bz
- domain: edoc.blogreference.dynuddns.net
- domain: edoc.bloguresource.mydns.bz
- domain: edoc.infoblogrequire.mydns.bz
- domain: edoc.ntaddressdoc.mydns.bz
- domain: edoc.ntprefdoc.mydns.bz
- domain: ercmbasedoc.mydns.bz
- domain: info.controlbloginfo.mydns.bz
- domain: infoblogrequire.mydns.bz
- domain: infoinvoicebook.dynuddns.com
- domain: invoice.appdocdynamic.mydns.bz
- domain: invoice.blogreference.dynuddns.net
- domain: invoice.bloguresource.mydns.bz
- domain: invoice.docrequireaccess.mydns.bz
- domain: invoice.epsdocgoji.mydns.bz
- domain: invoice.ercmbasedoc.mydns.bz
- domain: invoice.infoinvoicebook.dynuddns.com
- domain: invoice.ntaddressdoc.mydns.bz
- domain: invoice.supportnpdisp.mydns.bz
- domain: lnkuserauth.giize.com
- domain: nid.ublogblock.mydns.bz
- domain: ntaddressdoc.mydns.bz
- domain: ntdispsize.ddnsguru.com
- domain: ntlinedoc.mydns.bz
- domain: ntprefdoc.mydns.bz
- domain: ntsgojilists.ddnsguru.com
- domain: ntsgojilists.mydns.bz
- domain: origindocgoji.mydns.bz
- domain: supportnpdisp.mydns.bz
- domain: taxdoc.bloguresource.mydns.bz
- domain: taxdoc.dkimbasedoc.mydns.bz
- domain: taxdoc.infoblogrequire.mydns.bz
- domain: usr.appdocdynamic.mydns.bz
- domain: usr.blogreference.dynuddns.net
- domain: usr.dkimbasedoc.mydns.bz
- domain: usr.epsdocgoji.mydns.bz
- domain: usr.ntprefdoc.mydns.bz
- domain: verify.controlbloginfo.mydns.bz
- domain: verify.supportnpdisp.mydns.bz
- url: https://api.github.com/repos/stamparm/maltrail/commits/5766b81f0dc20f32c32a8bf2e29af163fee566fa
- url: https://x.com/1ZRR4H/status/2031134299185987599
- url: https://www.virustotal.com/gui/file/dabed87b9eef8d557f55c573583d7807f31510b6bcce9f615d4b554510950d00/detection
- domain: nicotine.sh
- domain: umbra.by
- domain: umbra.st
- domain: umbraforums.net
- domain: assets.umbra.st
- domain: dacepiyagiiaindustriesnet.click
- domain: datafuturedynamics.pics
- domain: davivohugeainvestments.click
- domain: dawehugipeorinvestments.digital
- domain: dayusuwiainvestmentsinc.digital
- domain: depoxocuussolutions.digital
- domain: deyobizisholdingsco.digital
- domain: didesezorsystemsco.digital
- domain: diqesesuiaindustries.click
- domain: divudogamanagementinc.click
- domain: dixedosausinvestments.click
- domain: dizuqeorconsulting.digital
- domain: dojoxiliscapital.click
- domain: dokononuusanalytics.click
- domain: dolehekusholdings.digital
- domain: dorivalente.sbs
- domain: dozozamogiaadvisory.click
- domain: drimoraquess.sbs
- domain: duboheyissolutionsltd.digital
- domain: dukuwezuumservices.digital
- domain: duparesoqissolutions.click
- domain: duvagiqiiagroupinc.digital
- domain: duxocuumpartnersco.sbs
- domain: eclogicgridio.digital
- domain: electroflowio.click
- domain: fadulidorventures.digital
- domain: fafehesigorholdings.click
- domain: fafemigiaanalyticsinc.digital
- domain: falimeqisventures.digital
- domain: falorivonexa.sbs
- domain: felizuuscollectiveco.click
- domain: ferolivantaq.sbs
- domain: filearchivepoint.com
- domain: filedigitalspace.com
- domain: filehostingworld.com
- domain: filemediastore.com
- domain: fileuploadsystem.com
- domain: finadapewusadvisoryco.digital
- domain: fizabotaexcapital21.digital
- domain: flakiestlabsco.digital
- domain: floodylayer.click
- domain: fomimepaiaconsulting.digital
- domain: fucisujuciusadvisory.click
- domain: fugamezewuaconsulting.digital
- domain: funiculihubio.digital
- domain: fuzorijutuisventures.click
- domain: gabohagiumholdings12.click
- domain: gagobejonoperations.digital
- domain: gappyhub.digital
- domain: gayideuscollective.digital
- domain: gayofupulaorsystems2026.click
- domain: gejizojeusconsulting.digital
- domain: gekahohocoroperationsltd.digital
- domain: gemauvecore.click
- domain: gidetexaveusresources.click
- domain: gixupocisresources.digital
- domain: goculegeneaventures.digital
- domain: gojimigonmanagementco.digital
- domain: gristygrid.click
- domain: gucagaraiamanagement.click
- domain: guzobiexsystems.click
- domain: haleloumsolutions.digital
- domain: halistroveano.sbs
- domain: haxawosaumgroup12.digital
- domain: headstaygrid.click
- domain: hegeqofukeorservices.digital
- domain: hellrootflow.digital
- domain: hesiroxopeiscapitalnet.click
- domain: hevuwuisadvisory.digital
- domain: hixupowiacollective.digital
- domain: hofoxutonanalytics.click
- domain: horepemamaoperations.digital
- domain: horizonmetrics101.sbs
- domain: hotecumusventures8.click
- domain: immobilebase.click
- domain: iopatternvortex.sbs
- domain: jacukeonventures2026.click
- domain: jajuvaharonventuresnet.click
- domain: jerugojeronresources.click
- domain: jigotudefumsystems.digital
- domain: jivesobaiaoperations.digital
- domain: jogupeyazuiamanagement26.digital
- domain: johozeonventuresltd.click
- domain: joqoceheisindustries.click
- domain: judesuxiaholdings.digital
- domain: julasehigexconsulting.digital
- domain: juticafilaonsystems12.digital
- domain: kadenaxaexholdings88.click
- domain: kahunitokonpartners.click
- domain: karehoiaventures.digital
- domain: kaxatakacaconsulting.digital
- domain: kegoyosuwapartners.digital
- domain: kevaconoxumholdings.click
- domain: kicafevosaiaholdings.click
- domain: kigomoceriongroup.digital
- domain: kikoyibexventures.click
- domain: kizokihuliumadvisory48.click
- domain: kobegujobaaholdings.digital
- domain: kosoyevionconsultinginc.digital
- domain: koyobitonconsultinginc.click
- domain: kudemamayonadvisory.digital
- domain: kuliwigorpartnersco.digital
- domain: lalukoneiaservicesltd.digital
- domain: ledofoneisconsulting.click
- domain: leftercore.digital
- domain: lexicajiamanagement2026.click
- domain: ligajexubiaadvisory.click
- domain: litewayobisventuresco.click
- domain: lofaraiaoperations.digital
- domain: loguqecovorpartners.click
- domain: lolocahitorresources.digital
- domain: loquxagoxiscollective.digital
- domain: lozaxuvonservices.click
- domain: lozengespace.digital
- domain: lumirexanvo.sbs
- domain: luxoxaorconsulting2026.digital
- domain: malirexavia.sbs
- domain: maskettelabs.click
- domain: matrixenterprise101.sbs
- domain: mavoqatusinvestments.digital
- domain: medukeborsolutions.digital
- domain: mefutojirusresources.digital
- domain: meralivonque.sbs
- domain: mexifosumsystems.click
- domain: miwuxesagussolutions.click
- domain: mocukepooncollective.digital
- domain: modestycloud.digital
- domain: monisumeispartners.click
- domain: mormyridspace.digital
- domain: movereziagroup.sbs
- domain: mozuficuceusgroup.digital
- domain: nacipimorinvestmentsinc.click
- domain: nacojeexmanagement.click
- domain: naqanujisanalytics64.digital
- domain: naqayecisservices.click
- domain: navirexolun.sbs
- domain: nebezuliboradvisory99.digital
- domain: negedinicaoroperationsinc.click
- domain: nehurukeniscapital.digital
- domain: nenejuexpartners.click
- domain: nerevihutiiscapital.digital
- domain: neuralglobalstack.click
- domain: nexus1core.digital
- domain: niqotowiuminvestmentsco.click
- domain: nizobakiscapital.digital
- domain: notopeqaiaadvisory26.digital
- domain: nulemozacaservices.digital
- domain: nuqakehelisindustries.digital
- domain: nuzukuonoperations48.digital
- domain: otogenictech.digital
- domain: pabogujayeonconsulting.click
- domain: papelihukeusinvestments.click
- domain: paricufezaservices.click
- domain: pebosikuhiapartners.click
- domain: pegakezumeiamanagement.click
- domain: pegecocazusoperations26.digital
- domain: pekadaumsolutions.click
- domain: pelafibonventures.click
- domain: perinaciissystems.digital
- domain: pipopatanorsystems.digital
- domain: piraxinefeaholdings.digital
- domain: pls2gkjrekor25xk.sbs
- domain: popenotavausmanagement2026.digital
- domain: preplanlabs.digital
- domain: propendspace.digital
- domain: proroyalcloud.click
- domain: puditosoweumsolutions.click
- domain: puppydomlabs.digital
- domain: puwofomuorventures.digital
- domain: qacoxameamanagement.digital
- domain: qakayepiexcollectivenet.click
- domain: qawilarafiacapital.digital
- domain: qequyaxoumsolutions.click
- domain: qeteceniaconsultingnet.digital
- domain: qifihipalaisinvestmentsco.digital
- domain: qirigaponcapital.click
- domain: qokubitawiexcapitalltd.digital
- domain: qowuriumanalytics2026.click
- domain: qua-ntumstellargroup.digital
- domain: qubizaqijeonmanagementinc.digital
- domain: qujahuumventures.digital
- domain: qulimanoexsolutionsco.click
- domain: qusidisexsystems.digital
- domain: quyuvevaonmanagement.click
- domain: rabbitrylayer.digital
- domain: rapinanexonindustries.click
- domain: redadebetaorconsulting.digital
- domain: relojibezummanagementltd.digital
- domain: remugonorcollective.click
- domain: ripizeroexholdings24.click
- domain: rivujeumservices.digital
- domain: roughagestudio.click
- domain: rubehaumindustriesco.digital
- domain: rudolfspace.digital
- domain: ruggedergrid.digital
