Maltrail IOC for 2026-05-05
This entry reports a Maltrail Indicator of Compromise (IOC) dated 2026-05-05, sourced from the CIRCL OSINT Feed. It is categorized as malware-related network activity with a medium severity rating. No specific affected versions or technical exploit details are provided. There is no patch available, and no known exploits in the wild have been identified. The information is based on open-source intelligence and manual collection methods.
AI Analysis
Technical Summary
The report details a Maltrail IOC for 2026-05-05 indicating potential malware-related network activity. The data originates from CIRCL's OSINT feed and is classified as medium risk. No affected software versions or specific vulnerabilities are noted, and no exploits have been confirmed in the wild. The IOC serves as an observational indicator rather than a description of a specific vulnerability or active exploit.
Potential Impact
The impact is currently limited to the identification of suspicious or malicious network activity as indicated by the IOC. There are no confirmed exploits or direct attacks associated with this IOC at this time. The medium severity suggests a moderate level of concern but no immediate critical threat.
Mitigation Recommendations
No patch or official remediation is available for this IOC. Security teams should consider integrating this IOC into their detection and monitoring systems to identify potential related network activity. Since this is an observational indicator from OSINT, no direct remediation actions are specified.
Indicators of Compromise
- url: https://api.github.com/repos/stamparm/maltrail/commits/06b9fe434a13f7d8867bb3b41f3f672a71ec46d7
- url: https://x.com/smica83/status/2051408261753053451
- url: https://www.virustotal.com/gui/file/e28825d93ba61c9e7e1c7b2cc31b32c7be0482ec2edae0c3a54fc9f3cd483058/detection
- ip: 103.119.47.218
- ip: 103.119.47.241
- ip: 103.214.147.181
- ip: 103.214.147.184
- ip: 179.60.145.198
- ip: 179.60.145.219
- ip: 179.60.149.102
- ip: 185.232.67.245
- ip: 185.55.242.133
- ip: 185.55.242.202
- ip: 193.24.211.227
- ip: 193.24.211.240
- ip: 193.24.211.251
- ip: 200.107.207.42
- ip: 200.107.207.46
- ip: 45.13.212.236
- ip: 45.13.212.245
- ip: 45.13.212.254
- ip: 45.142.195.121
- ip: 45.182.189.117
- ip: 5.188.86.163
- ip: 5.188.86.170
- ip: 5.188.86.180
- ip: 5.188.86.188
- ip: 5.188.87.49
- ip: 62.164.177.227
- ip: 62.164.177.229
- ip: 62.164.177.240
- ip: 62.164.177.250
- ip: 62.164.177.254
- ip: 88.214.25.198
- ip: 88.214.27.43
- ip: 91.191.209.90
- ip: 91.199.163.51
- ip: 91.199.163.53
- ip: 91.199.163.63
- ip: 91.199.163.72
- domain: anthodisk.com
- domain: expmle.ink
- domain: lipontrent.com
- domain: scrappd.ink
- url: https://api.github.com/repos/stamparm/maltrail/commits/17fafb8d130fe54b329fa58c900963cb8d3e0ddb
- url: https://x.com/smica83/status/2051402222458544341
- url: https://www.virustotal.com/gui/file/4e8bad3dd8b3805b02a96b79c3b109e9a0ffb3e6c2efbbce25bd0b71efaf7aed/detection
- ip: 104.194.152.199
- url: https://api.github.com/repos/stamparm/maltrail/commits/4a551fa39da4bfc139d6e486ffa2e04c0219ce4e
- url: https://blog.talosintelligence.com/uat-10608-inside-a-large-scale-automated-credential-harvesting-operation-targeting-web-applications
- url: https://github.com/Cisco-Talos/IOCs/blob/main/2026/04/uat-10608.txt
- url: https://x.com/malwrhunterteam/status/2051403187282685981
- ip: 144.172.102.88
- ip: 144.172.112.136
- ip: 144.172.117.112
- ip: 172.86.127.128
- ip: 144.172.116.48
- ip: 178.128.41.3
- ip: 216.126.225.20
- ip: 77.237.237.74
Maltrail IOC for 2026-05-05
Description
This entry reports a Maltrail Indicator of Compromise (IOC) dated 2026-05-05, sourced from the CIRCL OSINT Feed. It is categorized as malware-related network activity with a medium severity rating. No specific affected versions or technical exploit details are provided. There is no patch available, and no known exploits in the wild have been identified. The information is based on open-source intelligence and manual collection methods.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The report details a Maltrail IOC for 2026-05-05 indicating potential malware-related network activity. The data originates from CIRCL's OSINT feed and is classified as medium risk. No affected software versions or specific vulnerabilities are noted, and no exploits have been confirmed in the wild. The IOC serves as an observational indicator rather than a description of a specific vulnerability or active exploit.
