Reconnecting to live updates…
Maltrail IOC for 2026-03-25
Severity: mediumType: malware
Maltrail IOC for 2026-03-25
AI Analysis
Technical Summary
The provided information describes a malware-related Indicator of Compromise (IOC) identified on March 25, 2026, sourced from the CIRCL OSINT Feed and disseminated under a clear traffic light protocol (TLP) classification. The IOC is part of Maltrail, a network traffic detection system designed to identify suspicious or malicious network activity. However, the data lacks specific technical indicators such as IP addresses, domain names, file hashes, or behavioral patterns that would allow precise identification or mitigation. No affected software versions or products are listed, and no patches or fixes are available, indicating this is an observational report rather than a vulnerability announcement. The threat is tagged with medium severity, reflecting a moderate risk level based on the nature of the malware and network activity observed. There are no known exploits in the wild, suggesting the threat is either emerging or not actively weaponized at this time. The event is classified as an OSINT observation with unsupervised automation, implying it was collected manually and may require further validation. The lack of CWE identifiers and detailed technical data limits the ability to perform deep forensic or incident response actions. This IOC serves primarily as a situational awareness tool for security teams to enhance monitoring and detection capabilities within their network environments.
Potential Impact
The potential impact of this threat is moderate given the medium severity rating and the absence of known active exploits. Organizations worldwide could face increased risk of network intrusion attempts or malware infections if this IOC corresponds to emerging malicious activity. Without specific indicators, the threat may evade detection by traditional signature-based defenses, potentially allowing attackers to establish footholds or exfiltrate data. The lack of patches means that mitigation relies heavily on detection and response rather than vulnerability remediation. If exploited, impacts could include compromised confidentiality through data leakage, integrity violations via unauthorized modifications, and availability disruptions from malware operations. However, the current lack of active exploitation and detailed indicators suggests the immediate risk is contained. Organizations with mature network monitoring and threat intelligence integration are better positioned to detect and mitigate any attempts leveraging this IOC. Conversely, entities lacking such capabilities may experience delayed detection and response, increasing potential damage.
Mitigation Recommendations
To mitigate risks associated with this IOC, organizations should: 1) Integrate Maltrail and CIRCL OSINT feeds into their Security Information and Event Management (SIEM) and Intrusion Detection Systems (IDS) to enhance visibility of suspicious network activity. 2) Conduct regular network traffic analysis focusing on anomalies that could indicate malware communication or command and control activity, even in the absence of specific IOC details. 3) Employ behavioral analytics and anomaly detection tools to identify deviations from normal network patterns. 4) Maintain up-to-date endpoint protection and network segmentation to limit malware spread if infection occurs. 5) Train security teams to interpret OSINT threat intelligence critically, recognizing the difference between observational data and confirmed active threats. 6) Establish incident response playbooks that include procedures for handling emerging IOCs without direct exploit evidence. 7) Collaborate with threat intelligence sharing communities to receive updates if this IOC evolves into a more concrete threat. 8) Ensure robust logging and monitoring to facilitate forensic analysis if suspicious activity related to this IOC is detected. These steps go beyond generic advice by emphasizing proactive network monitoring and intelligence integration tailored to the nature of this observational IOC.
Affected Countries
United States, Germany, France, United Kingdom, Netherlands, Japan, South Korea, Australia, Canada, Singapore
Indicators of Compromise
- url: https://api.github.com/repos/stamparm/maltrail/commits/3ac7360d58e8ed6d5ffc0d06be500973ed4623bc
- url: https://www.virustotal.com/gui/file/a8d214b32d8d0074b8dd8682852a66e9b4dd8566ea2e5255085858bc64034f44/detection
- ip: 86.54.24.144
- url: https://api.github.com/repos/stamparm/maltrail/commits/ed88fa18ac75728b744e168364872d450f8565f6
- domain: 0pen-cache.thornbay.in.net
- domain: atomiclogichub.in.net
- domain: br1ghtpath.in.net
- domain: brimvale.in.net
- domain: brokerancient.br1ghtpath.in.net
- domain: chrysalisbuffer.in.net
- domain: cinder-row.in.net
- domain: cl0verrun.in.net
- domain: cl1store.chrysalisbuffer.in.net
- domain: cl1sync.inertialstreamhub.in.net
- domain: cl2remote.chrysalisbuffer.in.net
- domain: cl3dev.entropicbuffergate.in.net
- domain: cl3edge.inertialstreamhub.in.net
- domain: cl3view.synchrometrixbox.in.net
- domain: cl4static.inertialstreamhub.in.net
- domain: coherentmetricunit.in.net
- domain: coresal.cinder-row.in.net
- domain: cornpu-sheet.cinder-row.in.net
- domain: cr4ftlane.in.net
- domain: dev3field.atomiclogichub.in.net
- domain: dev4work.tensorvortexlink.in.net
- domain: dr4w-trail.ember-grid.in.net
- domain: duskforge.in.net
- domain: dynamicshubpoint.in.net
- domain: ember-grid.in.net
- domain: entropicbuffergate.in.net
- domain: ext2core.spiraclelinkhub.in.net
- domain: ext3data.modularpathfinder.in.net
- domain: ext3gate.mandibulateflow.in.net
- domain: ext3gate.wavefrontgateway.in.net
- domain: ext3ghost.nebularpointtrace.in.net
- domain: ext4view.nebularpointtrace.in.net
- domain: ext4view.spiraclelinkhub.in.net
- domain: exuviaestreamnet.in.net
- domain: f1x-grid.fluxhaven.in.net
- domain: fluxhaven.in.net
- domain: formicidavortex.in.net
- domain: globalker.fluxhaven.in.net
- domain: inertialstreamhub.in.net
- domain: kinematicflowunit.in.net
- domain: larkspin.in.net
- domain: mandibulateflow.in.net
- domain: microbefiel.oakmelt.in.net
- domain: modularpathfinder.in.net
- domain: n0tif-beam.brimvale.in.net
- domain: nebularpointtrace.in.net
- domain: oakmelt.in.net
- domain: organizegat.silver-dock.in.net
- domain: p4tter-array.skylint.in.net
- domain: pvjm75x.silver-dock.in.net
- domain: quor-venis.oakmelt.in.net
- domain: rnedia-field.duskforge.in.net
- domain: roufor.larkspin.in.net
- domain: scutellummatrix.in.net
- domain: sewvyh.thornbay.in.net
- domain: silver-dock.in.net
- domain: skylint.in.net
- domain: spiraclelinkhub.in.net
- domain: stone-blink.in.net
- domain: svc1proc.exuviaestreamnet.in.net
- domain: svc2base.dynamicshubpoint.in.net
- domain: svc2data.kinematicflowunit.in.net
- domain: svc2steel.viscositydataloop.in.net
- domain: svc3user.dynamicshubpoint.in.net
- domain: svc3user.scutellummatrix.in.net
- domain: svc4link.scutellummatrix.in.net
- domain: svc4sat.exuviaestreamnet.in.net
- domain: svc4static.formicidavortex.in.net
- domain: synchrometrixbox.in.net
- domain: tensorvortexlink.in.net
- domain: thornbay.in.net
- domain: trifluxos.skylint.in.net
- domain: v4lle-route.silver-dock.in.net
- domain: viscositydataloop.in.net
- domain: vividfox.in.net
- domain: voicetrusted.cr4ftlane.in.net
- domain: watc2-crest.ember-grid.in.net
- domain: wavefrontgateway.in.net
- domain: wdpoqr.thornbay.in.net
- domain: zennexen.larkspin.in.net
- domain: app-unboncce.com
- domain: disable-californiabankofcommerce.com
- domain: doh1.hanime.sbs
- domain: hanime.sbs
- domain: quickfilespro.com
- domain: slimeglyphmomentumgame.com
- domain: valhadex.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/cd8c69e7cde414a37e24c02739b65d749110ffed
- domain: wxcdc.movaci.net
- url: https://api.github.com/repos/stamparm/maltrail/commits/24e8dde46aaa3550c22dff007c8484bdeda82371
- url: https://www.virustotal.com/gui/file/cf36607a670996c7b8b275132bef9e8faacf5f97a3268edaa23b5e2e5a3fdf29/detection
- domain: zentracreatives.com
- domain: abgcrap.icu
- domain: bawgzin.icu
- domain: brpuwfyu.icu
- domain: bxiyeqc.icu
- domain: cnaiuks.icu
- domain: djgekcf.icu
- domain: dmqmfsp.icu
- domain: dpauxka.icu
- domain: fbyaduc.icu
- domain: fyosies.icu
- domain: hlhlwqqk.icu
- domain: huwgjgf.icu
- domain: hxxwzuge.icu
- domain: japwwtau.icu
- domain: jpdmrpgf.icu
- domain: ngyoawu.icu
- domain: nklojjap.icu
- domain: pjvdraqo.icu
- domain: pvloreop.icu
- domain: qoyvtwk.icu
- domain: qridoou.icu
- domain: rbltjvqp.icu
- domain: rnrxmzoj.icu
- domain: rydhrdif.icu
- domain: ttrceqqj.icu
- domain: vijgbyia.icu
- domain: xhtvmkyz.icu
- domain: zlpphjou.icu
- domain: zzzeefya.icu
- url: https://api.github.com/repos/stamparm/maltrail/commits/de0a44ee5111aa9f95dcd2941a2d9a5226549124
- domain: bookepw.com
- domain: fileambervault.com
- domain: filebasecloud.com
- domain: filebinarycraft.com
- domain: fileblobforge.com
- domain: filebyteworks.com
- domain: filecloudsplice.com
- domain: filecobweb.com
- domain: filecrystalloom.com
- domain: filedriveforge.com
- domain: filedriveshard.com
- domain: fileechoport20.com
- domain: filefetchloom.com
- domain: fileflowcloud.com
- domain: fileframelink.com
- domain: fileframelogic.com
- domain: filegridlabs.com
- domain: fileivoryspark.com
- domain: filematrixvault.com
- domain: fileoaklane.com
- domain: fileorbitfactory.com
- domain: filepixelcache.com
- domain: filepowerhouse.com
- domain: fileshadowlane.com
- domain: filestellarhive.com
- domain: filevertexlab.com
- domain: filevortexink.com
- domain: filrnextfolder.com
- domain: filropenstorage.com
- domain: lesbianbreakup.com
- domain: macsoft848os.info
- domain: macsoft848os.online
- domain: macsoft849os.info
- domain: macsoft849os.online
- domain: mainporno.com
