Reconnecting to live updates…

Maltrail IOC for 2026-05-25

Severity: mediumType: malware

AI Analysis

Technical Summary

The threat consists of a Maltrail IOC published on 2026-05-25, indicating suspicious or malicious network activity detected by the Maltrail system. The IOC is part of an open-source intelligence feed and is classified as medium severity malware-related network activity. No detailed technical indicators or affected software versions are specified, and no exploit activity has been confirmed. The IOC serves as a detection signal rather than a vulnerability or exploit itself.

Potential Impact

The impact is limited to the detection of potentially malicious network activity flagged by Maltrail. There is no evidence of active exploitation or direct compromise associated with this IOC. The medium severity rating suggests moderate concern but no confirmed widespread threat or damage at this time.

Mitigation Recommendations

No patch or official remediation is available or applicable since this is an IOC for detection purposes. Security teams should incorporate this IOC into their network monitoring and detection systems to identify potential malicious activity. No urgent action is mandated beyond standard monitoring aligned with the IOC.

Indicators of Compromise

url: https://api.github.com/repos/stamparm/maltrail/commits/a2e6089817d061250df30343a38157823d568831
ip: 156.232.10.206
ip: 76.13.17.190
url: https://api.github.com/repos/stamparm/maltrail/commits/463e8cb36ac89ce75892d249062fb86badafd214
domain: clavdiyaivanon.com
domain: cloudfilebridge.com
domain: fileamberrocket.sbs
domain: filecobaltharbor.sbs
domain: filecometblanket.sbs
domain: fileechoisland.sbs
domain: fileembergarden.sbs
domain: filefalconbridge.sbs
domain: filefrostengine.sbs
domain: fileglacierwallet.sbs
domain: fileivorysignal.sbs
domain: filelotusbasket.sbs
domain: filemintcastle.sbs
domain: filemistyplanet.sbs
domain: filemossmarket.sbs
domain: fileopalcoffee.sbs
domain: filepearltractor.sbs
domain: filequartzmachine.sbs
domain: filerubyfolder.sbs
domain: filesapphirecanvas.sbs
domain: filesunsetcamera.sbs
domain: filevaultsync.com
domain: filevioletcastle.sbs
domain: filewildflowerengine.sbs
domain: itemacnow.com
domain: smartcloudfiles.com
url: https://api.github.com/repos/stamparm/maltrail/commits/95d80f56d4138b6f76877f3564c909dfacbd47a3
domain: banmet.icu
domain: cdn.iquenme.shop
domain: iuybna.icu
domain: oijnaet.icu
domain: oomank.icu
domain: qqebna.icu
domain: wakamn.icu
domain: ybnmaga.icu
domain: zebanme.icu
domain: zzgabn.icu
url: https://api.github.com/repos/stamparm/maltrail/commits/7893a0531d401062036b45d7fd8c8baae066121a
url: https://x.com/skocherhan/status/2058662939301904825
domain: access.ips-nifty.dns.navy
domain: djhl.edoc.ips-bang.dynv6.net
domain: edoc-manc.dns.navy
domain: edoc-mane.dns.army
domain: edoc-one.dns.navy
domain: edoc.ips-bang.dynv6.net
domain: edoc.ips-mew.dynv6.net
domain: edoc.pol-otp.dns.navy
domain: info.edoc-manc.dns.navy
domain: info.edoc-mane.dns.army
domain: info.edoc-one.dns.navy
domain: ips-bang.dynv6.net
domain: ips-mew.dynv6.net
domain: ips-nifty.dns.navy
domain: mew-pol.dns.navy
domain: mld.edoc.pol-otp.dns.navy
domain: mood.navers.mew-pol.dns.navy
domain: mood.police-service.dns.army
domain: navers.mew-pol.dns.navy
domain: ndbp.political-view.dns.army
domain: pol-otp.dns.navy
domain: police-service.dns.army
domain: political-view.dns.army
domain: taeo.edoc.ips-mew.dynv6.net
domain: zxzc.edoc.ips-bang.dynv6.net
url: https://api.github.com/repos/stamparm/maltrail/commits/01f666b445cc990f7b1e3afb1bbfa4613dfa503e
url: https://x.com/skocherhan/status/2058637967954935824
url: https://www.virustotal.com/gui/file/72eadebd2f62d9706eaeae182dcb8ccf42919c019deaa812fb2225e005860edd/detection
url: https://www.virustotal.com/gui/file/126c4e1ae730a7213e496663f413efad3ab7e8ce0c3bf581b5dc42f3ca246ad2/detection
domain: clipviet.blog
domain: nangcucz.blog
domain: cryptolocker.nangcucz.blog
domain: dridex.nangcucz.blog
domain: emotet.nangcucz.blog