- domain: rujejezormanagementnet.digital
- domain: runugekuzaiaholdings16.click
- domain: ruyikixivumsolutions.digital
- domain: sakajeriyiumsolutionsinc.click
- domain: sapphistbase.click
- domain: satapepeussolutionsltd.digital
- domain: saxapevoorconsulting21.click
- domain: sayemitaexservices.click
- domain: scarplabs.digital
- domain: seheloasystems.click
- domain: sehucohufiaoperations.digital
- domain: semiruintech.digital
- domain: seroniphalo.sbs
- domain: shencore.digital
- domain: sigmamatrix.sbs
- domain: siteciaanalytics.click
- domain: snipystack.click
- domain: sokamosicoorsystems.click
- domain: soucarstackco.digital
- domain: spikeletworks.digital
- domain: sturmiangrid.digital
- domain: sudanipaorgroup88.click
- domain: sujapuaoperations.click
- domain: suludoiaoperations.digital
- domain: sutarehifuiaventuresco.digital
- domain: tagadejetusresourcesltd.click
- domain: tajosepaindustries.digital
- domain: tavenuderuscapitalnet.click
- domain: terra365labs.click
- domain: tewsomebase.digital
- domain: theftdomlayer.click
- domain: tinemanhub.digital
- domain: tisuyivavummanagement21.digital
- domain: titisajugongroup8.digital
- domain: tizifidilaanalytics.click
- domain: toggelflow.digital
- domain: toreqosiagroup.click
- domain: trishnabase.click
- domain: tsattinelabsco.click
- domain: tzedakahbase.digital
- domain: ubiquegrid.digital
- domain: ughtenflowio.digital
- domain: ulivarioivara.sbs
- domain: untruismcloud.click
- domain: vatamudofuuscapital.digital
- domain: vaultlumen365.sbs
- domain: vejekaxulaholdings.click
- domain: vepogosiyuasolutions26.digital
- domain: veronalisquo.sbs
- domain: vicuhikiiacollective.click
- domain: vigutionadvisory.digital
- domain: vipizuiaholdingsltd.digital
- domain: virihowoxusresources.click
- domain: visionpartners.click
- domain: vobarucexservices88.digital
- domain: vohoxicafiiasystems21.digital
- domain: vomilejiaresources.click
- domain: voqoteyonexcapital.click
- domain: vortex101bureau.click
- domain: voxoqewufexoperations.digital
- domain: voyiduciqeissystems.click
- domain: vukelagipaiaholdingsco.digital
- domain: vupajusoqoisinvestments.click
- domain: wanenociisindustries.digital
- domain: waraciexcollectivenet.click
- domain: wazupobaexcapital.digital
- domain: wehapaxifiainvestments36.digital
- domain: wenaxatidouscollective2026.click
- domain: wexitalabuisoperations8.digital
- domain: wezeqesoiaventuresltd.click
- domain: wicewogozumcollective.digital
- domain: wikemuteonmanagement.digital
- domain: wixodokiquscollective16.click
- domain: wodebocofaorresources.digital
- domain: wohopibonadvisory.digital
- domain: wowikoonsolutions.digital
- domain: wucireqosusgroup.digital
- domain: wupevefoisservices.click
- domain: xafadusuzonpartners.digital
- domain: xalelovoaresourcesltd.digital
- domain: xaloriventa.sbs
- domain: xekiduqijorconsulting.digital
- domain: xekifahonadvisory.click
- domain: xeqenerepeexconsulting2026.digital
- domain: xicexapiongroup24.digital
- domain: xunufoxiumconsulting64.click
- domain: xusokibusconsulting99.digital
- domain: yabimiexpartners.click
- domain: yanotagiqaaanalytics26.digital
- domain: yanujiacapital.digital
- domain: yedofoonindustriesco.click
- domain: yeyubaboroorventures.digital
- domain: yicasomalexoperations.digital
- domain: yigekumihonsolutions.click
- domain: yiwurupusanalytics12.digital
- domain: yoraleisindustries.click
- domain: yoyejuquporcollective.click
- domain: zahazousventures.click
- domain: zelatrixone.sbs
- domain: zenithsynthstack.digital
- domain: zepharionexo.sbs
- domain: zeporapiiaadvisoryco.click
- domain: zimatiyonresources.click
- domain: zitzithstudioco.click
- domain: zobajewupexsolutions.digital
- domain: zohonodexservices.digital
- domain: zoyicasuqexindustries12.digital
- domain: zuhurovawuisindustries.digital
- domain: zumimeteciaresources.digital
- domain: zuzihamooranalytics.digital
- url: https://api.github.com/repos/stamparm/maltrail/commits/c9070ea5019b69cc7a093d1c00557e08c2979ef2
- domain: auth09-internalreview2.digital
- domain: authweb08-pagesec8.sbs
- domain: cp-input-tvp.com
- domain: metrobankonline.live
- domain: new-coptivbk-check.com
- domain: traderepublic-service.im
- url: https://api.github.com/repos/stamparm/maltrail/commits/ca27ed7492df7346dbbfc2fe2ec43afc22e49099
- domain: apple.support-page-1519.com
- domain: storgvkam.pages.dev
- domain: support-page-1519.com
- domain: americasgrocerystore.com
- domain: cravinghour.com
- domain: desmondswayne.com
- domain: dibocars.com
- domain: freedomairlinekenya.com
- domain: kouncel-eg.com
- domain: teccat-store.com
- domain: vlablast.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/5cb6237ef5333f58398e6e58da58b38d42fae37b
- domain: airdefence.gl
- domain: deluxe.gl
- domain: explorer.vg
- domain: github-repository.gl
- domain: krd-ugpromt.com
- domain: microservice.gl
- url: https://api.github.com/repos/stamparm/maltrail/commits/a7d82aa1609b927d1ba02bf26978dd4501b73f42
- url: https://www.virustotal.com/gui/ip-address/157.230.161.221/relations
- domain: golem.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/7dbf2e2a0028d32992c37c6e474b5585837c2ac2
- url: https://www.virustotal.com/gui/file/006b45c6583e8d2f5239fd5a6ab8f6d4491d22f0eb7e83aa47cb8f7a8dcea89a/detection
- domain: mnogolik002.xyz
- url: https://api.github.com/repos/stamparm/maltrail/commits/2a95ebb6a8103571c9e44286c046465e368f45a0
- domain: cloudc2.exchagetech.ca
- url: https://api.github.com/repos/stamparm/maltrail/commits/c2f0ec2fe228bd4466f077b022de286878735bc9
- url: https://x.com/smica83/status/2032056433869545648
- domain: handbags-upgrades-magnitude-direct.trycloudflare.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/bfe606e824484b98fbcba8fbe8e4865ffe38161f
- domain: ads-home.online
- domain: consultaempresa.online
- domain: eurobic.site
- domain: receita-fazendaguias.site
- domain: sosyalajansiniz.com
- domain: zekeriamusic.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/f2747bd1d846680fa7b626ca666b4d8a9ab65e6e
- domain: adimplementors.com
- domain: adsgoogie.online
- domain: bbves.online
- domain: biton.finance
- domain: bits0fgold.li
- domain: blt2c.site
- domain: busssines.online
- domain: coinmannia.online
- domain: coinult.site
- domain: coirnmania.online
- domain: dexclaim-app.info
- domain: dlnetpo.tk
- domain: dlnetseg.tk
- domain: eurobic.pl
- domain: gamexgala.com
- domain: msdvertsgn.digital
- domain: n0vadax.online
- domain: novadlax.com
- domain: novoweb66.com
- domain: plataformads.info
- domain: promoradiosucesso.com
- domain: promosepotify.com
- domain: solscans.info
- domain: supermercadomk.site
- domain: trafficshareaholic.online
- domain: vaidevisa-landing.online
- domain: valeltax.com
- domain: valeltaxtradling.online
- domain: zaillf.online
- domain: zengardenassociates.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/d612c319be959426d118a8641fbd16957befd9df
- url: https://x.com/malwrhunterteam/status/2032066514069717144
- url: https://www.virustotal.com/gui/file/155275fdade744919de3d657a16c197b2f736764c14129e27e8517aed824f84e/detection
- ip: 41.216.188.46
- url: https://api.github.com/repos/stamparm/maltrail/commits/ffc16c08e8f58120d7a092f32f9c33398e52ba8a
- url: https://x.com/malwrhunterteam/status/2032070067236569288
- url: https://www.virustotal.com/gui/file/f212ed1bcfbb5b8fe4f96d783563be76e295f685205a938a626756fb5094361b/detection
- url: https://www.virustotal.com/gui/file/ce6b7a43af6fa21a6c81fbe5526f2fdbf8b895ca1fd4df44c841e5ee0fddecd6/detection
- ip: 149.104.104.244
- url: https://api.github.com/repos/stamparm/maltrail/commits/309d0b6e2b8c6d5b6ffb875b86a85099bf0d110e
- domain: govpoll.icu
- domain: regiftee.com
- domain: webanalytics-cdn.cyou
- domain: webanalytics-cdn.icu
- domain: webanalytics-cdn.sbs
- url: https://api.github.com/repos/stamparm/maltrail/commits/c0e4a137630e4b318ea06059d1425950ec6e2f75
- url: https://www.virustotal.com/gui/file/5b15dde0557c4c53c7d827c56992304514b4371cebd391741445415866e4b413/detection
- url: https://www.virustotal.com/gui/file/e4e65d0fb1587e4361b60cb08cfea9cc9a979f7c10c59417a08980ff11d4b917/detection
- domain: jslibrariescdn.com
- domain: webanalytics-cdn.cfd
- domain: east.jslibrariescdn.com
- domain: north.jslibrariescdn.com
- domain: north-east.jslibrariescdn.com
- domain: south.jslibrariescdn.com
- domain: west.jslibrariescdn.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/b8e33968fbad10df9de04d43653826f5941a93e2
- url: https://x.com/TuringAlex/status/2032058264171790404
- url: https://www.virustotal.com/gui/file/6439834bec1cc530b12b1d821a509561efdd43048ecfb183939fe00a11a3c7dd/detection
- ip: 173.180.247.200
- url: https://api.github.com/repos/stamparm/maltrail/commits/d222fb66057229c1708f907608922d4a9129b973
- domain: frogpav.com
- domain: plataformadireta.one