- domain: nebulasyncforge5.mom
- domain: techplw.com
- domain: update.bookepw.com
- domain: thecapitalaesthethic.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/3dad02fd7f7b2feea76308aa25ca23d6be940d9b
- url: https://x.com/skocherhan/status/2036444684436865138
- domain: 12-ko-official.com
- domain: login-co-kr.com
- domain: navercorp.store
- domain: com.12-ko-official.com
- domain: naaverrr.com.12-ko-official.com
- domain: naverr.com.12-ko-official.com
- domain: naverrr.com.12-ko-official.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/5799ec1daf5808859ab75afccf70cf08eca578ce
- domain: silverhost.vg
- url: https://api.github.com/repos/stamparm/maltrail/commits/54ec58d8735c91ad0197db1245557669d7af3807
- domain: examplestore.xyz
- domain: friendjewel.cfd
- domain: snailswaves.info
- domain: startbreath.info
- domain: statementtouch.xyz
- domain: systemmeal.space
- url: https://api.github.com/repos/stamparm/maltrail/commits/92f7caafe9327ff156bb2c68678f33bdb2a3b12b
- domain: flowcss.icu
- url: https://api.github.com/repos/stamparm/maltrail/commits/fa445757ae67cb4dc59ce42aed9b978afe0d735c
- domain: ccnpart.kro.kr
- domain: drive.ccnpart.kro.kr
- domain: nid-naverhoc.onthewifi.com
- domain: nid-naverpep.servequake.com
- domain: nid-naveruiw.servegame.com
- domain: nid-service.nvctop.dynv6.net
- domain: nvctop.dynv6.net
- url: https://api.github.com/repos/stamparm/maltrail/commits/7a6f73f23708e84da375738f752d68bcfd334942
- domain: exquens.world
- domain: golaby.cyou
- domain: rehyp.club
- url: https://api.github.com/repos/stamparm/maltrail/commits/c4e0e8aa03657f297fcd9f0879ce98303516950b
- url: https://github.com/hagezi/dns-blocklists/issues/9494
- domain: aisixiazai.top
- domain: aisizzhushou.com.cn
- domain: cn-i4.com
- domain: i4usc.com
- domain: mz-wps.com.cn
- domain: st-wps.com.cn
- domain: wps-cn.im
- domain: wps-office.cn
- url: https://api.github.com/repos/stamparm/maltrail/commits/258d385e1a3c37802178823533e8bd21d0b89f7d
- ip: 104.167.196.22
- ip: 175.178.190.133
- ip: 193.222.99.148
- ip: 43.132.155.28
- ip: 45.8.30.146
- ip: 45.8.30.149
- ip: 66.29.138.247
- ip: 66.29.138.250
- ip: 82.156.203.34
- url: https://api.github.com/repos/stamparm/maltrail/commits/2ba359f5e96ce67d16648529bdeb656ac748e551
- url: https://x.com/RexorVc0/status/2036703151303065880
- url: https://mp.weixin.qq.com/s?__biz=MzUyMjk4NzExMA==&mid=2247508035&idx=1&sn=4d58712823b2121714adf4edbea69f60&chksm=f9c1934aceb61a5c9f3a225a38ac04498862d4a49f7c1aeb76dd2c15ed572cd3fc667fa2b0f3&scene=178&cur_album_id=1955835290309230595&search_click_id
- ip: 146.59.116.226
- ip: 57.128.59.134
- domain: dontgivedamn.com
- domain: dontgivefuck.com
- domain: massgrave.link
- domain: sumbur.net
- domain: i2rgcvog6cypjohfzfzw3d5kqgoobkzlbchsdxx4gm7lyaxn5nfp6bid.onion
- domain: n6b6j4vlkc4ak343j4fmuwmosxtwrft6bph5s5562lefji4a475smuad.onion
- url: https://api.github.com/repos/stamparm/maltrail/commits/98c129a7f0d71541d77a88e892d19466ee9200c7
- url: https://x.com/malwrhunterteam/status/2036416032328294402
- domain: 1-4-9.com
- domain: 4-1-7.com
- domain: download-version.1-4-9.com
- domain: download-version.4-1-7.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/139387bf7964bb6bce409bfbea8d2b83cab3eee5
- url: https://x.com/smica83/status/2036395637067956443
- url: https://tria.ge/260324-mjcg8ahz8n/behavioral1
- url: https://www.virustotal.com/gui/ip-address/45.94.47.164/relations
- domain: clearvoyage.digital
- domain: ecs-ent-aff-mgr.in.net
- domain: 3cc1deb7404a7e9b.ecs-ent-aff-mgr.in.net
- url: https://api.github.com/repos/stamparm/maltrail/commits/93b973d52e50d94a862b3a3308c07b0438297c56
- url: https://x.com/smica83/status/2036431950475338039
- domain: move-friendly-international-observed.trycloudflare.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/51d14f4ea2dbaacb5fe023d046323300a9f8c556
- url: https://x.com/smica83/status/2036430219716776339
- domain: gore-francis-grad-pts.trycloudflare.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/6613038f1a56ac95b4f9b37d966ae71247a50963
- url: https://x.com/smica83/status/2036429671370310025
- domain: lens-islands-talk-marshall.trycloudflare.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/3623afa83516864c63e84734daf0384c5762402a
- url: https://www.virustotal.com/gui/file/75749c315f39faf32ab6758f3c1cb0cc992150ab4a3e841a3afc5679bb639ab1/detection
- domain: zonawood.org
- url: https://api.github.com/repos/stamparm/maltrail/commits/0047ff05a7c019372951bb9cda6e382134dd896d
- ip: 194.5.97.169
- ip: 38.180.74.20
- ip: 46.249.38.250
- domain: 194.5.97.169.sslip.io
- domain: 195-66-213-170.cprapid.com
- domain: 38.180.74.20.nip.io
- domain: 46.249.38.250.sslip.io
- domain: app.38.180.74.20.nip.io
- domain: clentcomparing.com
- domain: findnextfriend.com
- domain: gdqhvip.vip
- domain: internetconfigonline.com
- domain: m.gdqhvip.vip
- domain: mmbett.duckdns.org
- domain: n8n.nonny-36nryc.gbnet.cloud
- domain: nextfun-nextfriend.com
- domain: ovz.control-panel.in
- domain: servertoolsonline.com
- domain: such-feel-report.com
- domain: vpn379787997.softether.net
- url: https://api.github.com/repos/stamparm/maltrail/commits/9fded0cea0b2f4d5b59beced3cf2de4aecaddce5
- url: https://x.com/Cyberteam008/status/2036635966828613672
- url: https://www.virustotal.com/gui/file/b23638604c651ac03c5e5c30e6496553160f6421efa34a564e768815c624a11c/detection
- ip: 103.114.203.75
- domain: fdcvgbb.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/eaf6f291da4cc2a5c99d928dc75855be7f70b43f
- url: https://x.com/ElementalX2/status/2036664090240921785
- domain: juneagntrecdn.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/1b3902d5b01a647a02755a3553027e5f88ceaa81
- url: https://www.virustotal.com/gui/ip-address/89.125.152.220/relations
- domain: 1a.jokerstash.me
- domain: carder007.ws
- domain: carder007a.carder007.ws
- domain: carder007ba.carder007.ws
- domain: carder007s.carder007.ws
- domain: cvvshop.hk
- domain: dc-09cd3891394a.carder007.ws
- domain: flowiseai-demo.carder007.ws
- domain: j-stash.cc
- domain: j-stash.org
- domain: joker-stash.org
- domain: jokerstash.me
- domain: rescator.mn
- domain: tc.carder007.ws
- domain: uniccbazar.cc
- url: https://api.github.com/repos/stamparm/maltrail/commits/00b96976d38f24bbe3aeba949f81dd01153eba76
- url: https://x.com/JAMESWT_WT/status/2036693536607785324
- url: https://app.any.run/tasks/c511d6ef-a4c7-4bfd-8a9b-45f771fdd19c
- domain: extranetpulsereservation.help
- domain: oxfordmobilexray.com
- domain: reservacontrolpaneltax.com
- domain: wultorymusi.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/4d518a3fa42686f1f99f463c420ce0f096e59dbf
- url: https://github.com/ChainK1ll/Daily_Intel/blob/main/macOS%20Stealers/MacSync
- domain: alhpaagent.com
- domain: ejecen.com
- domain: famiode.com
- domain: galxyagent.com
- domain: gatwayagent.com
- domain: gaurdagent.com
- domain: holedagent.com
- domain: mansfieldpediatrics.com
- domain: mayelu.com
- domain: ptrei.com
- domain: selfreflectiveai.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/45801604cb1612ce6b4321ea3ab6d03ea586abe6
- domain: 1l.decentralizedsystem.world
- domain: 1l.gangworks.org
- domain: 1s.rugmerfer.top
- domain: 2025elevatedigital.com
- domain: 25.snipersys.com
- domain: 3x.dogwifhats.com
- domain: 49.raydiumapp.com
- domain: 4m.punchtoken.fun
- domain: 5u.deepalpha.trade
- domain: 6c.crypto-sola.fun
- domain: 6l.solanarpc.space
- domain: 6q.lunalaunch.help
- domain: 6t.candycluster.cc
- domain: 7.dosq-opl.shop
- domain: 74.autismcoin.club
- domain: 7h.solanadrops.fun
- domain: 7p.phantom-cards.cc
- domain: 7p.staratlas.world
- domain: 8a.sol-reward.space
- domain: 8v.pl-dostawak.shop
- domain: afrighttechco.click
- domain: agistgrid.digital
- domain: akhisardugunsalonu.com
- domain: aldayspace.click
- domain: allrideschool.com
- domain: almightcloud.click
- domain: amacrinespace.digital
- domain: ameeratestudio.click
- domain: aml-checking.website
- domain: anarchistunion.net
- domain: apex101engine.digital
- domain: api.buychinproduct.top
- domain: api.solhub.lol
- domain: apple-cash.com
- domain: artalstack.digital
- domain: arworld.top
- domain: asynergyspace.click
- domain: aurum21partners.digital
- domain: aurumcoresolutionsco.click
- domain: autismcoin.club
- domain: autoistcloud.click
- domain: avtokreslo-dak.ru
- domain: axisme-diaspace.buzz
- domain: b7.solana-advent.sbs
- domain: baboenhubio.click
- domain: baseultrahub.digital
- domain: bekahovaventures.click
- domain: bemufflestack.click
- domain: bilberrystackco.digital
- domain: billbackflow.click
- domain: bitheismbase.digital
- domain: biwosatuyuiaventures.click
- domain: blastfi.app
- domain: bq.solmultiply.shop
- domain: britzkacore.click
- domain: bromiangrid.click
- domain: brookiertech.click
- domain: budesuonmanagement.digital
- domain: bullx.bio
- domain: bummesttech.click
- domain: bushwahhub.click
- domain: buychinproduct.top
- domain: byoncloud.digital
- domain: calybitebase.digital
- domain: campbase.digital
- domain: candycluster.cc
- domain: cassockgridco.digital
- domain: chainsevernet.xyz
- domain: charizardcoin.net
- domain: chevronycore.digital
- domain: chintai.live
- domain: chirkhub.click
- domain: clou-d2trust.click
- domain: cloud101group.click
- domain: cloudfuturepoint.click
- domain: cm.charizardcoin.net
- domain: collectormigrate.xyz
- domain: comptiebase.digital
- domain: conformation-1861.shop
- domain: conformation-1867.shop
- domain: conformation-1871.shop
- domain: conformation-1894.shop
- domain: conformation168.shop
- domain: conformation178.shop
- domain: core-link.click
- domain: corexmeshplatform.forum
- domain: cozefibubausanalytics.digital
- domain: croydonflow.click
- domain: crypto-sola.fun
- domain: cubatorystack.click
- domain: cuguhoporuacollective.click
- domain: cutogeonconsulting.digital
- domain: cyb-partn1.click
- domain: cyb-prtnr.sbs
- domain: cyb-prtnrs.click
- domain: cyber-p8rt.sbs