Potential Impact
The impact is currently limited to the identification of suspicious or malicious network activity as indicated by the IOC. There are no confirmed exploits or direct attacks associated with this IOC at this time. The medium severity suggests a moderate level of concern but no immediate critical threat.
Mitigation Recommendations
No patch or official remediation is available for this IOC. Security teams should consider integrating this IOC into their detection and monitoring systems to identify potential related network activity. Since this is an observational indicator from OSINT, no direct remediation actions are specified.
Technical Details
- Uuid
- 4db752e8-4cf1-429b-afd6-209df464146c
- Original Timestamp
- 1777935618
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://api.github.com/repos/stamparm/maltrail/commits/06b9fe434a13f7d8867bb3b41f3f672a71ec46d7 | netsupport | |
urlhttps://x.com/smica83/status/2051408261753053451 | netsupport | |
urlhttps://www.virustotal.com/gui/file/e28825d93ba61c9e7e1c7b2cc31b32c7be0482ec2edae0c3a54fc9f3cd483058/detection | netsupport | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/17fafb8d130fe54b329fa58c900963cb8d3e0ddb | asyncrat | |
urlhttps://x.com/smica83/status/2051402222458544341 | asyncrat | |
urlhttps://www.virustotal.com/gui/file/4e8bad3dd8b3805b02a96b79c3b109e9a0ffb3e6c2efbbce25bd0b71efaf7aed/detection | asyncrat | |
urlhttps://api.github.com/repos/stamparm/maltrail/commits/4a551fa39da4bfc139d6e486ffa2e04c0219ce4e | nexus_c2 | |
urlhttps://blog.talosintelligence.com/uat-10608-inside-a-large-scale-automated-credential-harvesting-operation-targeting-web-applications | nexus_c2 | |
urlhttps://github.com/Cisco-Talos/IOCs/blob/main/2026/04/uat-10608.txt | nexus_c2 | |
urlhttps://x.com/malwrhunterteam/status/2051403187282685981 | nexus_c2 |
Ip
| Value | Description | Copy |
|---|---|---|
ip103.119.47.218 | netsupport | |
ip103.119.47.241 | netsupport | |
ip103.214.147.181 | netsupport | |
ip103.214.147.184 | netsupport | |
ip179.60.145.198 | netsupport | |
ip179.60.145.219 | netsupport | |
ip179.60.149.102 | netsupport | |
ip185.232.67.245 | netsupport | |
ip185.55.242.133 | netsupport | |
ip185.55.242.202 | netsupport | |
ip193.24.211.227 | netsupport | |
ip193.24.211.240 | netsupport | |
ip193.24.211.251 | netsupport | |
ip200.107.207.42 | netsupport | |
ip200.107.207.46 | netsupport | |
ip45.13.212.236 | netsupport | |
ip45.13.212.245 | netsupport | |
ip45.13.212.254 | netsupport | |
ip45.142.195.121 | netsupport | |
ip45.182.189.117 | netsupport | |
ip5.188.86.163 | netsupport | |
ip5.188.86.170 | netsupport | |
ip5.188.86.180 | netsupport | |
ip5.188.86.188 | netsupport | |
ip5.188.87.49 | netsupport | |
ip62.164.177.227 | netsupport | |
ip62.164.177.229 | netsupport | |
ip62.164.177.240 | netsupport | |
ip62.164.177.250 | netsupport | |
ip62.164.177.254 | netsupport | |
ip88.214.25.198 | netsupport | |
ip88.214.27.43 | netsupport | |
ip91.191.209.90 | netsupport | |
ip91.199.163.51 | netsupport | |
ip91.199.163.53 | netsupport | |
ip91.199.163.63 | netsupport | |
ip91.199.163.72 | netsupport | |
ip104.194.152.199 | asyncrat | |
ip144.172.102.88 | nexus_c2 | |
ip144.172.112.136 | nexus_c2 | |
ip144.172.117.112 | nexus_c2 | |
ip172.86.127.128 | nexus_c2 | |
ip144.172.116.48 | nexus_c2 | |
ip178.128.41.3 | nexus_c2 | |
ip216.126.225.20 | nexus_c2 | |
ip77.237.237.74 | nexus_c2 |
Domain
| Value | Description | Copy |
|---|---|---|
domainanthodisk.com | netsupport | |
domainexpmle.ink | netsupport | |
domainlipontrent.com | netsupport | |
domainscrappd.ink | netsupport |
Threat ID: 69f99fc3cbff5d8610d606f4
Added to database: 5/5/2026, 7:44:03 AM
Last enriched: 5/13/2026, 3:56:18 AM
Last updated: 6/18/2026, 11:20:05 AM
Views: 149
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.