- url: https://api.github.com/repos/stamparm/maltrail/commits/499e04e3e578548227e08266a3013f5ecd2026b3
- url: https://x.com/blackorbird/status/2031996220361875770
- url: https://github.com/rapid7/Rapid7-Labs/blob/main/IOCs/ClickFix_DoubleDonut_Campaign_IOCs.txt
- domain: cdcmn.edu.bd
- domain: cloudvaly.com
- domain: rrg.cdcmn.edu.bd
- domain: trx.cdcmn.edu.bd
- domain: bek.cloudvaly.com
- domain: csp.cloudvaly.com
- domain: gty.cloudvaly.com
- domain: kec.cloudvaly.com
- domain: lts.cloudvaly.com
- domain: pov.cloudvaly.com
- domain: spf.cloudvaly.com
- domain: tor.cloudvaly.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/38bb0acbe0aa8121d3a94b1a3edf2d049be0cf75
- domain: alianzeg.shop
- domain: captiort.shop
- domain: captioz.shop
- domain: getalia.org
- domain: getalib.org
- domain: gieable.shop
- domain: goarnsds.shop
- domain: gorscts.shop
- domain: goveanrs.org
- domain: govearali.org
- domain: greecpt.shop
- domain: ligovera.shop
- domain: namsioc.shop
- domain: namzcp.org
- domain: newtdsone.shop
- domain: ztdaliweb.shop
- url: https://api.github.com/repos/stamparm/maltrail/commits/eccb9fc94a828ba3d7cdb28445cd4703b963310c
- url: https://x.com/blackorbird/status/2032101653470724117
- url: https://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security
- url: https://www.virustotal.com/gui/file/1fd01d13d9ef5463bd7ca0e6f72df806fa684d0bf49ba927aa5432f7a7ad4f02/detection
- url: https://www.virustotal.com/gui/file/2a00705cfd3c15cf8913e9eb4e23968efd06f1feceaef9987d26c5518887d043/detection
- domain: zhivachkapro.com
- domain: dsennbuappec.zhivachkapro.com
- domain: qzfzxaizaliw.zhivachkapro.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/3d73d1e008a56a257f8a3ae4dd34421143d49e79
- ip: 23.94.145.120
- url: https://api.github.com/repos/stamparm/maltrail/commits/020b768a905f618aadc3478b87f0d06a04f31645
- url: https://x.com/tdatwja/status/2031997403054915592
- domain: alumnosanitaeter.info
- domain: authopnarma.top
- domain: ayto-alcaladehenares.top
- domain: bitdforge.digital
- domain: blackchina.info
- domain: castielgroup.top
- domain: clevorion.digital
- domain: corepulseicux.digital
- domain: coreshifticux.digital
- domain: cyberauthnova.top
- domain: datacrafticux.digital
- domain: deltapoinat.info
- domain: delvdaris.info
- domain: dischool.top
- domain: everestschool.top
- domain: fagval.top
- domain: ferventa.info
- domain: freemancan.top
- domain: geomonit.top
- domain: gravonixis.digital
- domain: groventris.digital
- domain: hansenbeck.top
- domain: ilventra.info
- domain: ilytronix.digital
- domain: inovrya.digital
- domain: javentria.digital
- domain: jorvantis.digital
- domain: kavinengg.top
- domain: lyvantor.digital
- domain: lyventara.info
- domain: mjbmt.top
- domain: moralzarzal.top
- domain: mornexis.digital
- domain: municipalidadchillan.top
- domain: nerovantis.digital
- domain: omniacore.digital
- domain: oryntal.digital
- domain: oxantra.info
- domain: parvantis.info
- domain: pixeldenzone.top
- domain: primevxanta.info
- domain: privelta.info
- domain: prysmoria.digital
- domain: prystoria.digital
- domain: pulseforgeicux.digital
- domain: qentrios.digital
- domain: quantumcoreicux.digital
- domain: quantumrise.digital
- domain: quentrios.digital
- domain: quivelta.info
- domain: royalschool.top
- domain: servanta.info
- domain: signalmatrixicux.digital
- domain: solvatrix.info
- domain: solvenwtra.info
- domain: solxvanta.info
- domain: sovereignix.info
- domain: streamsphereicux.digital
- domain: synercore.info
- domain: traxionis.info
- domain: trivantaw.info
- domain: trovantis.digital
- domain: ulventis.info
- domain: varnaxis.info
- domain: vectivex.info
- domain: vectornet.digital
- domain: vehicentro.top
- domain: veracode.top
- domain: veranix.info
- domain: veridantix.info
- domain: veriqrypt.top
- domain: vertexia.info
- domain: vynestris.digital
- domain: watersealuae.top
- domain: workvanta.info
- domain: wornaxis.info
- domain: xornaxis.info
- domain: yorvantra.digital
- domain: zacftve.digital
- domain: zalentris.info
- domain: zandaris.info
- domain: zanteros.info
- domain: zarmetis.info
- domain: zarnetrix.info
- domain: zarnotis.info
- domain: zavalon.info
- domain: zearonis.info
- domain: zenfira.info
- domain: zenlatis.info
- domain: zenquate.info
- domain: zentaris.info
- domain: zentavix.info
- domain: zenvaris.info
- domain: zenviro.info
- domain: zephyria.info
- domain: zervantia.info
- domain: zervonis.info
- domain: zmcftetric.digital
- domain: zomentis.info
- domain: zomsera.info
- domain: zorantis.info
- domain: zorarntis.info
- domain: zoravian.info
- domain: zorelix.info
- domain: zoritha.info
- domain: zornalix.info
- domain: zornelix.info
- domain: zorvanta.info
- domain: zorvesntis.info
- domain: zoryntis.info
- domain: zosntrix.info
- domain: zovarnis.info
- domain: zoventrix.info
- domain: zulventra.info
- domain: zumarix.info
- domain: zumintra.info
- domain: zunaris.info
- domain: zuvantis.info
- domain: zuvoria.info
- domain: zycftno.digital
- domain: zylantis.info
- domain: zylentara.info
- domain: zylesntis.info
- domain: zylontra.info
- domain: zylora.info
- domain: zylorantis.info
- domain: zylorion.info
- domain: zylvantis.info
- domain: zylventis.info
- domain: zynatrix.info
- domain: zyraltris.info
- domain: zyrenstis.info
- domain: zyrontis.info
- domain: securedoc.fagval.top
- url: https://api.github.com/repos/stamparm/maltrail/commits/f8fdbb655d5eb848e1013057b0b8d546e5d14ded
- url: https://x.com/smica83/status/2032056040443781477
- url: https://www.virustotal.com/gui/file/bf46a2c78fc8679f3cf6494c3078dfefc2cff29d2ab200d7300751dc38933e70/detection
- url: https://www.virustotal.com/gui/file/e2fa0b30bc6b4ee575f25b2f00ded2eb12e54edd1b6f80c04b55d86c42e588e7/detection
- ip: 80.253.251.8
- url: https://api.github.com/repos/stamparm/maltrail/commits/af6ef525fd6e6ef323e61b06d02bc3331df18744
- url: https://x.com/AlvieriD/status/2032043921417629821
- domain: m3ksukzn2glzfdvlusohril7n3iyk4z4fudf6mm22lwhpbpt5aiee5qd.onion
- url: https://api.github.com/repos/stamparm/maltrail/commits/e3ac949320c094f911ba09b6ef68f5378a002b98
- url: https://api.github.com/repos/stamparm/maltrail/commits/7cb9808884c586e4a83165a7316d879d69bab1f1
- ip: 178.16.55.40
- ip: 198.251.89.239
- url: https://api.github.com/repos/stamparm/maltrail/commits/4331a6ed028934f99d6525cf9299999f466f81b5
- url: https://mp.weixin.qq.com/s/0M1sZq1HqwAAaMbRDBEZEw
- domain: coco2-hram.com
- domain: install-files.com
- domain: jaxfamilylawyers.com
- domain: claude-code-docs-app.craft.me
- domain: claude-code.install-files.com
- domain: docs-claude-code-app.squarespace.com
- domain: google-notebooklm.install-files.com
- domain: kimi.install-files.com
- domain: mac-storage-optimazer.craft.me
- domain: macstorage-cleaner.craft.me
- domain: notebooklm-last-version.squarespace.com
- domain: openclaw-dwnl.squarespace.com
- domain: openclaw.install-files.com
- domain: qwen.install-files.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/82b9780f692eecee85acd05b98f255c7f1647b00
- url: https://x.com/volrant136/status/2032133065666089160
- domain: zimbramail-nayatel.leapcell.app
- url: https://api.github.com/repos/stamparm/maltrail/commits/05552d0c7a7a2ec985da85ae8a040f8c624c3050
- url: https://x.com/JAMESWT_WT/status/2032145505128444267
- url: https://www.virustotal.com/gui/file/876d5fdf5addc3f5e2987e841954248a4d15d9ecaca74ef317d76459f2cb3f13/detection
- ip: 172.94.9.4
Maltrail IOC for 2026-03-12
0
MediumMalwaretlp:clearmalwaremisp:threat-level="medium-risk"misp:event-type="observation"misp:automation-level="unsupervised"type:osintosint:lifetime="perpetual"osint:source-type="manual-collection"
Published: Thu Mar 12 2026 (03/12/2026, 00:00:00 UTC)
Source: CIRCL OSINT Feed
Vendor/Project: tlp
Product: clear
Description
The provided information describes a Maltrail Indicator of Compromise (IOC) dated March 12, 2026, sourced from the CIRCL OSINT feed. It is classified as malware-related network activity with a medium risk level. No specific affected versions, exploits in the wild, or patches are indicated. The IOC appears to be an observation from open-source intelligence without detailed technical indicators or attack vectors. Due to the lack of detailed technical data and absence of known exploits, the threat is assessed as medium severity. Organizations should monitor network traffic for suspicious activity and maintain updated threat intelligence feeds. The threat is relevant globally but especially for countries with high internet infrastructure usage and malware monitoring capabilities. Practical mitigations include enhancing network monitoring, employing threat intelligence integration, and ensuring incident response readiness. No direct CVSS score is available, so severity is based on potential impact and available data.