- domain: cyber-prtn.sbs
- domain: cyber-ptn.click
- domain: cyber-ptr.click
- domain: cyber-xyz.click
- domain: cyberprt-n.sbs
- domain: dadodadutamanagementinc.click
- domain: dat-aonedynamics.digital
- domain: data-chainomni.forum
- domain: datametricsinvest.digital
- domain: ddr64.ru
- domain: decentralizedsystem.world
- domain: deepalpha.trade
- domain: deltaworksmesh.click
- domain: derisodoonsolutions.digital
- domain: despisestack.digital
- domain: devbyahe.xyz
- domain: dinukovoranalytics16.click
- domain: discordweb3guildguard.app
- domain: divataworksio.digital
- domain: divumoiaconsultingco.digital
- domain: dns1.s0lana.com
- domain: dogwifhats.com
- domain: doomcoin.lat
- domain: dosq-opl.shop
- domain: dostw-208.info
- domain: draerp.vn
- domain: drumfishbaseco.click
- domain: duskieststack.click
- domain: dystociastackco.digital
- domain: e0.chainsevernet.xyz
- domain: eclectic.kioskrecords.com
- domain: eligible.icu
- domain: emittech.click
- domain: encroachbase.digital
- domain: ene-eme.com
- domain: eogaeanstudio.click
- domain: eupnoeaspace.click
- domain: eventdriven-stream-api.icu
- domain: excel-api.solmage.com
- domain: excitatelayerio.click
- domain: fa.webresolvvsol.xyz
- domain: fajorideiacollectivenet.click
- domain: falusuaoperations.click
- domain: feretrumtech.digital
- domain: ferncore.digital
- domain: focusforgedev.digital
- domain: focuspatternmesh.click
- domain: fontech.co
- domain: frescadecore.click
- domain: fundra64resources.click
- domain: funkiesthub.digital
- domain: funstercore.digital
- domain: fuqafehaexpartners.click
- domain: g7.whitewhalememe.top
- domain: gangworks.org
- domain: ganzatech.digital
- domain: genesisdynamics.click
- domain: geocodefactory.click
- domain: georgeplaysclashroyale.io
- domain: gettrumprewards.com
- domain: github.pages-gists.com
- domain: gitiguyuveoninvestments.click
- domain: gizipeexmanagementinc.click
- domain: gobanglayer.click
- domain: gooseonsol.lol
- domain: goundoustudio.digital
- domain: granambase.digital
- domain: gridtrusttrust.digital
- domain: haulergrid.digital
- domain: heardlabsio.digital
- domain: hepaxuorsystems.click
- domain: hickoryflow.digital
- domain: highmoorstack.digital
- domain: hoboelabs.click
- domain: honecohaventures.digital
- domain: hugmateeflow.digital
- domain: hw5wtsdm.top
- domain: hy.conformation168.shop
- domain: hyoideanbase.digital
- domain: hz.conformation178.shop
- domain: ia.solana-sniper-ai.icu
- domain: ie.jupitersol-swap.com
- domain: illegalities.xyz
- domain: initia64analytics.digital
- domain: inwindstudio.digital
- domain: ipfs.arworld.top
- domain: itherflowio.digital
- domain: itsmarkkacy.lol
- domain: j8.aml-checking.website
- domain: jadenousholdings.digital
- domain: jeannestack.digital
- domain: jececaluceisinvestments24.sbs
- domain: jepaharesiagroup.sbs
- domain: johnformi.com
- domain: junctiveflowco.digital
- domain: jupchains.com
- domain: jupiters.icu
- domain: jupitersol-swap.com
- domain: jw.thevoidprotocol.fun
- domain: jx.gettrumprewards.com
- domain: kalianatech.click
- domain: keystone16partners.digital
- domain: keystone48consulting.click
- domain: kibuzoonindustries99.forum
- domain: kigamoxegionpartners.digital
- domain: kioskrecords.com
- domain: kisthubco.click
- domain: kiwefuxaaservices.digital
- domain: kk.conformation-1861.shop
- domain: kl.conformation-1871.shop
- domain: kmnocoin.run
- domain: kodogulabs.click
- domain: kq.conformation-1867.shop
- domain: kuhuvizarorgroup.digital
- domain: l-una.com
- domain: lampgrid.click
- domain: leimtypestudio.click
- domain: lendlend-app.fontech.co
- domain: link.akhisardugunsalonu.com
- domain: linkierp.com
- domain: listeriaflow.digital
- domain: live-id.online
- domain: lobmoney.lat
- domain: loungeworks.digital
- domain: lucidaecore.click
- domain: lunalaunch.help
- domain: lurkercore.digital
- domain: macro-bureaudelta.click
- domain: macroorbitpartners.click
- domain: mail.itsmarkkacy.lol
- domain: mail.najahak.net
- domain: mail.superaffiliate.id
- domain: mantonstudio.click
- domain: matrixnextmedia.pics
- domain: mecutapotissystems.digital
- domain: memedex.top
- domain: menziecore.digital
- domain: meridian8group.click
- domain: meshsystemsnano.sbs
- domain: metricssystemsgamma.sbs
- domain: meyacuxexgroup48.digital
- domain: mijebohumadvisory.click
- domain: mixoor.world
- domain: mockablespace.digital
- domain: monadnetwork.app
- domain: morbidflow.click
- domain: mullgrid.digital
- domain: mundillabs.click
- domain: mv.psmp.fun
- domain: mx.collectormigrate.xyz
- domain: n7.security-amlcheck.org
- domain: najahak.net
- domain: natestudio.click
- domain: ncaj.me
- domain: ne.l-una.com
- domain: neelghangridio.digital
- domain: negatorycore.digital
- domain: neowheels.ru
- domain: netidomexservicesnet.click
- domain: nipehekiciaconsultingnet.click
- domain: novasmartstudio.click
- domain: o0.sgjodwdoofqw123dsx.com
- domain: observercore.click
- domain: offwardworks.digital
- domain: old.allrideschool.com
- domain: omniapexmetrics.click
- domain: omniprimecloud2.click
- domain: ooliteflowco.digital
- domain: orbitglobalmesh.digital
- domain: ordiaunitedcapital.digital
- domain: outlook.live-id.online
- domain: pacacore.digital
- domain: pages-gists.com
- domain: paidlestack.click
- domain: palestineservers.com
- domain: palsifyspace.digital
- domain: pasespace.digital
- domain: paybacklayer.digital
- domain: pb.bullx.bio
- domain: pelmaticgrid.click
- domain: percidaeworks.digital
- domain: perusaltechco.click
- domain: petrogridco.click
- domain: phantom-cards.cc
- domain: photonsol-tinyastro.xyz
- domain: pinfallcore.click
- domain: pl-dostawak.shop
- domain: plummiergrid.digital
- domain: politureworks.digital
- domain: portolanlabs.click
- domain: potagegrid.click
- domain: praxismodernpartners.click
- domain: preclareflow.click
- domain: protoneworks.click
- domain: psmp.fun
- domain: punchtoken.fun
- domain: pycnidstack.click
- domain: q3.solany.pw
- domain: qapaqidoorsolutions.digital
- domain: qemezeraaadvisory.click
- domain: qinegiyalisholdings.sbs
- domain: qoturocumservices.digital
- domain: quantum24analytics.forum
- domain: ratfishspace.digital
- domain: ratumeraheismanagement.click
- domain: raydiumapp.com
- domain: rekebumigaaresources.click
- domain: reporting.monadnetwork.app
- domain: restantbase.digital
- domain: rise2alliance.click
- domain: riseglobalmodule.digital
- domain: rovetcloud.digital
- domain: rsvpstudio.click
- domain: rugmerfer.top
- domain: ruyibepipaonventures.digital
- domain: s0lana.com
- domain: sacepoqoiaanalytics8.digital
- domain: samsarastudio.click
- domain: security-amlcheck.org
- domain: segocloud.click
- domain: service.draerp.vn
- domain: severallayer.digital
- domain: sgjodwdoofqw123dsx.com
- domain: siacallelayer.click
- domain: siriwanlifestyle.com
- domain: sithlabs.click
- domain: sky-flow.sbs
- domain: sleepishcoreio.click
- domain: smart-path.click
- domain: smartstructmetrics.sbs
- domain: smervylayer.click
- domain: smtp.ene-eme.com
- domain: snipersys.com
- domain: snowfowlbase.digital
- domain: so.live-id.online
- domain: sol-reward.space
- domain: solana-advent.sbs
- domain: solana-sniper-ai.icu
- domain: solanadrops.fun
- domain: solanarpc.space
- domain: solany.pw
- domain: solcult.live
- domain: solhub.lol
- domain: soljup.pro
- domain: solmage.com
- domain: solmultiply.shop
- domain: solrotus.com
- domain: solsroll.com
- domain: solvia16ventures.click
- domain: somerivexal.sbs
- domain: somnifichub.click
- domain: sontagstack.digital
- domain: sornarebase.click
- domain: staging.admin.statics.spincity.ai
- domain: staratlas.world
- domain: static1.gum.ru
- domain: stickenhub.click
- domain: stritlabs.click
- domain: struckengrid.click
- domain: suedecore.digital
- domain: sulfurstack.digital
- domain: summitmodernsolutions.click
- domain: superaffiliate.id
- domain: supufuciaoperations.digital
- domain: t8.soljup.pro
- domain: talusfoundation.com
- domain: tamapokotiiapartners.click
- domain: tauntonbase.click
- domain: technoflowhub.click
- domain: technosystems.click
- domain: tepuvakormanagement.digital
- domain: terispace.click
- domain: terrasolutionsly.sbs
- domain: tesseraegridio.digital
- domain: tetaninetechio.click
- domain: tezzles.xyz
- domain: thanantech.click
- domain: thevoidprotocol.fun
- domain: thewhitehouse.lat
- domain: tittyhub.click
- domain: trysailcore.digital
- domain: tu.war-sol.com
- domain: tudelgrid.digital
- domain: tweellayer.click
- domain: typicworks.click
- domain: uf.ur-store.io
- domain: ulenoraxis.com
- domain: ultimohub.digital
- domain: ultragl-obalbureau.click
- domain: ultramodule-101.buzz
- domain: uncinchflowio.digital
- domain: underdogstudioio.digital
- domain: unshoutcloud.digital
- domain: unthornyworks.click
- domain: unwieldgrid.click
- domain: upsuckcoreco.click
- domain: ur-store.io
- domain: us.blastfi.app
- domain: v.georgeplaysclashroyale.io
- domain: va.memedex.top
- domain: velorixana.sbs
- domain: venturesorbitsystems.pics
- domain: veritacentralservicesltd.digital
- domain: verraystackio.digital
- domain: versinstack.click
- domain: veyuwufiscapital.click
- domain: viduguaresources.click
- domain: vortexaxisflow.digital
- domain: votepump.fun
- domain: w9.photonsol-tinyastro.xyz
- domain: wakwaficore.digital
- domain: wanokoorsystems.digital
- domain: war-sol.com
- domain: watadoyejisholdings.digital
- domain: waterefeumoperations.click
- domain: webresolvvsol.xyz
- domain: whatspie.com
- domain: whitewhalememe.top
- domain: wilqauedarem.sbs
- domain: ws.whatspie.com
- domain: x-money.lat
- domain: xq.chintai.live
- domain: xuqepinowasystems.click
- domain: xw.hw5wtsdm.top
- domain: y.jupchains.com
- domain: y3.linkierp.com
- domain: yabbilabs.click
- domain: yalebase.click
- domain: yelepepaorservices.click
- domain: yo.discordweb3guildguard.app
- domain: yp.devbyahe.xyz