AI-Powered Analysis
AILast updated: 03/13/2026, 19:55:02 UTC
Technical Analysis
This threat report concerns a Maltrail IOC dated March 12, 2026, sourced from the CIRCL OSINT feed, which is a recognized open-source intelligence provider. Maltrail is a network traffic detection system that identifies suspicious or malicious activity by analyzing network traffic patterns and known indicators. The IOC is categorized under malware and network activity, indicating detection of potentially malicious network behavior. However, the report lacks specific technical indicators such as IP addresses, domain names, or file hashes, and no affected software versions or exploits in the wild are reported. The medium severity classification suggests a moderate risk based on observed network activity rather than confirmed active exploitation. The absence of patches or mitigation links implies this is an observational report rather than a vulnerability requiring immediate remediation. The technical details include a UUID and a timestamp but no further actionable data. This type of IOC is typically used by security teams to update detection rules and enhance monitoring capabilities rather than to respond to an active exploit campaign. The threat intelligence is tagged as unsupervised manual collection, indicating it was gathered through manual OSINT methods without automated validation. Overall, this IOC serves as a network threat indicator to be integrated into security monitoring systems to detect potential malware-related network anomalies.
Potential Impact
The potential impact of this IOC is primarily on network security monitoring and threat detection capabilities. Organizations worldwide could experience increased detection of suspicious network activity related to malware, enabling earlier identification of potential compromises. However, since no active exploits or specific malware payloads are identified, the direct impact on confidentiality, integrity, or availability is limited unless correlated with other threat intelligence. The medium severity suggests that while the threat is notable, it does not represent an immediate or critical risk. Organizations lacking robust network monitoring may miss early signs of malware activity, potentially leading to delayed incident response. Conversely, those with mature security operations can leverage this IOC to enhance detection and reduce dwell time of threats. The absence of patchable vulnerabilities means the impact is more about detection and response rather than prevention through software updates. Overall, the impact is moderate and focused on improving situational awareness and network defense posture.
Mitigation Recommendations
To effectively mitigate risks associated with this IOC, organizations should integrate the Maltrail IOC data into their existing Security Information and Event Management (SIEM) and Intrusion Detection/Prevention Systems (IDS/IPS). Enhancing network traffic analysis capabilities to detect anomalies consistent with malware activity is critical. Regularly updating threat intelligence feeds, including CIRCL OSINT and Maltrail data, ensures timely detection of emerging threats. Security teams should conduct proactive network traffic baselining to distinguish normal from suspicious behavior. Implementing network segmentation can limit lateral movement if malware is detected. Incident response plans should be updated to include procedures for investigating and responding to network activity alerts derived from such IOCs. Additionally, organizations should train security analysts to interpret and act on OSINT-derived indicators, given their unsupervised collection nature. Since no patches are available, focusing on detection, monitoring, and rapid response is essential. Finally, sharing findings and IOC updates with trusted cybersecurity communities can enhance collective defense.
Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro
Technical Details
- Uuid
- 50a92044-100a-483c-91fa-21439acde32f
- Original Timestamp
- 1773342006
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://api.github.com/repos/stamparm/maltrail/commits/d9bb2f4d09e548d600187533dc2941b94dc2c345 | fakeapp | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/cc12eb9068ae6d23eb4a60975fefeec1ff17ad8b | fakeapp | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/df5f3eb4437edbb248be18c3a4b9518338c764e6 | apt_unc2465 | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/9f4c1a3e6c3723e553b4f1c82bc59a3689361142 | android_joker | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/91098f030d46e7d2555124dcace97b67492ba770 | apt_kimsuky | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/dc076787db00e6207af4de667ec2d7137ec1b763 | apt_lazarus | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/13af0511d6bbf918fe453e96f00a4172f53b93f1 | cyberstrikeai | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/48bf09f33d66ad849d9bb2b2cb52f3b8813d8434 | 0ktapus | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/872a00327c55d40d6b9babce40c7e778331afcd3 | — | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/38d671a21ccdc601fbd42034f59aa4a6de1e34a7 | apt_kimsuky | |
urlhttps://www.virustotal.com/gui/ip-address/152.32.138.225/relations | apt_kimsuky | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/2278dd9c9e5af1581597f9f8a7ec90ba2ddba412 | android_bankbot | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/2b172a22608fdc46652e60135f5161ccae95dc92 | android_bankbot | |
urlhttps://x.com/asilva_fk/status/2031764392195297566 | android_bankbot | |
urlhttps://public.vydar.net/ZenoX%20-%20VENON-%20O%20Primeiro%20Banker%20RAT%20Brasileiro%20em%20Rust%20-%20Versa%cc%83o%20Aberta%20-%20EN.pdf | android_bankbot | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/089e52d2e25965b9483ee25bb33c36644f0b58d0 | magentocore | |
urlhttps://sansec.io/research/sessionreaper | magentocore | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/5766b81f0dc20f32c32a8bf2e29af163fee566fa | bad_service | |
urlhttps://x.com/1ZRR4H/status/2031134299185987599 | bad_service | |
urlhttps://www.virustotal.com/gui/file/dabed87b9eef8d557f55c573583d7807f31510b6bcce9f615d4b554510950d00/detection | bad_service | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/c9070ea5019b69cc7a093d1c00557e08c2979ef2 | ek_clearfake | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/ca27ed7492df7346dbbfc2fe2ec43afc22e49099 | osx_atomic | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/5cb6237ef5333f58398e6e58da58b38d42fae37b | lummac2 | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/a7d82aa1609b927d1ba02bf26978dd4501b73f42 | domain | |
urlhttps://www.virustotal.com/gui/ip-address/157.230.161.221/relations | domain | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/7dbf2e2a0028d32992c37c6e474b5585837c2ac2 | pua | |
urlhttps://www.virustotal.com/gui/file/006b45c6583e8d2f5239fd5a6ab8f6d4491d22f0eb7e83aa47cb8f7a8dcea89a/detection | pua | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/2a95ebb6a8103571c9e44286c046465e368f45a0 | hak5cloud_c2 | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/c2f0ec2fe228bd4466f077b022de286878735bc9 | generic | |
urlhttps://x.com/smica83/status/2032056433869545648 | generic | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/bfe606e824484b98fbcba8fbe8e4865ffe38161f | android_bankbot | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/f2747bd1d846680fa7b626ca666b4d8a9ab65e6e | android_bankbot | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/d612c319be959426d118a8641fbd16957befd9df | generic_stealer | |
urlhttps://x.com/malwrhunterteam/status/2032066514069717144 | generic_stealer | |
urlhttps://www.virustotal.com/gui/file/155275fdade744919de3d657a16c197b2f736764c14129e27e8517aed824f84e/detection | generic_stealer | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/ffc16c08e8f58120d7a092f32f9c33398e52ba8a | psransom_c2 | |
urlhttps://x.com/malwrhunterteam/status/2032070067236569288 | psransom_c2 | |
urlhttps://www.virustotal.com/gui/file/f212ed1bcfbb5b8fe4f96d783563be76e295f685205a938a626756fb5094361b/detection | psransom_c2 | |
urlhttps://www.virustotal.com/gui/file/ce6b7a43af6fa21a6c81fbe5526f2fdbf8b895ca1fd4df44c841e5ee0fddecd6/detection | psransom_c2 | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/309d0b6e2b8c6d5b6ffb875b86a85099bf0d110e | magentocore | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/c0e4a137630e4b318ea06059d1425950ec6e2f75 | magentocore | |
urlhttps://www.virustotal.com/gui/file/5b15dde0557c4c53c7d827c56992304514b4371cebd391741445415866e4b413/detection | magentocore | |
urlhttps://www.virustotal.com/gui/file/e4e65d0fb1587e4361b60cb08cfea9cc9a979f7c10c59417a08980ff11d4b917/detection | magentocore | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/b8e33968fbad10df9de04d43653826f5941a93e2 | elf_generic | |
urlhttps://x.com/TuringAlex/status/2032058264171790404 | elf_generic | |
urlhttps://www.virustotal.com/gui/file/6439834bec1cc530b12b1d821a509561efdd43048ecfb183939fe00a11a3c7dd/detection | elf_generic | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/d222fb66057229c1708f907608922d4a9129b973 | android_bankbot | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/499e04e3e578548227e08266a3013f5ecd2026b3 | vidar | |
urlhttps://x.com/blackorbird/status/2031996220361875770 | vidar | |
urlhttps://github.com/rapid7/Rapid7-Labs/blob/main/IOCs/ClickFix_DoubleDonut_Campaign_IOCs.txt | vidar | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/38bb0acbe0aa8121d3a94b1a3edf2d049be0cf75 | ek_clearfake | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/eccb9fc94a828ba3d7cdb28445cd4703b963310c | ek_clearfake | |
urlhttps://x.com/blackorbird/status/2032101653470724117 | ek_clearfake | |
urlhttps://www.threatdown.com/blog/castlerat-cyber-attack-is-the-first-to-abuse-deno-javascript-runtime-to-evade-enterprise-security | ek_clearfake | |
urlhttps://www.virustotal.com/gui/file/1fd01d13d9ef5463bd7ca0e6f72df806fa684d0bf49ba927aa5432f7a7ad4f02/detection | ek_clearfake | |
urlhttps://www.virustotal.com/gui/file/2a00705cfd3c15cf8913e9eb4e23968efd06f1feceaef9987d26c5518887d043/detection | ek_clearfake | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/3d73d1e008a56a257f8a3ae4dd34421143d49e79 | nightshadec2 | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/020b768a905f618aadc3478b87f0d06a04f31645 | fakeapp | |
urlhttps://x.com/tdatwja/status/2031997403054915592 | fakeapp | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/f8fdbb655d5eb848e1013057b0b8d546e5d14ded | powershell_injector | |
urlhttps://x.com/smica83/status/2032056040443781477 | powershell_injector | |
urlhttps://www.virustotal.com/gui/file/bf46a2c78fc8679f3cf6494c3078dfefc2cff29d2ab200d7300751dc38933e70/detection | powershell_injector | |
urlhttps://www.virustotal.com/gui/file/e2fa0b30bc6b4ee575f25b2f00ded2eb12e54edd1b6f80c04b55d86c42e588e7/detection | powershell_injector | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/af6ef525fd6e6ef323e61b06d02bc3331df18744 | exitium | |
urlhttps://x.com/AlvieriD/status/2032043921417629821 | exitium | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/e3ac949320c094f911ba09b6ef68f5378a002b98 | zbbx | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/7cb9808884c586e4a83165a7316d879d69bab1f1 | powershell_injector | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/4331a6ed028934f99d6525cf9299999f466f81b5 | osx_atomic | |
urlhttps://mp.weixin.qq.com/s/0M1sZq1HqwAAaMbRDBEZEw | osx_atomic | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/82b9780f692eecee85acd05b98f255c7f1647b00 | apt_sidewinder | |
urlhttps://x.com/volrant136/status/2032133065666089160 | apt_sidewinder | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/05552d0c7a7a2ec985da85ae8a040f8c624c3050 | netsupport | |
urlhttps://x.com/JAMESWT_WT/status/2032145505128444267 | netsupport | |
urlhttps://www.virustotal.com/gui/file/876d5fdf5addc3f5e2987e841954248a4d15d9ecaca74ef317d76459f2cb3f13/detection | netsupport |
Domain
| Value | Description | Copy |
|---|---|---|
domainhuangchaodh.buzz | fakeapp | |
domainempornium.site | fakeapp | |
domainrvtoolsai.com | apt_unc2465 | |
domainrvtoolsbox.com | apt_unc2465 | |
domainrvtoolsit.com | apt_unc2465 | |
domainrvtoolsrun.com | apt_unc2465 | |
domaincswift.help | android_joker | |
domaincyrebu.shop | android_joker | |
domainaccount-kakao.dynv6.net | apt_kimsuky | |
domainlogin.account-kakao.dynv6.net | apt_kimsuky | |
domainnid-naverdqy.3utilities.com | apt_kimsuky | |
domainapp.highmatch.cloud | apt_lazarus | |
domainapp.jumpshare.online | apt_lazarus | |
domainhighmatch.cloud | apt_lazarus | |
domainjumpshare.online | apt_lazarus | |
domainsocket.decentralizeddataexchangeinferencelayer.com | apt_lazarus | |
domainamazoninternal.com | 0ktapus | |
domainmydisneysso.com | 0ktapus | |
domain247quantumcore.click | — | |
domain365orbitgroup.sbs | — | |
domainadvanta24investments.click | — | |
domainaleespace.click | — | |
domainallegrolokalnie.pls2gkjrekor25xk.sbs | — | |
domainalpha1network.click | — | |
domainarcanaspace.digital | — | |
domainargoletspace.digital | — | |
domainaxisoneunion.digital | — | |
domainbackletcloud.click | — | |
domainbaluthub.digital | — | |
domainbatlanbase.click | — | |
domainbaxerekuisholdings99.digital | — | |
domainbebravehub.digital | — | |
domainbeladleworksco.digital | — | |
domainbelvioraquin.sbs | — | |
domainbesekotuyiussystems24.digital | — | |
domainbilidizexsolutions88.click | — | |
domainbineduexconsulting.digital | — | |
domainbomuduwiexresources.digital | — | |
domainbrisanceworks.digital | — | |
domainbroughtlayer.digital | — | |
domainbugupiiacapitalinc.digital | — | |
domaincarinalspace.digital | — | |
domaincenternovacorex.click | — | |
domaincevevoumadvisory12.digital | — | |
domainceweboloranalyticsinc.click | — | |
domainchicagolayer.click | — | |
domainchivarroflowco.digital | — | |
domainchowanocstudio.digital | — | |
domaincilowuyionpartners.click | — | |
domaincojuqicusoperations.click | — | |
domaincoliqaveisanalyticsnet.click | — | |
domaincontactstudio.click | — | |
domaincopoduaventures16.click | — | |
domaincorsetrybase.digital | — | |
domaincrimmerbase.click | — | |
domaincrockygrid.digital | — | |
domaincutenuhormanagementnet.digital | — | |
domaincyberchain1.sbs | — | |
domaincylorelira.sbs | — | |
domainappdocdynamic.mydns.bz | apt_kimsuky | |
domainblogreference.dynuddns.net | apt_kimsuky | |
domainbloguresource.mydns.bz | apt_kimsuky | |
domainchk.controlbloginfo.mydns.bz | apt_kimsuky | |
domainchk.ercmbasedoc.mydns.bz | apt_kimsuky | |
domainchk.supportnpdisp.mydns.bz | apt_kimsuky | |
domaindoc.docrequireaccess.mydns.bz | apt_kimsuky | |
domaindoc.lnkuserauth.giize.com | apt_kimsuky | |
domaindoc.supportnpdisp.mydns.bz | apt_kimsuky | |
domaindocinfo.appdocdynamic.mydns.bz | apt_kimsuky | |
domaindocinfo.blogreference.dynuddns.net | apt_kimsuky | |
domaindocinfo.bloguresource.mydns.bz | apt_kimsuky | |
domaindocinfo.dkimbasedoc.mydns.bz | apt_kimsuky | |
domainacessointamacaoeletronica.com | android_bankbot | |
domaineldoradocounty.biz | android_bankbot | |
domaingochev.org | android_bankbot | |
domainhairdb.com | android_bankbot | |
domainhamdgallop.online | android_bankbot | |
domainhomeaction.sbs | android_bankbot | |
domainmailverificaoutlook.com | android_bankbot | |
domainnotificacao-intimacao-eletronica.com | android_bankbot | |
domainrectalmania.com | android_bankbot | |
domainzhamzuo.com | android_bankbot | |
domainzhoppers-nl.com | android_bankbot | |
domainbrasildigitalmotors.com | android_bankbot | |
domainbrasilmotorsvs14.com | android_bankbot | |
domainbrasilonlineweb15.com | android_bankbot | |
domainbtowersfundoinvt.com.br | android_bankbot | |
domainclubedosbichos.bet | android_bankbot | |
domainconectividadeprime.site | android_bankbot | |
domainconsultarempresas.com | android_bankbot | |
domaindigitalmoineyp.com | android_bankbot | |
domainfastsoluction.site | android_bankbot | |
domainlazybearpottery.net | android_bankbot | |
domainnvlink-servicebr.com | android_bankbot | |
domainportalhondihs.com | android_bankbot | |
domainadm.clubedosbichos.bet | android_bankbot | |
domainip248.ip-51-222-75.net | android_bankbot | |
domainip250.ip-51-222-75.net | android_bankbot | |
domainmail.btowersfundoinvt.com.br | android_bankbot | |
domainportal.portalhondihs.com | android_bankbot | |
domainrifa.brasdasorte.site | android_bankbot | |
domainsagecrafft.com | magentocore | |
domainworcksbot.com | magentocore | |
domaintecnokauf.ru | magentocore | |
domaindocinfo.ntaddressdoc.mydns.bz | apt_kimsuky | |
domaindocinfo.ntsgojilists.mydns.bz | apt_kimsuky | |
domaindocrequireaccess.mydns.bz | apt_kimsuky | |
domainedoc.appdocdynamic.mydns.bz | apt_kimsuky | |
domainedoc.blogreference.dynuddns.net | apt_kimsuky | |
domainedoc.bloguresource.mydns.bz | apt_kimsuky | |
domainedoc.infoblogrequire.mydns.bz | apt_kimsuky | |
domainedoc.ntaddressdoc.mydns.bz | apt_kimsuky | |
domainedoc.ntprefdoc.mydns.bz | apt_kimsuky | |
domainercmbasedoc.mydns.bz | apt_kimsuky | |