- domain: yp.kmnocoin.run
- domain: ys.solcult.live
- domain: yt.jupiters.icu
- domain: yv.solsroll.com
- domain: z8.mixoor.world
- domain: zb.votepump.fun
- domain: zc.solrotus.com
- domain: zero69-safe.online
- url: https://api.github.com/repos/stamparm/maltrail/commits/5221476b86e260473c431180a00d49b74444d54b
- domain: ncdxbk.com
- domain: vstoki.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/d98d5996b70303aaae0e3e6c2deeec57028a7e89
- domain: 025f.cjmekxr.xyz
- domain: 07f61.ncjqeyid.com
- domain: 12cc.thqirrxu.com
- domain: 9f0.ncjqeyid.com
- domain: a1b2.icu
- domain: a84.cjmekxr.xyz
- domain: adbmdomt.top
- domain: albssssex1.com
- domain: albssssex10.com
- domain: albssssex2.com
- domain: albssssex3.com
- domain: albssssex4.com
- domain: albssssex5.com
- domain: albssssex6.com
- domain: albssssex7.com
- domain: albssssex8.com
- domain: albssssex9.com
- domain: aoiqi.com
- domain: assetvanta.com
- domain: b4689.ncjqeyid.com
- domain: bgubt.com
- domain: cjmekxr.xyz
- domain: cnssssex1.com
- domain: cnssssex10.com
- domain: cnssssex2.com
- domain: cnssssex3.com
- domain: cnssssex4.com
- domain: cnssssex5.com
- domain: cnssssex7.com
- domain: cnssssex8.com
- domain: cnssssex9.com
- domain: cryptonews1.com
- domain: cryptonews2.com
- domain: cryptonews3.com
- domain: cryptonews4.com
- domain: cryptonews5.com
- domain: demo.serve6688.com
- domain: dnmmo.com
- domain: en.assetvanta.com
- domain: en.vaultnoble.com
- domain: enssssex1.com
- domain: enssssex10.com
- domain: enssssex2.com
- domain: enssssex3.com
- domain: enssssex4.com
- domain: enssssex5.com
- domain: enssssex6.com
- domain: enssssex7.com
- domain: enssssex9.com
- domain: fltue.com
- domain: hk.assetvanta.com
- domain: hk.vaultnoble.com
- domain: hkcapitalsafe.com
- domain: hkfamilyasset.com
- domain: hkkeycontrol.com
- domain: hkkeycontrol.vip
- domain: hkprivateasset.com
- domain: hktradeharbor.com
- domain: hktrustadvisory.com
- domain: jpassetpreserve.com
- domain: jpfamilysecure.com
- domain: jptechshield.com
- domain: jptradingasset.com
- domain: jptrustadvisory.com
- domain: jpwealthguard.com
- domain: naohgnw.com
- domain: ncjqeyid.com
- domain: new-style-luxury.com
- domain: newsforcrypto1.com
- domain: newsforcrypto2.com
- domain: newsforcrypto3.com
- domain: newsforcrypto4.com
- domain: newsforcrypto5.com
- domain: nm.sod555.com
- domain: qvgbr.com
- domain: serve6688.com
- domain: sod555.com
- domain: thqirrxu.com
- domain: tvyuuuuce1.com
- domain: tvyuuuuce10.com
- domain: tvyuuuuce2.com
- domain: tvyuuuuce3.com
- domain: tvyuuuuce4.com
- domain: tvyuuuuce6.com
- domain: tvyuuuuce7.com
- domain: tvyuuuuce8.com
- domain: tvyuuuuce9.com
- domain: tw.assetvanta.com
- domain: tw.vaultnoble.com
- domain: vaultnoble.com
- domain: wd.cjmekxr.xyz
- domain: xw.ncjqeyid.com
- domain: y1.adbmdomt.top
- url: https://api.github.com/repos/stamparm/maltrail/commits/7a8b0ea1e2f8c3aca708372f50ac8d0ddf83f938
- domain: ataas.cl
- domain: checksystem.nl
- domain: deltaexchange.net
- domain: mscloudedge.com
- domain: smartscreenua.com
- domain: xtreme-vision.net
- domain: apidocs.ataas.cl
- domain: ovhphpmyadmin.xtreme-vision.net
- url: https://api.github.com/repos/stamparm/maltrail/commits/8a6df0ac5afa1642ede096bdd840c4598833a8b7
- url: https://x.com/SquiblydooBlog/status/2036582351342362779
- url: https://www.virustotal.com/gui/file/18c5b7a39be2f4a4b2fd45f0f273874f5efcc8751d4e592e5f2bcf6dbf781277/detection
- domain: animalsviewstory.com
- domain: blogpostmessage.com
- domain: creativecurrentmedia.com
- domain: dailydoodleart.com
- domain: oiedra.com
- domain: uoidsod.com
- domain: wandertalesblog.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/fb4526bcfed3c1c25fa61e53e4dd020479b8b46e
- url: https://github.com/ChainK1ll/Daily_Intel/blob/main/ClickFix
- domain: dopoboulogne.com
- domain: excel-piscines.com
- domain: landbankseeds.com
- domain: up2you37.fr
- url: https://api.github.com/repos/stamparm/maltrail/commits/b40f3e28451ed4fddb75557fc0ead5b0043f9ebc
- domain: axsiagent.com
- domain: beaocnagent.com
- domain: blnedagent.com
- domain: bnodagent.com
- domain: bodlagent.com
- domain: brigthagent.com
- domain: chianagent.com
- domain: cleraagent.com
- domain: clveeragent.com
- domain: codxeagent.com
- domain: coeragent.com
- domain: comteagent.com
- domain: conenctagent.com
- domain: congiagent.com
- domain: cosimcagent.com
- domain: curretagent.com
- domain: cybreagent.com
- domain: deppagent.com
- domain: digiralagent.com
- domain: dremaagent.com
- domain: ecnoagent.com
- domain: falsheagent.com
- domain: flmaeagent.com
- domain: flwoagent.com
- domain: fuesagent.com
- domain: glimemragent.com
- domain: glwoagent.com
- domain: goelagent.com
- domain: grnadagent.com
- domain: gylphagent.com
- domain: haertagent.com
- domain: havneagent.com
- domain: hbubagent.com
- domain: helxiagent.com
- domain: hmoeagent.com
- domain: hoepagent.com
- domain: insihgtagent.com
- domain: jionagent.com
- domain: liefagent.com
- domain: ligthagent.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/ce09b2eb209b43e60d6a7a6a86d935c787b8990b
- domain: pms-pro.us
- domain: teams-downloadhub.com
- domain: teams-official.com
- domain: windows-conference.com
- url: https://api.github.com/repos/stamparm/maltrail/commits/34536ff561e8e460ba11a4b69a8b93cfe7be716d
- url: https://x.com/malwrhunterteam/status/2036713296686911496
- domain: official-teams-storage.com
Maltrail IOC for 2026-03-25
0
MediumMalwaretlp:clearmalwaremisp:threat-level="medium-risk"misp:event-type="observation"misp:automation-level="unsupervised"type:osintosint:lifetime="perpetual"osint:source-type="manual-collection"
Published: Wed Mar 25 2026 (03/25/2026, 00:00:00 UTC)
Source: CIRCL OSINT Feed
Vendor/Project: tlp
Product: clear
Description
Maltrail IOC for 2026-03-25
AI-Powered Analysis
Machine-generated threat intelligence
AILast updated: 03/25/2026, 15:17:10 UTC
Technical Analysis
The provided information describes a malware-related Indicator of Compromise (IOC) identified on March 25, 2026, sourced from the CIRCL OSINT Feed and disseminated under a clear traffic light protocol (TLP) classification. The IOC is part of Maltrail, a network traffic detection system designed to identify suspicious or malicious network activity. However, the data lacks specific technical indicators such as IP addresses, domain names, file hashes, or behavioral patterns that would allow precise identification or mitigation. No affected software versions or products are listed, and no patches or fixes are available, indicating this is an observational report rather than a vulnerability announcement. The threat is tagged with medium severity, reflecting a moderate risk level based on the nature of the malware and network activity observed. There are no known exploits in the wild, suggesting the threat is either emerging or not actively weaponized at this time. The event is classified as an OSINT observation with unsupervised automation, implying it was collected manually and may require further validation. The lack of CWE identifiers and detailed technical data limits the ability to perform deep forensic or incident response actions. This IOC serves primarily as a situational awareness tool for security teams to enhance monitoring and detection capabilities within their network environments.
Potential Impact
The potential impact of this threat is moderate given the medium severity rating and the absence of known active exploits. Organizations worldwide could face increased risk of network intrusion attempts or malware infections if this IOC corresponds to emerging malicious activity. Without specific indicators, the threat may evade detection by traditional signature-based defenses, potentially allowing attackers to establish footholds or exfiltrate data. The lack of patches means that mitigation relies heavily on detection and response rather than vulnerability remediation. If exploited, impacts could include compromised confidentiality through data leakage, integrity violations via unauthorized modifications, and availability disruptions from malware operations. However, the current lack of active exploitation and detailed indicators suggests the immediate risk is contained. Organizations with mature network monitoring and threat intelligence integration are better positioned to detect and mitigate any attempts leveraging this IOC. Conversely, entities lacking such capabilities may experience delayed detection and response, increasing potential damage.
Mitigation Recommendations
To mitigate risks associated with this IOC, organizations should: 1) Integrate Maltrail and CIRCL OSINT feeds into their Security Information and Event Management (SIEM) and Intrusion Detection Systems (IDS) to enhance visibility of suspicious network activity. 2) Conduct regular network traffic analysis focusing on anomalies that could indicate malware communication or command and control activity, even in the absence of specific IOC details. 3) Employ behavioral analytics and anomaly detection tools to identify deviations from normal network patterns. 4) Maintain up-to-date endpoint protection and network segmentation to limit malware spread if infection occurs. 5) Train security teams to interpret OSINT threat intelligence critically, recognizing the difference between observational data and confirmed active threats. 6) Establish incident response playbooks that include procedures for handling emerging IOCs without direct exploit evidence. 7) Collaborate with threat intelligence sharing communities to receive updates if this IOC evolves into a more concrete threat. 8) Ensure robust logging and monitoring to facilitate forensic analysis if suspicious activity related to this IOC is detected. These steps go beyond generic advice by emphasizing proactive network monitoring and intelligence integration tailored to the nature of this observational IOC.
Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro
Technical Details
- Uuid
- c3a6a834-b558-4d12-85a5-eacbdb26d643
- Original Timestamp
- 1774447206
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://api.github.com/repos/stamparm/maltrail/commits/3ac7360d58e8ed6d5ffc0d06be500973ed4623bc | asyncrat | |
urlhttps://www.virustotal.com/gui/file/a8d214b32d8d0074b8dd8682852a66e9b4dd8566ea2e5255085858bc64034f44/detection | asyncrat | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/ed88fa18ac75728b744e168364872d450f8565f6 | ek_clearfake | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/cd8c69e7cde414a37e24c02739b65d749110ffed | hak5cloud_c2 | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/24e8dde46aaa3550c22dff007c8484bdeda82371 | fakeapp | |
urlhttps://www.virustotal.com/gui/file/cf36607a670996c7b8b275132bef9e8faacf5f97a3268edaa23b5e2e5a3fdf29/detection | fakeapp | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/de0a44ee5111aa9f95dcd2941a2d9a5226549124 | osx_atomic | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/3dad02fd7f7b2feea76308aa25ca23d6be940d9b | apt_kimsuky | |
urlhttps://x.com/skocherhan/status/2036444684436865138 | apt_kimsuky | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/5799ec1daf5808859ab75afccf70cf08eca578ce | lummac2 | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/54ec58d8735c91ad0197db1245557669d7af3807 | offloader | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/92f7caafe9327ff156bb2c68678f33bdb2a3b12b | magentocore | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/fa445757ae67cb4dc59ce42aed9b978afe0d735c | apt_kimsuky | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/7a6f73f23708e84da375738f752d68bcfd334942 | android_joker | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/c4e0e8aa03657f297fcd9f0879ce98303516950b | fakeapp | |
urlhttps://github.com/hagezi/dns-blocklists/issues/9494 | fakeapp | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/258d385e1a3c37802178823533e8bd21d0b89f7d | cyberstrikeai | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/2ba359f5e96ce67d16648529bdeb656ac748e551 | apt_sandworm | |
urlhttps://x.com/RexorVc0/status/2036703151303065880 | apt_sandworm | |
urlhttps://mp.weixin.qq.com/s?__biz=MzUyMjk4NzExMA==&mid=2247508035&idx=1&sn=4d58712823b2121714adf4edbea69f60&chksm=f9c1934aceb61a5c9f3a225a38ac04498862d4a49f7c1aeb76dd2c15ed572cd3fc667fa2b0f3&scene=178&cur_album_id=1955835290309230595&search_click_id | apt_sandworm | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/98c129a7f0d71541d77a88e892d19466ee9200c7 | fakeapp | |
urlhttps://x.com/malwrhunterteam/status/2036416032328294402 | fakeapp | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/139387bf7964bb6bce409bfbea8d2b83cab3eee5 | powershell_injector | |
urlhttps://x.com/smica83/status/2036395637067956443 | powershell_injector | |
urlhttps://tria.ge/260324-mjcg8ahz8n/behavioral1 | powershell_injector | |
urlhttps://www.virustotal.com/gui/ip-address/45.94.47.164/relations | powershell_injector | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/93b973d52e50d94a862b3a3308c07b0438297c56 | generic | |
urlhttps://x.com/smica83/status/2036431950475338039 | generic | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/51d14f4ea2dbaacb5fe023d046323300a9f8c556 | generic | |
urlhttps://x.com/smica83/status/2036430219716776339 | generic | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/6613038f1a56ac95b4f9b37d966ae71247a50963 | generic | |
urlhttps://x.com/smica83/status/2036429671370310025 | generic | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/3623afa83516864c63e84734daf0384c5762402a | powershell_injector | |
urlhttps://www.virustotal.com/gui/file/75749c315f39faf32ab6758f3c1cb0cc992150ab4a3e841a3afc5679bb639ab1/detection | powershell_injector | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/0047ff05a7c019372951bb9cda6e382134dd896d | plugx | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/9fded0cea0b2f4d5b59beced3cf2de4aecaddce5 | plugx | |
urlhttps://x.com/Cyberteam008/status/2036635966828613672 | plugx | |
urlhttps://www.virustotal.com/gui/file/b23638604c651ac03c5e5c30e6496553160f6421efa34a564e768815c624a11c/detection | plugx | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/eaf6f291da4cc2a5c99d928dc75855be7f70b43f | generic | |
urlhttps://x.com/ElementalX2/status/2036664090240921785 | generic | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/1b3902d5b01a647a02755a3553027e5f88ceaa81 | bad_service | |
urlhttps://www.virustotal.com/gui/ip-address/89.125.152.220/relations | bad_service | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/00b96976d38f24bbe3aeba949f81dd01153eba76 | ek_clearfake | |
urlhttps://x.com/JAMESWT_WT/status/2036693536607785324 | ek_clearfake | |
urlhttps://app.any.run/tasks/c511d6ef-a4c7-4bfd-8a9b-45f771fdd19c | ek_clearfake | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/4d518a3fa42686f1f99f463c420ce0f096e59dbf | osx_atomic | |
urlhttps://github.com/ChainK1ll/Daily_Intel/blob/main/macOS%20Stealers/MacSync | osx_atomic | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/45801604cb1612ce6b4321ea3ab6d03ea586abe6 | — | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/5221476b86e260473c431180a00d49b74444d54b | powershell_injector | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/d98d5996b70303aaae0e3e6c2deeec57028a7e89 | apt_unc6691 | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/7a8b0ea1e2f8c3aca708372f50ac8d0ddf83f938 | apt_sandworm | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/8a6df0ac5afa1642ede096bdd840c4598833a8b7 | fakeapp | |
urlhttps://x.com/SquiblydooBlog/status/2036582351342362779 | fakeapp | |
urlhttps://www.virustotal.com/gui/file/18c5b7a39be2f4a4b2fd45f0f273874f5efcc8751d4e592e5f2bcf6dbf781277/detection | fakeapp | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/fb4526bcfed3c1c25fa61e53e4dd020479b8b46e | ek_clearfake | |
urlhttps://github.com/ChainK1ll/Daily_Intel/blob/main/ClickFix | ek_clearfake | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/b40f3e28451ed4fddb75557fc0ead5b0043f9ebc | osx_atomic | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/ce09b2eb209b43e60d6a7a6a86d935c787b8990b | fakeapp | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/34536ff561e8e460ba11a4b69a8b93cfe7be716d | fakeapp | |
urlhttps://x.com/malwrhunterteam/status/2036713296686911496 | fakeapp |
Ip
| Value | Description | Copy |
|---|---|---|
ip86.54.24.144 | asyncrat | |
ip104.167.196.22 | cyberstrikeai | |
ip175.178.190.133 | cyberstrikeai | |
ip193.222.99.148 | cyberstrikeai | |
ip43.132.155.28 | cyberstrikeai | |
ip45.8.30.146 | cyberstrikeai | |
ip45.8.30.149 | cyberstrikeai | |
ip66.29.138.247 | cyberstrikeai | |
ip66.29.138.250 | cyberstrikeai | |
ip82.156.203.34 | cyberstrikeai | |
ip146.59.116.226 | apt_sandworm | |
ip57.128.59.134 | apt_sandworm | |
ip194.5.97.169 | plugx | |
ip38.180.74.20 | plugx | |
ip46.249.38.250 | plugx | |
ip103.114.203.75 | plugx |
Domain
| Value | Description | Copy |
|---|---|---|
domain0pen-cache.thornbay.in.net | ek_clearfake | |
domainatomiclogichub.in.net | ek_clearfake | |
domainbr1ghtpath.in.net | ek_clearfake | |
domainbrimvale.in.net | ek_clearfake | |
domainbrokerancient.br1ghtpath.in.net | ek_clearfake | |
domainchrysalisbuffer.in.net | ek_clearfake | |
domaincinder-row.in.net | ek_clearfake | |
domaincl0verrun.in.net | ek_clearfake | |
domaincl1store.chrysalisbuffer.in.net | ek_clearfake | |
domaincl1sync.inertialstreamhub.in.net | ek_clearfake | |
domaincl2remote.chrysalisbuffer.in.net | ek_clearfake | |
domaincl3dev.entropicbuffergate.in.net | ek_clearfake | |
domaincl3edge.inertialstreamhub.in.net | ek_clearfake | |
domaincl3view.synchrometrixbox.in.net | ek_clearfake | |
domaincl4static.inertialstreamhub.in.net | ek_clearfake | |
domaincoherentmetricunit.in.net | ek_clearfake | |
domaincoresal.cinder-row.in.net | ek_clearfake | |
domaincornpu-sheet.cinder-row.in.net | ek_clearfake | |
domaincr4ftlane.in.net | ek_clearfake | |
domaindev3field.atomiclogichub.in.net | ek_clearfake | |
domaindev4work.tensorvortexlink.in.net | ek_clearfake | |
domaindr4w-trail.ember-grid.in.net | ek_clearfake | |
domainduskforge.in.net | ek_clearfake | |
domaindynamicshubpoint.in.net | ek_clearfake | |
domainember-grid.in.net | ek_clearfake | |
domainentropicbuffergate.in.net | ek_clearfake | |
domainext2core.spiraclelinkhub.in.net | ek_clearfake | |
domainext3data.modularpathfinder.in.net | ek_clearfake | |
domainext3gate.mandibulateflow.in.net | ek_clearfake | |
domainext3gate.wavefrontgateway.in.net | ek_clearfake | |
domainext3ghost.nebularpointtrace.in.net | ek_clearfake | |
domainext4view.nebularpointtrace.in.net | ek_clearfake | |
domainext4view.spiraclelinkhub.in.net | ek_clearfake | |
domainexuviaestreamnet.in.net | ek_clearfake | |
domainf1x-grid.fluxhaven.in.net | ek_clearfake | |
domainfluxhaven.in.net | ek_clearfake | |
domainformicidavortex.in.net | ek_clearfake | |
domainglobalker.fluxhaven.in.net | ek_clearfake | |
domaininertialstreamhub.in.net | ek_clearfake | |
domainkinematicflowunit.in.net | ek_clearfake | |
domainlarkspin.in.net | ek_clearfake | |
domainmandibulateflow.in.net | ek_clearfake | |
domainmicrobefiel.oakmelt.in.net | ek_clearfake | |
domainmodularpathfinder.in.net | ek_clearfake | |
domainn0tif-beam.brimvale.in.net | ek_clearfake | |
domainnebularpointtrace.in.net | ek_clearfake | |
domainoakmelt.in.net | ek_clearfake | |
domainorganizegat.silver-dock.in.net | ek_clearfake | |
domainp4tter-array.skylint.in.net | ek_clearfake | |
domainpvjm75x.silver-dock.in.net | ek_clearfake | |
domainquor-venis.oakmelt.in.net | ek_clearfake | |
domainrnedia-field.duskforge.in.net | ek_clearfake | |
domainroufor.larkspin.in.net | ek_clearfake | |
domainscutellummatrix.in.net | ek_clearfake | |
domainsewvyh.thornbay.in.net | ek_clearfake | |
domainsilver-dock.in.net | ek_clearfake | |
domainskylint.in.net | ek_clearfake | |
domainspiraclelinkhub.in.net | ek_clearfake | |