domaininfo.controlbloginfo.mydns.bz | apt_kimsuky | |
domaininfoblogrequire.mydns.bz | apt_kimsuky | |
domaininfoinvoicebook.dynuddns.com | apt_kimsuky | |
domaininvoice.appdocdynamic.mydns.bz | apt_kimsuky | |
domaininvoice.blogreference.dynuddns.net | apt_kimsuky | |
domaininvoice.bloguresource.mydns.bz | apt_kimsuky | |
domaininvoice.docrequireaccess.mydns.bz | apt_kimsuky | |
domaininvoice.epsdocgoji.mydns.bz | apt_kimsuky | |
domaininvoice.ercmbasedoc.mydns.bz | apt_kimsuky | |
domaininvoice.infoinvoicebook.dynuddns.com | apt_kimsuky | |
domaininvoice.ntaddressdoc.mydns.bz | apt_kimsuky | |
domaininvoice.supportnpdisp.mydns.bz | apt_kimsuky | |
domainlnkuserauth.giize.com | apt_kimsuky | |
domainnid.ublogblock.mydns.bz | apt_kimsuky | |
domainntaddressdoc.mydns.bz | apt_kimsuky | |
domainntdispsize.ddnsguru.com | apt_kimsuky | |
domainntlinedoc.mydns.bz | apt_kimsuky | |
domainntprefdoc.mydns.bz | apt_kimsuky | |
domainntsgojilists.ddnsguru.com | apt_kimsuky | |
domainntsgojilists.mydns.bz | apt_kimsuky | |
domainorigindocgoji.mydns.bz | apt_kimsuky | |
domainsupportnpdisp.mydns.bz | apt_kimsuky | |
domaintaxdoc.bloguresource.mydns.bz | apt_kimsuky | |
domaintaxdoc.dkimbasedoc.mydns.bz | apt_kimsuky | |
domaintaxdoc.infoblogrequire.mydns.bz | apt_kimsuky | |
domainusr.appdocdynamic.mydns.bz | apt_kimsuky | |
domainusr.blogreference.dynuddns.net | apt_kimsuky | |
domainusr.dkimbasedoc.mydns.bz | apt_kimsuky | |
domainusr.epsdocgoji.mydns.bz | apt_kimsuky | |
domainusr.ntprefdoc.mydns.bz | apt_kimsuky | |
domainverify.controlbloginfo.mydns.bz | apt_kimsuky | |
domainverify.supportnpdisp.mydns.bz | apt_kimsuky | |
domainnicotine.sh | bad_service | |
domainumbra.by | bad_service | |
domainumbra.st | bad_service | |
domainumbraforums.net | bad_service | |
domainassets.umbra.st | bad_service | |
domaindacepiyagiiaindustriesnet.click | — | |
domaindatafuturedynamics.pics | — | |
domaindavivohugeainvestments.click | — | |
domaindawehugipeorinvestments.digital | — | |
domaindayusuwiainvestmentsinc.digital | — | |
domaindepoxocuussolutions.digital | — | |
domaindeyobizisholdingsco.digital | — | |
domaindidesezorsystemsco.digital | — | |
domaindiqesesuiaindustries.click | — | |
domaindivudogamanagementinc.click | — | |
domaindixedosausinvestments.click | — | |
domaindizuqeorconsulting.digital | — | |
domaindojoxiliscapital.click | — | |
domaindokononuusanalytics.click | — | |
domaindolehekusholdings.digital | — | |
domaindorivalente.sbs | — | |
domaindozozamogiaadvisory.click | — | |
domaindrimoraquess.sbs | — | |
domainduboheyissolutionsltd.digital | — | |
domaindukuwezuumservices.digital | — | |
domainduparesoqissolutions.click | — | |
domainduvagiqiiagroupinc.digital | — | |
domainduxocuumpartnersco.sbs | — | |
domaineclogicgridio.digital | — | |
domainelectroflowio.click | — | |
domainfadulidorventures.digital | — | |
domainfafehesigorholdings.click | — | |
domainfafemigiaanalyticsinc.digital | — | |
domainfalimeqisventures.digital | — | |
domainfalorivonexa.sbs | — | |
domainfelizuuscollectiveco.click | — | |
domainferolivantaq.sbs | — | |
domainfilearchivepoint.com | — | |
domainfiledigitalspace.com | — | |
domainfilehostingworld.com | — | |
domainfilemediastore.com | — | |
domainfileuploadsystem.com | — | |
domainfinadapewusadvisoryco.digital | — | |
domainfizabotaexcapital21.digital | — | |
domainflakiestlabsco.digital | — | |
domainfloodylayer.click | — | |
domainfomimepaiaconsulting.digital | — | |
domainfucisujuciusadvisory.click | — | |
domainfugamezewuaconsulting.digital | — | |
domainfuniculihubio.digital | — | |
domainfuzorijutuisventures.click | — | |
domaingabohagiumholdings12.click | — | |
domaingagobejonoperations.digital | — | |
domaingappyhub.digital | — | |
domaingayideuscollective.digital | — | |
domaingayofupulaorsystems2026.click | — | |
domaingejizojeusconsulting.digital | — | |
domaingekahohocoroperationsltd.digital | — | |
domaingemauvecore.click | — | |
domaingidetexaveusresources.click | — | |
domaingixupocisresources.digital | — | |
domaingoculegeneaventures.digital | — | |
domaingojimigonmanagementco.digital | — | |
domaingristygrid.click | — | |
domaingucagaraiamanagement.click | — | |
domainguzobiexsystems.click | — | |
domainhaleloumsolutions.digital | — | |
domainhalistroveano.sbs | — | |
domainhaxawosaumgroup12.digital | — | |
domainheadstaygrid.click | — | |
domainhegeqofukeorservices.digital | — | |
domainhellrootflow.digital | — | |
domainhesiroxopeiscapitalnet.click | — | |
domainhevuwuisadvisory.digital | — | |
domainhixupowiacollective.digital | — | |
domainhofoxutonanalytics.click | — | |
domainhorepemamaoperations.digital | — | |
domainhorizonmetrics101.sbs | — | |
domainhotecumusventures8.click | — | |
domainimmobilebase.click | — | |
domainiopatternvortex.sbs | — | |
domainjacukeonventures2026.click | — | |
domainjajuvaharonventuresnet.click | — | |
domainjerugojeronresources.click | — | |
domainjigotudefumsystems.digital | — | |
domainjivesobaiaoperations.digital | — | |
domainjogupeyazuiamanagement26.digital | — | |
domainjohozeonventuresltd.click | — | |
domainjoqoceheisindustries.click | — | |
domainjudesuxiaholdings.digital | — | |
domainjulasehigexconsulting.digital | — | |
domainjuticafilaonsystems12.digital | — | |
domainkadenaxaexholdings88.click | — | |
domainkahunitokonpartners.click | — | |
domainkarehoiaventures.digital | — | |
domainkaxatakacaconsulting.digital | — | |
domainkegoyosuwapartners.digital | — | |
domainkevaconoxumholdings.click | — | |
domainkicafevosaiaholdings.click | — | |
domainkigomoceriongroup.digital | — | |
domainkikoyibexventures.click | — | |
domainkizokihuliumadvisory48.click | — | |
domainkobegujobaaholdings.digital | — | |
domainkosoyevionconsultinginc.digital | — | |
domainkoyobitonconsultinginc.click | — | |
domainkudemamayonadvisory.digital | — | |
domainkuliwigorpartnersco.digital | — | |
domainlalukoneiaservicesltd.digital | — | |
domainledofoneisconsulting.click | — | |
domainleftercore.digital | — | |
domainlexicajiamanagement2026.click | — | |
domainligajexubiaadvisory.click | — | |
domainlitewayobisventuresco.click | — | |
domainlofaraiaoperations.digital | — | |
domainloguqecovorpartners.click | — | |
domainlolocahitorresources.digital | — | |
domainloquxagoxiscollective.digital | — | |
domainlozaxuvonservices.click | — | |
domainlozengespace.digital | — | |
domainlumirexanvo.sbs | — | |
domainluxoxaorconsulting2026.digital | — | |
domainmalirexavia.sbs | — | |
domainmaskettelabs.click | — | |
domainmatrixenterprise101.sbs | — | |
domainmavoqatusinvestments.digital | — | |
domainmedukeborsolutions.digital | — | |
domainmefutojirusresources.digital | — | |
domainmeralivonque.sbs | — | |
domainmexifosumsystems.click | — | |
domainmiwuxesagussolutions.click | — | |
domainmocukepooncollective.digital | — | |
domainmodestycloud.digital | — | |
domainmonisumeispartners.click | — | |
domainmormyridspace.digital | — | |
domainmovereziagroup.sbs | — | |
domainmozuficuceusgroup.digital | — | |
domainnacipimorinvestmentsinc.click | — | |
domainnacojeexmanagement.click | — | |
domainnaqanujisanalytics64.digital | — | |
domainnaqayecisservices.click | — | |
domainnavirexolun.sbs | — | |
domainnebezuliboradvisory99.digital | — | |
domainnegedinicaoroperationsinc.click | — | |
domainnehurukeniscapital.digital | — | |
domainnenejuexpartners.click | — | |
domainnerevihutiiscapital.digital | — | |
domainneuralglobalstack.click | — | |
domainnexus1core.digital | — | |
domainniqotowiuminvestmentsco.click | — | |
domainnizobakiscapital.digital | — | |
domainnotopeqaiaadvisory26.digital | — | |
domainnulemozacaservices.digital | — | |
domainnuqakehelisindustries.digital | — | |
domainnuzukuonoperations48.digital | — | |
domainotogenictech.digital | — | |
domainpabogujayeonconsulting.click | — | |
domainpapelihukeusinvestments.click | — | |
domainparicufezaservices.click | — | |
domainpebosikuhiapartners.click | — | |
domainpegakezumeiamanagement.click | — | |
domainpegecocazusoperations26.digital | — | |
domainpekadaumsolutions.click | — | |
domainpelafibonventures.click | — | |
domainperinaciissystems.digital | — | |
domainpipopatanorsystems.digital | — | |
domainpiraxinefeaholdings.digital | — | |
domainpls2gkjrekor25xk.sbs | — | |
domainpopenotavausmanagement2026.digital | — | |
domainpreplanlabs.digital | — | |
domainpropendspace.digital | — | |
domainproroyalcloud.click | — | |
domainpuditosoweumsolutions.click | — | |
domainpuppydomlabs.digital | — | |
domainpuwofomuorventures.digital | — | |
domainqacoxameamanagement.digital | — | |
domainqakayepiexcollectivenet.click | — | |
domainqawilarafiacapital.digital | — | |
domainqequyaxoumsolutions.click | — | |
domainqeteceniaconsultingnet.digital | — | |
domainqifihipalaisinvestmentsco.digital | — | |
domainqirigaponcapital.click | — | |
domainqokubitawiexcapitalltd.digital | — | |
domainqowuriumanalytics2026.click | — | |
domainqua-ntumstellargroup.digital | — | |
domainqubizaqijeonmanagementinc.digital | — | |
domainqujahuumventures.digital | — | |
domainqulimanoexsolutionsco.click | — | |
domainqusidisexsystems.digital | — | |
domainquyuvevaonmanagement.click | — | |
domainrabbitrylayer.digital | — | |
domainrapinanexonindustries.click | — | |
domainredadebetaorconsulting.digital | — | |
domainrelojibezummanagementltd.digital | — | |
domainremugonorcollective.click | — | |
domainripizeroexholdings24.click | — | |
domainrivujeumservices.digital | — | |
domainroughagestudio.click | — | |
domainrubehaumindustriesco.digital | — | |
domainrudolfspace.digital | — | |
domainruggedergrid.digital | — | |
domainrujejezormanagementnet.digital | — | |
domainrunugekuzaiaholdings16.click | — | |
domainruyikixivumsolutions.digital | — | |
domainsakajeriyiumsolutionsinc.click | — | |
domainsapphistbase.click | — | |
domainsatapepeussolutionsltd.digital | — | |
domainsaxapevoorconsulting21.click | — | |
domainsayemitaexservices.click | — | |
domainscarplabs.digital | — | |
domainseheloasystems.click | — | |
domainsehucohufiaoperations.digital | — | |
domainsemiruintech.digital | — | |
domainseroniphalo.sbs | — | |
domainshencore.digital | — | |
domainsigmamatrix.sbs | — | |
domainsiteciaanalytics.click | — | |
domainsnipystack.click | — | |
domainsokamosicoorsystems.click | — | |
domainsoucarstackco.digital | — | |
domainspikeletworks.digital | — | |
domainsturmiangrid.digital | — | |
domainsudanipaorgroup88.click | — | |
domainsujapuaoperations.click | — | |
domainsuludoiaoperations.digital | — | |
domainsutarehifuiaventuresco.digital | — | |
domaintagadejetusresourcesltd.click | — | |
domaintajosepaindustries.digital | — | |
domaintavenuderuscapitalnet.click | — | |
domainterra365labs.click | — | |
domaintewsomebase.digital | — | |
domaintheftdomlayer.click | — | |
domaintinemanhub.digital | — | |
domaintisuyivavummanagement21.digital | — | |
domaintitisajugongroup8.digital | — | |
domaintizifidilaanalytics.click | — | |
domaintoggelflow.digital | — | |
domaintoreqosiagroup.click | — | |
domaintrishnabase.click | — | |
domaintsattinelabsco.click | — | |
domaintzedakahbase.digital | — | |
domainubiquegrid.digital | — | |
domainughtenflowio.digital | — | |
domainulivarioivara.sbs | — | |
domainuntruismcloud.click | — | |
domainvatamudofuuscapital.digital | — | |
domainvaultlumen365.sbs | — | |
domainvejekaxulaholdings.click | — | |
domainvepogosiyuasolutions26.digital | — | |
domainveronalisquo.sbs | — | |
domainvicuhikiiacollective.click | — | |
domainvigutionadvisory.digital | — | |
domainvipizuiaholdingsltd.digital | — | |
domainvirihowoxusresources.click | — | |
domainvisionpartners.click | — | |
domainvobarucexservices88.digital | — | |
domainvohoxicafiiasystems21.digital | — | |
domainvomilejiaresources.click | — | |
domainvoqoteyonexcapital.click | — | |
domainvortex101bureau.click | — | |
domainvoxoqewufexoperations.digital | — | |
domainvoyiduciqeissystems.click | — | |
domainvukelagipaiaholdingsco.digital | — | |
domainvupajusoqoisinvestments.click | — | |
domainwanenociisindustries.digital | — | |
domainwaraciexcollectivenet.click | — | |
domainwazupobaexcapital.digital | — | |
domainwehapaxifiainvestments36.digital | — | |
domainwenaxatidouscollective2026.click | — | |
domainwexitalabuisoperations8.digital | — | |
domainwezeqesoiaventuresltd.click | — | |
domainwicewogozumcollective.digital | — | |
domainwikemuteonmanagement.digital | — | |
domainwixodokiquscollective16.click | — | |
domainwodebocofaorresources.digital | — | |
domainwohopibonadvisory.digital | — | |
domainwowikoonsolutions.digital | — | |
domainwucireqosusgroup.digital | — | |
domainwupevefoisservices.click | — | |
domainxafadusuzonpartners.digital | — | |
domainxalelovoaresourcesltd.digital | — | |
domainxaloriventa.sbs | — | |
domainxekiduqijorconsulting.digital | — | |
domainxekifahonadvisory.click | — | |
domainxeqenerepeexconsulting2026.digital | — | |
domainxicexapiongroup24.digital | — | |
domainxunufoxiumconsulting64.click | — | |
domainxusokibusconsulting99.digital | — | |
domainyabimiexpartners.click | — | |
domainyanotagiqaaanalytics26.digital | — | |
domainyanujiacapital.digital | — | |
domainyedofoonindustriesco.click | — | |
domainyeyubaboroorventures.digital | — | |
domainyicasomalexoperations.digital | — | |
domainyigekumihonsolutions.click | — | |
domainyiwurupusanalytics12.digital | — | |
domainyoraleisindustries.click | — | |
domainyoyejuquporcollective.click | — | |
domainzahazousventures.click | — | |
domainzelatrixone.sbs | — | |
domainzenithsynthstack.digital | — | |
domainzepharionexo.sbs | — | |
domainzeporapiiaadvisoryco.click | — | |
domainzimatiyonresources.click | — | |
domainzitzithstudioco.click | — | |
domainzobajewupexsolutions.digital | — | |
domainzohonodexservices.digital | — | |
domainzoyicasuqexindustries12.digital | — | |
domainzuhurovawuisindustries.digital | — | |
domainzumimeteciaresources.digital | — | |
domainzuzihamooranalytics.digital | — | |
domainauth09-internalreview2.digital | ek_clearfake | |
domainauthweb08-pagesec8.sbs | ek_clearfake | |
domaincp-input-tvp.com | ek_clearfake | |
domainmetrobankonline.live | ek_clearfake | |
domainnew-coptivbk-check.com | ek_clearfake | |
domaintraderepublic-service.im | ek_clearfake | |
domainapple.support-page-1519.com | osx_atomic | |
domainstorgvkam.pages.dev | osx_atomic | |
domainsupport-page-1519.com | osx_atomic | |
domainamericasgrocerystore.com | osx_atomic | |
domaincravinghour.com | osx_atomic | |
domaindesmondswayne.com | osx_atomic | |
domaindibocars.com | osx_atomic | |
domainfreedomairlinekenya.com | osx_atomic | |
domainkouncel-eg.com | osx_atomic | |
domainteccat-store.com | osx_atomic | |
domainvlablast.com | osx_atomic | |
domainairdefence.gl | lummac2 | |
domaindeluxe.gl | lummac2 | |
domainexplorer.vg | lummac2 | |
domaingithub-repository.gl | lummac2 | |
domainkrd-ugpromt.com | lummac2 | |
domainmicroservice.gl | lummac2 | |
domaingolem.com | domain | |
domainmnogolik002.xyz | pua | |
domaincloudc2.exchagetech.ca | hak5cloud_c2 | |
domainhandbags-upgrades-magnitude-direct.trycloudflare.com | generic | |
domainads-home.online | android_bankbot | |
domainconsultaempresa.online | android_bankbot | |
domaineurobic.site | android_bankbot | |
domainreceita-fazendaguias.site | android_bankbot | |
domainsosyalajansiniz.com | android_bankbot | |
domainzekeriamusic.com | android_bankbot | |
domainadimplementors.com | android_bankbot | |
domainadsgoogie.online | android_bankbot | |
domainbbves.online | android_bankbot | |
domainbiton.finance | android_bankbot | |
domainbits0fgold.li | android_bankbot | |
domainblt2c.site | android_bankbot | |
domainbusssines.online | android_bankbot | |
domaincoinmannia.online | android_bankbot | |
domaincoinult.site | android_bankbot | |
domaincoirnmania.online | android_bankbot | |
domaindexclaim-app.info | android_bankbot | |
domaindlnetpo.tk | android_bankbot | |
domaindlnetseg.tk | android_bankbot | |
domaineurobic.pl | android_bankbot | |
domaingamexgala.com | android_bankbot | |
domainmsdvertsgn.digital | android_bankbot | |
domainn0vadax.online | android_bankbot | |
domainnovadlax.com | android_bankbot | |
domainnovoweb66.com | android_bankbot | |
domainplataformads.info | android_bankbot | |
domainpromoradiosucesso.com | android_bankbot | |
domainpromosepotify.com | android_bankbot | |
domainsolscans.info | android_bankbot | |
domainsupermercadomk.site | android_bankbot | |
domaintrafficshareaholic.online | android_bankbot | |
domainvaidevisa-landing.online | android_bankbot | |
domainvaleltax.com | android_bankbot | |
domainvaleltaxtradling.online | android_bankbot | |
domainzaillf.online | android_bankbot | |
domainzengardenassociates.com | android_bankbot | |
domaingovpoll.icu | magentocore | |
domainregiftee.com | magentocore | |
domainwebanalytics-cdn.cyou | magentocore | |
domainwebanalytics-cdn.icu | magentocore | |
domainwebanalytics-cdn.sbs | magentocore | |
domainjslibrariescdn.com | magentocore | |
domainwebanalytics-cdn.cfd | magentocore | |