domainstone-blink.in.net | ek_clearfake | |
domainsvc1proc.exuviaestreamnet.in.net | ek_clearfake | |
domainsvc2base.dynamicshubpoint.in.net | ek_clearfake | |
domainsvc2data.kinematicflowunit.in.net | ek_clearfake | |
domainsvc2steel.viscositydataloop.in.net | ek_clearfake | |
domainsvc3user.dynamicshubpoint.in.net | ek_clearfake | |
domainsvc3user.scutellummatrix.in.net | ek_clearfake | |
domainsvc4link.scutellummatrix.in.net | ek_clearfake | |
domainsvc4sat.exuviaestreamnet.in.net | ek_clearfake | |
domainsvc4static.formicidavortex.in.net | ek_clearfake | |
domainsynchrometrixbox.in.net | ek_clearfake | |
domaintensorvortexlink.in.net | ek_clearfake | |
domainthornbay.in.net | ek_clearfake | |
domaintrifluxos.skylint.in.net | ek_clearfake | |
domainv4lle-route.silver-dock.in.net | ek_clearfake | |
domainviscositydataloop.in.net | ek_clearfake | |
domainvividfox.in.net | ek_clearfake | |
domainvoicetrusted.cr4ftlane.in.net | ek_clearfake | |
domainwatc2-crest.ember-grid.in.net | ek_clearfake | |
domainwavefrontgateway.in.net | ek_clearfake | |
domainwdpoqr.thornbay.in.net | ek_clearfake | |
domainzennexen.larkspin.in.net | ek_clearfake | |
domainapp-unboncce.com | ek_clearfake | |
domaindisable-californiabankofcommerce.com | ek_clearfake | |
domaindoh1.hanime.sbs | ek_clearfake | |
domainhanime.sbs | ek_clearfake | |
domainquickfilespro.com | ek_clearfake | |
domainslimeglyphmomentumgame.com | ek_clearfake | |
domainvalhadex.com | ek_clearfake | |
domainwxcdc.movaci.net | hak5cloud_c2 | |
domainzentracreatives.com | fakeapp | |
domainabgcrap.icu | fakeapp | |
domainbawgzin.icu | fakeapp | |
domainbrpuwfyu.icu | fakeapp | |
domainbxiyeqc.icu | fakeapp | |
domaincnaiuks.icu | fakeapp | |
domaindjgekcf.icu | fakeapp | |
domaindmqmfsp.icu | fakeapp | |
domaindpauxka.icu | fakeapp | |
domainfbyaduc.icu | fakeapp | |
domainfyosies.icu | fakeapp | |
domainhlhlwqqk.icu | fakeapp | |
domainhuwgjgf.icu | fakeapp | |
domainhxxwzuge.icu | fakeapp | |
domainjapwwtau.icu | fakeapp | |
domainjpdmrpgf.icu | fakeapp | |
domainngyoawu.icu | fakeapp | |
domainnklojjap.icu | fakeapp | |
domainpjvdraqo.icu | fakeapp | |
domainpvloreop.icu | fakeapp | |
domainqoyvtwk.icu | fakeapp | |
domainqridoou.icu | fakeapp | |
domainrbltjvqp.icu | fakeapp | |
domainrnrxmzoj.icu | fakeapp | |
domainrydhrdif.icu | fakeapp | |
domainttrceqqj.icu | fakeapp | |
domainvijgbyia.icu | fakeapp | |
domainxhtvmkyz.icu | fakeapp | |
domainzlpphjou.icu | fakeapp | |
domainzzzeefya.icu | fakeapp | |
domainbookepw.com | osx_atomic | |
domainfileambervault.com | osx_atomic | |
domainfilebasecloud.com | osx_atomic | |
domainfilebinarycraft.com | osx_atomic | |
domainfileblobforge.com | osx_atomic | |
domainfilebyteworks.com | osx_atomic | |
domainfilecloudsplice.com | osx_atomic | |
domainfilecobweb.com | osx_atomic | |
domainfilecrystalloom.com | osx_atomic | |
domainfiledriveforge.com | osx_atomic | |
domainfiledriveshard.com | osx_atomic | |
domainfileechoport20.com | osx_atomic | |
domainfilefetchloom.com | osx_atomic | |
domainfileflowcloud.com | osx_atomic | |
domainfileframelink.com | osx_atomic | |
domainfileframelogic.com | osx_atomic | |
domainfilegridlabs.com | osx_atomic | |
domainfileivoryspark.com | osx_atomic | |
domainfilematrixvault.com | osx_atomic | |
domainfileoaklane.com | osx_atomic | |
domainfileorbitfactory.com | osx_atomic | |
domainfilepixelcache.com | osx_atomic | |
domainfilepowerhouse.com | osx_atomic | |
domainfileshadowlane.com | osx_atomic | |
domainfilestellarhive.com | osx_atomic | |
domainfilevertexlab.com | osx_atomic | |
domainfilevortexink.com | osx_atomic | |
domainfilrnextfolder.com | osx_atomic | |
domainfilropenstorage.com | osx_atomic | |
domainlesbianbreakup.com | osx_atomic | |
domainmacsoft848os.info | osx_atomic | |
domainmacsoft848os.online | osx_atomic | |
domainmacsoft849os.info | osx_atomic | |
domainmacsoft849os.online | osx_atomic | |
domainmainporno.com | osx_atomic | |
domainnebulasyncforge5.mom | osx_atomic | |
domaintechplw.com | osx_atomic | |
domainupdate.bookepw.com | osx_atomic | |
domainthecapitalaesthethic.com | osx_atomic | |
domain12-ko-official.com | apt_kimsuky | |
domainlogin-co-kr.com | apt_kimsuky | |
domainnavercorp.store | apt_kimsuky | |
domaincom.12-ko-official.com | apt_kimsuky | |
domainnaaverrr.com.12-ko-official.com | apt_kimsuky | |
domainnaverr.com.12-ko-official.com | apt_kimsuky | |
domainnaverrr.com.12-ko-official.com | apt_kimsuky | |
domainsilverhost.vg | lummac2 | |
domainexamplestore.xyz | offloader | |
domainfriendjewel.cfd | offloader | |
domainsnailswaves.info | offloader | |
domainstartbreath.info | offloader | |
domainstatementtouch.xyz | offloader | |
domainsystemmeal.space | offloader | |
domainflowcss.icu | magentocore | |
domainccnpart.kro.kr | apt_kimsuky | |
domaindrive.ccnpart.kro.kr | apt_kimsuky | |
domainnid-naverhoc.onthewifi.com | apt_kimsuky | |
domainnid-naverpep.servequake.com | apt_kimsuky | |
domainnid-naveruiw.servegame.com | apt_kimsuky | |
domainnid-service.nvctop.dynv6.net | apt_kimsuky | |
domainnvctop.dynv6.net | apt_kimsuky | |
domainexquens.world | android_joker | |
domaingolaby.cyou | android_joker | |
domainrehyp.club | android_joker | |
domainaisixiazai.top | fakeapp | |
domainaisizzhushou.com.cn | fakeapp | |
domaincn-i4.com | fakeapp | |
domaini4usc.com | fakeapp | |
domainmz-wps.com.cn | fakeapp | |
domainst-wps.com.cn | fakeapp | |
domainwps-cn.im | fakeapp | |
domainwps-office.cn | fakeapp | |
domaindontgivedamn.com | apt_sandworm | |
domaindontgivefuck.com | apt_sandworm | |
domainmassgrave.link | apt_sandworm | |
domainsumbur.net | apt_sandworm | |
domaini2rgcvog6cypjohfzfzw3d5kqgoobkzlbchsdxx4gm7lyaxn5nfp6bid.onion | apt_sandworm | |
domainn6b6j4vlkc4ak343j4fmuwmosxtwrft6bph5s5562lefji4a475smuad.onion | apt_sandworm | |
domain1-4-9.com | fakeapp | |
domain4-1-7.com | fakeapp | |
domaindownload-version.1-4-9.com | fakeapp | |
domaindownload-version.4-1-7.com | fakeapp | |
domainclearvoyage.digital | powershell_injector | |
domainecs-ent-aff-mgr.in.net | powershell_injector | |
domain3cc1deb7404a7e9b.ecs-ent-aff-mgr.in.net | powershell_injector | |
domainmove-friendly-international-observed.trycloudflare.com | generic | |
domaingore-francis-grad-pts.trycloudflare.com | generic | |
domainlens-islands-talk-marshall.trycloudflare.com | generic | |
domainzonawood.org | powershell_injector | |
domain194.5.97.169.sslip.io | plugx | |
domain195-66-213-170.cprapid.com | plugx | |
domain38.180.74.20.nip.io | plugx | |
domain46.249.38.250.sslip.io | plugx | |
domainapp.38.180.74.20.nip.io | plugx | |
domainclentcomparing.com | plugx | |
domainfindnextfriend.com | plugx | |
domaingdqhvip.vip | plugx | |
domaininternetconfigonline.com | plugx | |
domainm.gdqhvip.vip | plugx | |
domainmmbett.duckdns.org | plugx | |
domainn8n.nonny-36nryc.gbnet.cloud | plugx | |
domainnextfun-nextfriend.com | plugx | |
domainovz.control-panel.in | plugx | |
domainservertoolsonline.com | plugx | |
domainsuch-feel-report.com | plugx | |
domainvpn379787997.softether.net | plugx | |
domainfdcvgbb.com | plugx | |
domainjuneagntrecdn.com | generic | |
domain1a.jokerstash.me | bad_service | |
domaincarder007.ws | bad_service | |
domaincarder007a.carder007.ws | bad_service | |
domaincarder007ba.carder007.ws | bad_service | |
domaincarder007s.carder007.ws | bad_service | |
domaincvvshop.hk | bad_service | |
domaindc-09cd3891394a.carder007.ws | bad_service | |
domainflowiseai-demo.carder007.ws | bad_service | |
domainj-stash.cc | bad_service | |
domainj-stash.org | bad_service | |
domainjoker-stash.org | bad_service | |
domainjokerstash.me | bad_service | |
domainrescator.mn | bad_service | |
domaintc.carder007.ws | bad_service | |
domainuniccbazar.cc | bad_service | |
domainextranetpulsereservation.help | ek_clearfake | |
domainoxfordmobilexray.com | ek_clearfake | |
domainreservacontrolpaneltax.com | ek_clearfake | |
domainwultorymusi.com | ek_clearfake | |
domainalhpaagent.com | osx_atomic | |
domainejecen.com | osx_atomic | |
domainfamiode.com | osx_atomic | |
domaingalxyagent.com | osx_atomic | |
domaingatwayagent.com | osx_atomic | |
domaingaurdagent.com | osx_atomic | |
domainholedagent.com | osx_atomic | |
domainmansfieldpediatrics.com | osx_atomic | |
domainmayelu.com | osx_atomic | |
domainptrei.com | osx_atomic | |
domainselfreflectiveai.com | osx_atomic | |
domain1l.decentralizedsystem.world | — | |
domain1l.gangworks.org | — | |
domain1s.rugmerfer.top | — | |
domain2025elevatedigital.com | — | |
domain25.snipersys.com | — | |
domain3x.dogwifhats.com | — | |
domain49.raydiumapp.com | — | |
domain4m.punchtoken.fun | — | |
domain5u.deepalpha.trade | — | |
domain6c.crypto-sola.fun | — | |
domain6l.solanarpc.space | — | |
domain6q.lunalaunch.help | — | |
domain6t.candycluster.cc | — | |
domain7.dosq-opl.shop | — | |
domain74.autismcoin.club | — | |
domain7h.solanadrops.fun | — | |
domain7p.phantom-cards.cc | — | |
domain7p.staratlas.world | — | |
domain8a.sol-reward.space | — | |
domain8v.pl-dostawak.shop | — | |
domainafrighttechco.click | — | |
domainagistgrid.digital | — | |
domainakhisardugunsalonu.com | — | |
domainaldayspace.click | — | |
domainallrideschool.com | — | |
domainalmightcloud.click | — | |
domainamacrinespace.digital | — | |
domainameeratestudio.click | — | |
domainaml-checking.website | — | |
domainanarchistunion.net | — | |
domainapex101engine.digital | — | |
domainapi.buychinproduct.top | — | |
domainapi.solhub.lol | — | |
domainapple-cash.com | — | |
domainartalstack.digital | — | |
domainarworld.top | — | |
domainasynergyspace.click | — | |
domainaurum21partners.digital | — | |
domainaurumcoresolutionsco.click | — | |
domainautismcoin.club | — | |
domainautoistcloud.click | — | |
domainavtokreslo-dak.ru | — | |
domainaxisme-diaspace.buzz | — | |
domainb7.solana-advent.sbs | — | |
domainbaboenhubio.click | — | |
domainbaseultrahub.digital | — | |
domainbekahovaventures.click | — | |
domainbemufflestack.click | — | |
domainbilberrystackco.digital | — | |