domaineast.jslibrariescdn.com | magentocore | |
domainnorth.jslibrariescdn.com | magentocore | |
domainnorth-east.jslibrariescdn.com | magentocore | |
domainsouth.jslibrariescdn.com | magentocore | |
domainwest.jslibrariescdn.com | magentocore | |
domainfrogpav.com | android_bankbot | |
domainplataformadireta.one | android_bankbot | |
domaincdcmn.edu.bd | vidar | |
domaincloudvaly.com | vidar | |
domainrrg.cdcmn.edu.bd | vidar | |
domaintrx.cdcmn.edu.bd | vidar | |
domainbek.cloudvaly.com | vidar | |
domaincsp.cloudvaly.com | vidar | |
domaingty.cloudvaly.com | vidar | |
domainkec.cloudvaly.com | vidar | |
domainlts.cloudvaly.com | vidar | |
domainpov.cloudvaly.com | vidar | |
domainspf.cloudvaly.com | vidar | |
domaintor.cloudvaly.com | vidar | |
domainalianzeg.shop | ek_clearfake | |
domaincaptiort.shop | ek_clearfake | |
domaincaptioz.shop | ek_clearfake | |
domaingetalia.org | ek_clearfake | |
domaingetalib.org | ek_clearfake | |
domaingieable.shop | ek_clearfake | |
domaingoarnsds.shop | ek_clearfake | |
domaingorscts.shop | ek_clearfake | |
domaingoveanrs.org | ek_clearfake | |
domaingovearali.org | ek_clearfake | |
domaingreecpt.shop | ek_clearfake | |
domainligovera.shop | ek_clearfake | |
domainnamsioc.shop | ek_clearfake | |
domainnamzcp.org | ek_clearfake | |
domainnewtdsone.shop | ek_clearfake | |
domainztdaliweb.shop | ek_clearfake | |
domainzhivachkapro.com | ek_clearfake | |
domaindsennbuappec.zhivachkapro.com | ek_clearfake | |
domainqzfzxaizaliw.zhivachkapro.com | ek_clearfake | |
domainalumnosanitaeter.info | fakeapp | |
domainauthopnarma.top | fakeapp | |
domainayto-alcaladehenares.top | fakeapp | |
domainbitdforge.digital | fakeapp | |
domainblackchina.info | fakeapp | |
domaincastielgroup.top | fakeapp | |
domainclevorion.digital | fakeapp | |
domaincorepulseicux.digital | fakeapp | |
domaincoreshifticux.digital | fakeapp | |
domaincyberauthnova.top | fakeapp | |
domaindatacrafticux.digital | fakeapp | |
domaindeltapoinat.info | fakeapp | |
domaindelvdaris.info | fakeapp | |
domaindischool.top | fakeapp | |
domaineverestschool.top | fakeapp | |
domainfagval.top | fakeapp | |
domainferventa.info | fakeapp | |
domainfreemancan.top | fakeapp | |
domaingeomonit.top | fakeapp | |
domaingravonixis.digital | fakeapp | |
domaingroventris.digital | fakeapp | |
domainhansenbeck.top | fakeapp | |
domainilventra.info | fakeapp | |
domainilytronix.digital | fakeapp | |
domaininovrya.digital | fakeapp | |
domainjaventria.digital | fakeapp | |
domainjorvantis.digital | fakeapp | |
domainkavinengg.top | fakeapp | |
domainlyvantor.digital | fakeapp | |
domainlyventara.info | fakeapp | |
domainmjbmt.top | fakeapp | |
domainmoralzarzal.top | fakeapp | |
domainmornexis.digital | fakeapp | |
domainmunicipalidadchillan.top | fakeapp | |
domainnerovantis.digital | fakeapp | |
domainomniacore.digital | fakeapp | |
domainoryntal.digital | fakeapp | |
domainoxantra.info | fakeapp | |
domainparvantis.info | fakeapp | |
domainpixeldenzone.top | fakeapp | |
domainprimevxanta.info | fakeapp | |
domainprivelta.info | fakeapp | |
domainprysmoria.digital | fakeapp | |
domainprystoria.digital | fakeapp | |
domainpulseforgeicux.digital | fakeapp | |
domainqentrios.digital | fakeapp | |
domainquantumcoreicux.digital | fakeapp | |
domainquantumrise.digital | fakeapp | |
domainquentrios.digital | fakeapp | |
domainquivelta.info | fakeapp | |
domainroyalschool.top | fakeapp | |
domainservanta.info | fakeapp | |
domainsignalmatrixicux.digital | fakeapp | |
domainsolvatrix.info | fakeapp | |
domainsolvenwtra.info | fakeapp | |
domainsolxvanta.info | fakeapp | |
domainsovereignix.info | fakeapp | |
domainstreamsphereicux.digital | fakeapp | |
domainsynercore.info | fakeapp | |
domaintraxionis.info | fakeapp | |
domaintrivantaw.info | fakeapp | |
domaintrovantis.digital | fakeapp | |
domainulventis.info | fakeapp | |
domainvarnaxis.info | fakeapp | |
domainvectivex.info | fakeapp | |
domainvectornet.digital | fakeapp | |
domainvehicentro.top | fakeapp | |
domainveracode.top | fakeapp | |
domainveranix.info | fakeapp | |
domainveridantix.info | fakeapp | |
domainveriqrypt.top | fakeapp | |
domainvertexia.info | fakeapp | |
domainvynestris.digital | fakeapp | |
domainwatersealuae.top | fakeapp | |
domainworkvanta.info | fakeapp | |
domainwornaxis.info | fakeapp | |
domainxornaxis.info | fakeapp | |
domainyorvantra.digital | fakeapp | |
domainzacftve.digital | fakeapp | |
domainzalentris.info | fakeapp | |
domainzandaris.info | fakeapp | |
domainzanteros.info | fakeapp | |
domainzarmetis.info | fakeapp | |
domainzarnetrix.info | fakeapp | |
domainzarnotis.info | fakeapp | |
domainzavalon.info | fakeapp | |
domainzearonis.info | fakeapp | |
domainzenfira.info | fakeapp | |
domainzenlatis.info | fakeapp | |
domainzenquate.info | fakeapp | |
domainzentaris.info | fakeapp | |
domainzentavix.info | fakeapp | |
domainzenvaris.info | fakeapp | |
domainzenviro.info | fakeapp | |
domainzephyria.info | fakeapp | |
domainzervantia.info | fakeapp | |
domainzervonis.info | fakeapp | |
domainzmcftetric.digital | fakeapp | |
domainzomentis.info | fakeapp | |
domainzomsera.info | fakeapp | |
domainzorantis.info | fakeapp | |
domainzorarntis.info | fakeapp | |
domainzoravian.info | fakeapp | |
domainzorelix.info | fakeapp | |
domainzoritha.info | fakeapp | |
domainzornalix.info | fakeapp | |
domainzornelix.info | fakeapp | |
domainzorvanta.info | fakeapp | |
domainzorvesntis.info | fakeapp | |
domainzoryntis.info | fakeapp | |
domainzosntrix.info | fakeapp | |
domainzovarnis.info | fakeapp | |
domainzoventrix.info | fakeapp | |
domainzulventra.info | fakeapp | |
domainzumarix.info | fakeapp | |
domainzumintra.info | fakeapp | |
domainzunaris.info | fakeapp | |
domainzuvantis.info | fakeapp | |
domainzuvoria.info | fakeapp | |
domainzycftno.digital | fakeapp | |
domainzylantis.info | fakeapp | |
domainzylentara.info | fakeapp | |
domainzylesntis.info | fakeapp | |
domainzylontra.info | fakeapp | |
domainzylora.info | fakeapp | |
domainzylorantis.info | fakeapp | |
domainzylorion.info | fakeapp | |
domainzylvantis.info | fakeapp | |
domainzylventis.info | fakeapp | |
domainzynatrix.info | fakeapp | |
domainzyraltris.info | fakeapp | |
domainzyrenstis.info | fakeapp | |
domainzyrontis.info | fakeapp | |
domainsecuredoc.fagval.top | fakeapp | |
domainm3ksukzn2glzfdvlusohril7n3iyk4z4fudf6mm22lwhpbpt5aiee5qd.onion | exitium | |
domaincoco2-hram.com | osx_atomic | |
domaininstall-files.com | osx_atomic | |
domainjaxfamilylawyers.com | osx_atomic | |
domainclaude-code-docs-app.craft.me | osx_atomic | |
domainclaude-code.install-files.com | osx_atomic | |
domaindocs-claude-code-app.squarespace.com | osx_atomic | |
domaingoogle-notebooklm.install-files.com | osx_atomic | |
domainkimi.install-files.com | osx_atomic | |
domainmac-storage-optimazer.craft.me | osx_atomic | |
domainmacstorage-cleaner.craft.me | osx_atomic | |
domainnotebooklm-last-version.squarespace.com | osx_atomic | |
domainopenclaw-dwnl.squarespace.com | osx_atomic | |
domainopenclaw.install-files.com | osx_atomic | |
domainqwen.install-files.com | osx_atomic | |
domainzimbramail-nayatel.leapcell.app | apt_sidewinder |
Ip
| Value | Description | Copy |
|---|---|---|
ip43.99.37.69 | cyberstrikeai | |
ip149.33.22.222 | android_bankbot | |
ip149.56.205.237 | android_bankbot | |
ip192.99.226.117 | android_bankbot | |
ip206.0.29.58 | android_bankbot | |
ip212.69.5.12 | android_bankbot | |
ip212.69.5.84 | android_bankbot | |
ip34.227.229.85 | android_bankbot | |
ip51.222.75.248 | android_bankbot | |
ip51.222.75.250 | android_bankbot | |
ip41.216.188.46 | generic_stealer | |
ip149.104.104.244 | psransom_c2 | |
ip173.180.247.200 | elf_generic | |
ip23.94.145.120 | nightshadec2 | |
ip80.253.251.8 | powershell_injector | |
ip178.16.55.40 | powershell_injector | |
ip198.251.89.239 | powershell_injector | |
ip172.94.9.4 | netsupport |
Threat ID: 69b46b7a2f860ef94391c798
Added to database: 3/13/2026, 7:54:34 PM
Last enriched: 3/13/2026, 7:55:02 PM
Last updated: 3/14/2026, 3:29:08 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Sort by
Loading community insights…
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
PRO
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Please log in to the Console to use AI analysis features.
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Breach by OffSeqOFFSEQFRIENDS — 25% OFF
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
OffSeq TrainingCredly Certified
Lead Pen Test Professional
Technical5-day eLearningPECB Accredited