domainbillbackflow.click | — | |
domainbitheismbase.digital | — | |
domainbiwosatuyuiaventures.click | — | |
domainblastfi.app | — | |
domainbq.solmultiply.shop | — | |
domainbritzkacore.click | — | |
domainbromiangrid.click | — | |
domainbrookiertech.click | — | |
domainbudesuonmanagement.digital | — | |
domainbullx.bio | — | |
domainbummesttech.click | — | |
domainbushwahhub.click | — | |
domainbuychinproduct.top | — | |
domainbyoncloud.digital | — | |
domaincalybitebase.digital | — | |
domaincampbase.digital | — | |
domaincandycluster.cc | — | |
domaincassockgridco.digital | — | |
domainchainsevernet.xyz | — | |
domaincharizardcoin.net | — | |
domainchevronycore.digital | — | |
domainchintai.live | — | |
domainchirkhub.click | — | |
domainclou-d2trust.click | — | |
domaincloud101group.click | — | |
domaincloudfuturepoint.click | — | |
domaincm.charizardcoin.net | — | |
domaincollectormigrate.xyz | — | |
domaincomptiebase.digital | — | |
domainconformation-1861.shop | — | |
domainconformation-1867.shop | — | |
domainconformation-1871.shop | — | |
domainconformation-1894.shop | — | |
domainconformation168.shop | — | |
domainconformation178.shop | — | |
domaincore-link.click | — | |
domaincorexmeshplatform.forum | — | |
domaincozefibubausanalytics.digital | — | |
domaincroydonflow.click | — | |
domaincrypto-sola.fun | — | |
domaincubatorystack.click | — | |
domaincuguhoporuacollective.click | — | |
domaincutogeonconsulting.digital | — | |
domaincyb-partn1.click | — | |
domaincyb-prtnr.sbs | — | |
domaincyb-prtnrs.click | — | |
domaincyber-p8rt.sbs | — | |
domaincyber-prtn.sbs | — | |
domaincyber-ptn.click | — | |
domaincyber-ptr.click | — | |
domaincyber-xyz.click | — | |
domaincyberprt-n.sbs | — | |
domaindadodadutamanagementinc.click | — | |
domaindat-aonedynamics.digital | — | |
domaindata-chainomni.forum | — | |
domaindatametricsinvest.digital | — | |
domainddr64.ru | — | |
domaindecentralizedsystem.world | — | |
domaindeepalpha.trade | — | |
domaindeltaworksmesh.click | — | |
domainderisodoonsolutions.digital | — | |
domaindespisestack.digital | — | |
domaindevbyahe.xyz | — | |
domaindinukovoranalytics16.click | — | |
domaindiscordweb3guildguard.app | — | |
domaindivataworksio.digital | — | |
domaindivumoiaconsultingco.digital | — | |
domaindns1.s0lana.com | — | |
domaindogwifhats.com | — | |
domaindoomcoin.lat | — | |
domaindosq-opl.shop | — | |
domaindostw-208.info | — | |
domaindraerp.vn | — | |
domaindrumfishbaseco.click | — | |
domainduskieststack.click | — | |
domaindystociastackco.digital | — | |
domaine0.chainsevernet.xyz | — | |
domaineclectic.kioskrecords.com | — | |
domaineligible.icu | — | |
domainemittech.click | — | |
domainencroachbase.digital | — | |
domainene-eme.com | — | |
domaineogaeanstudio.click | — | |
domaineupnoeaspace.click | — | |
domaineventdriven-stream-api.icu | — | |
domainexcel-api.solmage.com | — | |
domainexcitatelayerio.click | — | |
domainfa.webresolvvsol.xyz | — | |
domainfajorideiacollectivenet.click | — | |
domainfalusuaoperations.click | — | |
domainferetrumtech.digital | — | |
domainferncore.digital | — | |
domainfocusforgedev.digital | — | |
domainfocuspatternmesh.click | — | |
domainfontech.co | — | |
domainfrescadecore.click | — | |
domainfundra64resources.click | — | |
domainfunkiesthub.digital | — | |
domainfunstercore.digital | — | |
domainfuqafehaexpartners.click | — | |
domaing7.whitewhalememe.top | — | |
domaingangworks.org | — | |
domainganzatech.digital | — | |
domaingenesisdynamics.click | — | |
domaingeocodefactory.click | — | |
domaingeorgeplaysclashroyale.io | — | |
domaingettrumprewards.com | — | |
domaingithub.pages-gists.com | — | |
domaingitiguyuveoninvestments.click | — | |
domaingizipeexmanagementinc.click | — | |
domaingobanglayer.click | — | |
domaingooseonsol.lol | — | |
domaingoundoustudio.digital | — | |
domaingranambase.digital | — | |
domaingridtrusttrust.digital | — | |
domainhaulergrid.digital | — | |
domainheardlabsio.digital | — | |
domainhepaxuorsystems.click | — | |
domainhickoryflow.digital | — | |
domainhighmoorstack.digital | — | |
domainhoboelabs.click | — | |
domainhonecohaventures.digital | — | |
domainhugmateeflow.digital | — | |
domainhw5wtsdm.top | — | |
domainhy.conformation168.shop | — | |
domainhyoideanbase.digital | — | |
domainhz.conformation178.shop | — | |
domainia.solana-sniper-ai.icu | — | |
domainie.jupitersol-swap.com | — | |
domainillegalities.xyz | — | |
domaininitia64analytics.digital | — | |
domaininwindstudio.digital | — | |
domainipfs.arworld.top | — | |
domainitherflowio.digital | — | |
domainitsmarkkacy.lol | — | |
domainj8.aml-checking.website | — | |
domainjadenousholdings.digital | — | |
domainjeannestack.digital | — | |
domainjececaluceisinvestments24.sbs | — | |
domainjepaharesiagroup.sbs | — | |
domainjohnformi.com | — | |
domainjunctiveflowco.digital | — | |
domainjupchains.com | — | |
domainjupiters.icu | — | |
domainjupitersol-swap.com | — | |
domainjw.thevoidprotocol.fun | — | |
domainjx.gettrumprewards.com | — | |
domainkalianatech.click | — | |
domainkeystone16partners.digital | — | |
domainkeystone48consulting.click | — | |
domainkibuzoonindustries99.forum | — | |
domainkigamoxegionpartners.digital | — | |
domainkioskrecords.com | — | |
domainkisthubco.click | — | |
domainkiwefuxaaservices.digital | — | |
domainkk.conformation-1861.shop | — | |
domainkl.conformation-1871.shop | — | |
domainkmnocoin.run | — | |
domainkodogulabs.click | — | |
domainkq.conformation-1867.shop | — | |
domainkuhuvizarorgroup.digital | — | |
domainl-una.com | — | |
domainlampgrid.click | — | |
domainleimtypestudio.click | — | |
domainlendlend-app.fontech.co | — | |
domainlink.akhisardugunsalonu.com | — | |
domainlinkierp.com | — | |
domainlisteriaflow.digital | — | |
domainlive-id.online | — | |
domainlobmoney.lat | — | |
domainloungeworks.digital | — | |
domainlucidaecore.click | — | |
domainlunalaunch.help | — | |
domainlurkercore.digital | — | |
domainmacro-bureaudelta.click | — | |
domainmacroorbitpartners.click | — | |
domainmail.itsmarkkacy.lol | — | |
domainmail.najahak.net | — | |
domainmail.superaffiliate.id | — | |
domainmantonstudio.click | — | |
domainmatrixnextmedia.pics | — | |
domainmecutapotissystems.digital | — | |
domainmemedex.top | — | |
domainmenziecore.digital | — | |
domainmeridian8group.click | — | |
domainmeshsystemsnano.sbs | — | |
domainmetricssystemsgamma.sbs | — | |
domainmeyacuxexgroup48.digital | — | |
domainmijebohumadvisory.click | — | |
domainmixoor.world | — | |
domainmockablespace.digital | — | |
domainmonadnetwork.app | — | |
domainmorbidflow.click | — | |
domainmullgrid.digital | — | |
domainmundillabs.click | — | |
domainmv.psmp.fun | — | |
domainmx.collectormigrate.xyz | — | |
domainn7.security-amlcheck.org | — | |
domainnajahak.net | — | |
domainnatestudio.click | — | |
domainncaj.me | — | |
domainne.l-una.com | — | |
domainneelghangridio.digital | — | |
domainnegatorycore.digital | — | |
domainneowheels.ru | — | |
domainnetidomexservicesnet.click | — | |
domainnipehekiciaconsultingnet.click | — | |
domainnovasmartstudio.click | — | |
domaino0.sgjodwdoofqw123dsx.com | — | |
domainobservercore.click | — | |
domainoffwardworks.digital | — | |
domainold.allrideschool.com | — | |
domainomniapexmetrics.click | — | |
domainomniprimecloud2.click | — | |
domainooliteflowco.digital | — | |
domainorbitglobalmesh.digital | — | |
domainordiaunitedcapital.digital | — | |
domainoutlook.live-id.online | — | |
domainpacacore.digital | — | |
domainpages-gists.com | — | |
domainpaidlestack.click | — | |
domainpalestineservers.com | — | |
domainpalsifyspace.digital | — | |
domainpasespace.digital | — | |
domainpaybacklayer.digital | — | |
domainpb.bullx.bio | — | |
domainpelmaticgrid.click | — | |
domainpercidaeworks.digital | — | |
domainperusaltechco.click | — | |
domainpetrogridco.click | — | |
domainphantom-cards.cc | — | |
domainphotonsol-tinyastro.xyz | — | |
domainpinfallcore.click | — | |
domainpl-dostawak.shop | — | |
domainplummiergrid.digital | — | |
domainpolitureworks.digital | — | |
domainportolanlabs.click | — | |
domainpotagegrid.click | — | |
domainpraxismodernpartners.click | — | |
domainpreclareflow.click | — | |
domainprotoneworks.click | — | |
domainpsmp.fun | — | |
domainpunchtoken.fun | — | |
domainpycnidstack.click | — | |
domainq3.solany.pw | — | |
domainqapaqidoorsolutions.digital | — | |
domainqemezeraaadvisory.click | — | |
domainqinegiyalisholdings.sbs | — | |
domainqoturocumservices.digital | — | |
domainquantum24analytics.forum | — | |
domainratfishspace.digital | — | |
domainratumeraheismanagement.click | — | |
domainraydiumapp.com | — | |
domainrekebumigaaresources.click | — | |
domainreporting.monadnetwork.app | — | |
domainrestantbase.digital | — | |
domainrise2alliance.click | — | |
domainriseglobalmodule.digital | — | |
domainrovetcloud.digital | — | |
domainrsvpstudio.click | — | |
domainrugmerfer.top | — | |
domainruyibepipaonventures.digital | — | |
domains0lana.com | — | |
domainsacepoqoiaanalytics8.digital | — | |
domainsamsarastudio.click | — | |
domainsecurity-amlcheck.org | — | |
domainsegocloud.click | — | |
domainservice.draerp.vn | — | |
domainseverallayer.digital | — | |
domainsgjodwdoofqw123dsx.com | — | |
domainsiacallelayer.click | — | |
domainsiriwanlifestyle.com | — | |
domainsithlabs.click | — | |
domainsky-flow.sbs | — | |
domainsleepishcoreio.click | — | |
domainsmart-path.click | — | |
domainsmartstructmetrics.sbs | — | |
domainsmervylayer.click | — | |
domainsmtp.ene-eme.com | — | |
domainsnipersys.com | — | |
domainsnowfowlbase.digital | — | |
domainso.live-id.online | — | |
domainsol-reward.space | — | |
domainsolana-advent.sbs | — | |
domainsolana-sniper-ai.icu | — | |
domainsolanadrops.fun | — | |
domainsolanarpc.space | — | |
domainsolany.pw | — | |
domainsolcult.live | — | |
domainsolhub.lol | — | |
domainsoljup.pro | — | |
domainsolmage.com | — | |
domainsolmultiply.shop | — | |
domainsolrotus.com | — | |
domainsolsroll.com | — | |
domainsolvia16ventures.click | — | |
domainsomerivexal.sbs | — | |
domainsomnifichub.click | — | |
domainsontagstack.digital | — | |
domainsornarebase.click | — | |
domainstaging.admin.statics.spincity.ai | — | |
domainstaratlas.world | — | |
domainstatic1.gum.ru | — | |
domainstickenhub.click | — | |
domainstritlabs.click | — | |
domainstruckengrid.click | — | |
domainsuedecore.digital | — | |
domainsulfurstack.digital | — | |
domainsummitmodernsolutions.click | — | |
domainsuperaffiliate.id | — | |
domainsupufuciaoperations.digital | — | |
domaint8.soljup.pro | — | |
domaintalusfoundation.com | — | |
domaintamapokotiiapartners.click | — | |
domaintauntonbase.click | — | |
domaintechnoflowhub.click | — | |
domaintechnosystems.click | — | |
domaintepuvakormanagement.digital | — | |
domainterispace.click | — | |
domainterrasolutionsly.sbs | — | |
domaintesseraegridio.digital | — | |
domaintetaninetechio.click | — | |
domaintezzles.xyz | — | |
domainthanantech.click | — | |
domainthevoidprotocol.fun | — | |
domainthewhitehouse.lat | — | |
domaintittyhub.click | — | |
domaintrysailcore.digital | — | |
domaintu.war-sol.com | — | |
domaintudelgrid.digital | — | |
domaintweellayer.click | — | |
domaintypicworks.click | — | |
domainuf.ur-store.io | — | |
domainulenoraxis.com | — | |
domainultimohub.digital | — | |
domainultragl-obalbureau.click | — | |
domainultramodule-101.buzz | — | |
domainuncinchflowio.digital | — | |
domainunderdogstudioio.digital | — | |
domainunshoutcloud.digital | — | |
domainunthornyworks.click | — | |
domainunwieldgrid.click | — | |
domainupsuckcoreco.click | — | |
domainur-store.io | — | |
domainus.blastfi.app | — | |
domainv.georgeplaysclashroyale.io | — | |
domainva.memedex.top | — | |
domainvelorixana.sbs | — | |
domainventuresorbitsystems.pics | — | |
domainveritacentralservicesltd.digital | — | |
domainverraystackio.digital | — | |
domainversinstack.click | — | |
domainveyuwufiscapital.click | — | |
domainviduguaresources.click | — | |
domainvortexaxisflow.digital | — | |
domainvotepump.fun | — | |
domainw9.photonsol-tinyastro.xyz | — | |
domainwakwaficore.digital | — | |
domainwanokoorsystems.digital | — | |
domainwar-sol.com | — | |
domainwatadoyejisholdings.digital | — | |
domainwaterefeumoperations.click | — | |
domainwebresolvvsol.xyz | — | |
domainwhatspie.com | — | |
domainwhitewhalememe.top | — | |
domainwilqauedarem.sbs | — | |
domainws.whatspie.com | — | |
domainx-money.lat | — | |
domainxq.chintai.live | — | |
domainxuqepinowasystems.click | — | |
domainxw.hw5wtsdm.top | — | |
domainy.jupchains.com | — | |
domainy3.linkierp.com | — | |
domainyabbilabs.click | — | |
domainyalebase.click | — | |
domainyelepepaorservices.click | — | |
domainyo.discordweb3guildguard.app | — | |
domainyp.devbyahe.xyz | — | |
domainyp.kmnocoin.run | — | |
domainys.solcult.live | — | |
domainyt.jupiters.icu | — | |
domainyv.solsroll.com | — | |
domainz8.mixoor.world | — | |
domainzb.votepump.fun | — | |
domainzc.solrotus.com | — | |
domainzero69-safe.online | — | |
domainncdxbk.com | powershell_injector | |
domainvstoki.com | powershell_injector | |
domain025f.cjmekxr.xyz | apt_unc6691 | |
domain07f61.ncjqeyid.com | apt_unc6691 | |
domain12cc.thqirrxu.com | apt_unc6691 | |
domain9f0.ncjqeyid.com | apt_unc6691 | |
domaina1b2.icu | apt_unc6691 | |
domaina84.cjmekxr.xyz | apt_unc6691 | |
domainadbmdomt.top | apt_unc6691 | |
domainalbssssex1.com | apt_unc6691 | |
domainalbssssex10.com | apt_unc6691 | |
domainalbssssex2.com | apt_unc6691 | |
domainalbssssex3.com | apt_unc6691 | |
domainalbssssex4.com | apt_unc6691 | |
domainalbssssex5.com | apt_unc6691 | |
domainalbssssex6.com | apt_unc6691 | |
domainalbssssex7.com | apt_unc6691 | |
domainalbssssex8.com | apt_unc6691 | |
domainalbssssex9.com | apt_unc6691 | |
domainaoiqi.com | apt_unc6691 | |
domainassetvanta.com | apt_unc6691 | |
domainb4689.ncjqeyid.com | apt_unc6691 | |
domainbgubt.com | apt_unc6691 | |
domaincjmekxr.xyz | apt_unc6691 | |
domaincnssssex1.com | apt_unc6691 | |
domaincnssssex10.com | apt_unc6691 | |
domaincnssssex2.com | apt_unc6691 | |
domaincnssssex3.com | apt_unc6691 | |
domaincnssssex4.com | apt_unc6691 | |
domaincnssssex5.com | apt_unc6691 | |
domaincnssssex7.com | apt_unc6691 | |
domaincnssssex8.com | apt_unc6691 | |
domaincnssssex9.com | apt_unc6691 | |
domaincryptonews1.com | apt_unc6691 | |
domaincryptonews2.com | apt_unc6691 | |
domaincryptonews3.com | apt_unc6691 | |
domaincryptonews4.com | apt_unc6691 | |
domaincryptonews5.com | apt_unc6691 | |
domaindemo.serve6688.com | apt_unc6691 | |
domaindnmmo.com | apt_unc6691 | |
domainen.assetvanta.com | apt_unc6691 | |
domainen.vaultnoble.com | apt_unc6691 | |
domainenssssex1.com | apt_unc6691 | |
domainenssssex10.com | apt_unc6691 | |
domainenssssex2.com | apt_unc6691 | |
domainenssssex3.com | apt_unc6691 | |
domainenssssex4.com | apt_unc6691 | |
domainenssssex5.com | apt_unc6691 | |
domainenssssex6.com | apt_unc6691 | |
domainenssssex7.com | apt_unc6691 | |
domainenssssex9.com | apt_unc6691 | |
domainfltue.com | apt_unc6691 | |
domainhk.assetvanta.com | apt_unc6691 | |
domainhk.vaultnoble.com | apt_unc6691 | |
domainhkcapitalsafe.com | apt_unc6691 | |
domainhkfamilyasset.com | apt_unc6691 | |
domainhkkeycontrol.com | apt_unc6691 | |
domainhkkeycontrol.vip | apt_unc6691 | |
domainhkprivateasset.com | apt_unc6691 | |
domainhktradeharbor.com | apt_unc6691 | |
domainhktrustadvisory.com | apt_unc6691 | |
domainjpassetpreserve.com | apt_unc6691 | |
domainjpfamilysecure.com | apt_unc6691 | |
domainjptechshield.com | apt_unc6691 | |
domainjptradingasset.com | apt_unc6691 | |
domainjptrustadvisory.com | apt_unc6691 | |
domainjpwealthguard.com | apt_unc6691 | |
domainnaohgnw.com | apt_unc6691 | |
domainncjqeyid.com | apt_unc6691 | |
domainnew-style-luxury.com | apt_unc6691 | |
domainnewsforcrypto1.com | apt_unc6691 | |
domainnewsforcrypto2.com | apt_unc6691 | |
domainnewsforcrypto3.com | apt_unc6691 | |
domainnewsforcrypto4.com | apt_unc6691 | |
domainnewsforcrypto5.com | apt_unc6691 | |
domainnm.sod555.com | apt_unc6691 | |
domainqvgbr.com | apt_unc6691 | |
domainserve6688.com | apt_unc6691 | |
domainsod555.com | apt_unc6691 | |
domainthqirrxu.com | apt_unc6691 | |
domaintvyuuuuce1.com | apt_unc6691 | |
domaintvyuuuuce10.com | apt_unc6691 | |
domaintvyuuuuce2.com | apt_unc6691 | |
domaintvyuuuuce3.com | apt_unc6691 | |
domaintvyuuuuce4.com | apt_unc6691 | |
domaintvyuuuuce6.com | apt_unc6691 | |
domaintvyuuuuce7.com | apt_unc6691 | |
domaintvyuuuuce8.com | apt_unc6691 | |
domaintvyuuuuce9.com | apt_unc6691 | |
domaintw.assetvanta.com | apt_unc6691 | |
domaintw.vaultnoble.com | apt_unc6691 | |
domainvaultnoble.com | apt_unc6691 | |
domainwd.cjmekxr.xyz | apt_unc6691 | |
domainxw.ncjqeyid.com | apt_unc6691 | |
domainy1.adbmdomt.top | apt_unc6691 | |
domainataas.cl | apt_sandworm | |
domainchecksystem.nl | apt_sandworm | |
domaindeltaexchange.net | apt_sandworm | |
domainmscloudedge.com | apt_sandworm | |
domainsmartscreenua.com | apt_sandworm | |
domainxtreme-vision.net | apt_sandworm | |
domainapidocs.ataas.cl | apt_sandworm | |
domainovhphpmyadmin.xtreme-vision.net | apt_sandworm | |
domainanimalsviewstory.com | fakeapp | |
domainblogpostmessage.com | fakeapp | |
domaincreativecurrentmedia.com | fakeapp | |
domaindailydoodleart.com | fakeapp | |
domainoiedra.com | fakeapp | |
domainuoidsod.com | fakeapp | |
domainwandertalesblog.com | fakeapp | |
domaindopoboulogne.com | ek_clearfake | |
domainexcel-piscines.com | ek_clearfake | |
domainlandbankseeds.com | ek_clearfake | |
domainup2you37.fr | ek_clearfake | |
domainaxsiagent.com | osx_atomic | |
domainbeaocnagent.com | osx_atomic | |
domainblnedagent.com | osx_atomic | |
domainbnodagent.com | osx_atomic | |
domainbodlagent.com | osx_atomic | |
domainbrigthagent.com | osx_atomic | |
domainchianagent.com | osx_atomic | |
domaincleraagent.com | osx_atomic | |
domainclveeragent.com | osx_atomic | |
domaincodxeagent.com | osx_atomic | |
domaincoeragent.com | osx_atomic | |
domaincomteagent.com | osx_atomic | |
domainconenctagent.com | osx_atomic | |
domaincongiagent.com | osx_atomic | |
domaincosimcagent.com | osx_atomic | |
domaincurretagent.com | osx_atomic | |
domaincybreagent.com | osx_atomic | |
domaindeppagent.com | osx_atomic | |
domaindigiralagent.com | osx_atomic | |
domaindremaagent.com | osx_atomic | |
domainecnoagent.com | osx_atomic | |
domainfalsheagent.com | osx_atomic | |
domainflmaeagent.com | osx_atomic | |
domainflwoagent.com | osx_atomic | |
domainfuesagent.com | osx_atomic | |
domainglimemragent.com | osx_atomic | |
domainglwoagent.com | osx_atomic | |
domaingoelagent.com | osx_atomic | |
domaingrnadagent.com | osx_atomic | |
domaingylphagent.com | osx_atomic | |
domainhaertagent.com | osx_atomic | |
domainhavneagent.com | osx_atomic | |
domainhbubagent.com | osx_atomic | |
domainhelxiagent.com | osx_atomic | |
domainhmoeagent.com | osx_atomic | |
domainhoepagent.com | osx_atomic | |
domaininsihgtagent.com | osx_atomic | |
domainjionagent.com | osx_atomic | |
domainliefagent.com | osx_atomic | |
domainligthagent.com | osx_atomic | |
domainpms-pro.us | fakeapp | |
domainteams-downloadhub.com | fakeapp | |
domainteams-official.com | fakeapp | |
domainwindows-conference.com | fakeapp | |
domainofficial-teams-storage.com | fakeapp |
Threat ID: 69c3f89bf4197a8e3b58cf35
Added to database: 3/25/2026, 3:00:43 PM
Last enriched: 3/25/2026, 3:17:10 PM
Last updated: 3/26/2026, 6:22:51 AM
Views: 12
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Sort by
Loading community insights…
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
PRO
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Please log in to the Console to use AI analysis features.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Breach by OffSeqOFFSEQFRIENDS — 25% OFF
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
OffSeq TrainingCredly Certified
Lead Pen Test Professional
Technical5-day eLearningPECB Accredited