domain: malware.clipviet.blog
domain: x.clipviet.blog
url: https://api.github.com/repos/stamparm/maltrail/commits/66fde3e5e54ab9e307ff99d4f9d5800c921064a1
domain: printerdrvrs.com
domain: u8.asdasfa.com
url: https://api.github.com/repos/stamparm/maltrail/commits/aa07276eb59c4f80a776668850f278c0b7905663
url: https://x.com/skocherhan/status/2058661946719654013
url: https://www.virustotal.com/gui/ip-address/118.193.69.44/relations
domain: 5w9y60z9yy.dynv6.net
url: https://api.github.com/repos/stamparm/maltrail/commits/cc725fbd53b57bc24843bad3f8cf27917678262a
url: https://x.com/masaomi346/status/2058695167696371826
domain: olympiapetemergency.com
url: https://api.github.com/repos/stamparm/maltrail/commits/89aa0efea744c7fb969363c30cb9ace3ec06fead
url: https://x.com/masaomi346/status/2058709359291662651
domain: rudderwillow8.com
url: https://api.github.com/repos/stamparm/maltrail/commits/27a7d8d51334973e89968725ce52e91ba29e4493
url: https://x.com/EricParker/status/2058411298195661221
url: https://www.virustotal.com/gui/file/7d44e0009d251ae4983f5bf29f7d8aa9af668df88dba05a17a7a314f6780ceff/detection
ip: 38.190.225.166
ip: 38.190.225.167
ip: 38.190.225.179
url: https://api.github.com/repos/stamparm/maltrail/commits/82516868bcf1184332a8c80407f7cf3afc175bd5
domain: iscanxlive.fun
domain: iscanxlive.top
domain: iscanxonline.top
domain: openclawxlive.fun
domain: openclawxlive.top
domain: openclawxtool.fun
domain: opneclawai.club
url: https://api.github.com/repos/stamparm/maltrail/commits/537ac7184ac43e64611baf20fbcafd4202fd8db2
url: https://x.com/skocherhan/status/2058672128015106427
domain: 00pr43.picid1fdl6.dynv6.net
domain: 086k3a.93vf4b71cv.dynv6.net
domain: 0a1fi7nsne.dynv6.net
domain: 0grde8ebon.dns.army
domain: 0sv8.qiz172u9i01.dns.army
domain: 1br8jch4r2l.dns.army
domain: 1gb5eoww4y.dynv6.net
domain: 1jjrv5oset8.dns.navy
domain: 1k2j842o08.dynv6.net
domain: 1kgz2l.ze5aip8t1r.dynv6.net
domain: 1l8wzyn09e.dynv6.net
domain: 1lelpu.5jzttrmpkf.dynv6.net
domain: 1w0izrjp8f.v6.navy
domain: 238hl.sk48350fzc.v6.army
domain: 249h2syiju.v6.army
domain: 24ilry.sk48350fzc.v6.army
domain: 26kp3x.jghs63qw5w.v6.army
domain: 2cpuaxmkws.v6.army
domain: 2ea1fm3lj0.v6.army
domain: 2fmx5tfk22.dynv6.net
domain: 2ohjwx1f7e.v6.navy
domain: 2ra7.njkdhfptwn.dynv6.net
domain: 2ta9vkc3b2.dns.navy
domain: 2tj40eda2f.dynv6.net
domain: 2vm4g1ro8j.dns.navy
domain: 2yvl15.hfxq7cbqv5.dynv6.net
domain: 3d3mt6lf1x.v6.army
domain: 3gxf.du0oakjsbs.dynv6.net
domain: 3ol2k.ie7up41y3x.dynv6.net
domain: 3oqhgj.1l8wzyn09e.dynv6.net
domain: 3sd5y62mi2.dynv6.net
domain: 3t2jh7awf0.dynv6.net
domain: 49wlf.3t2jh7awf0.dynv6.net
domain: 4nu00ypt6u.dynv6.net
domain: 4sifx.ug4kghrroou.dns.navy
domain: 5a8zsghait2.dns.army
domain: 5jzttrmpkf.dynv6.net
domain: 5m2ub.jlej4dom3m.dynv6.net
domain: 6545f.3sd5y62mi2.dynv6.net
domain: 6hpgd.1br8jch4r2l.dns.army
domain: 6pzmcnjfl7e.dns.navy
domain: 733h2kubch.dynv6.net
domain: 73tlkp3alr.dynv6.net
domain: 77sg7t.2tj40eda2f.dynv6.net
domain: 7f44zhxz1x2.dns.navy
domain: 7itl05g1mj.dns.navy
domain: 7l30nhkxuv.dynv6.net
domain: 83cn.0grde8ebon.dns.army
domain: 85xcwj.se4z5cvxnk.v6.navy
domain: 8lqx92qwn3.v6.army
domain: 93vf4b71cv.dynv6.net
domain: 9a8zp.2ta9vkc3b2.dns.navy
domain: 9jhf95.i3idbzcf7m.dynv6.net
domain: 9k2i.73tlkp3alr.dynv6.net
domain: 9ok90wamt4.dns.navy
domain: 9u8dnvzzim.dynv6.net
domain: a1fi7nsne.dynv6.net
domain: auth-check-nvr.6545f.3sd5y62mi2.dynv6.net
domain: auth-check-nvr.77sg7t.2tj40eda2f.dynv6.net
domain: auth-check-nvr.hflax.ylhej608mk.dynv6.net
domain: auth-check-nvr.jpnqb.e6phj0xnr0.dynv6.net
domain: auth-check-nvr.ptdmu1.d9z5fqxt49.dynv6.net
domain: auth-check-nvr.ycq2.ylhej608mk.dynv6.net
domain: b45zyjuecl.dns.navy
domain: bbxnc.1k2j842o08.dynv6.net
domain: browse-naver.x8co6.2ohjwx1f7e.v6.navy
domain: btee.dynuddns.net
domain: c9q0l37ffb.dns.navy
domain: cddp00ow2m.dynv6.net
domain: cgv8ijdqybf.dns.navy
domain: ch4l.oz3oqqrrxl.dns.army
domain: check.nid-user.kro.kr
domain: cloud-doc.abrdns.com
domain: confirm-ver.ttgdoc.cloud-ip.cc
domain: connection.n-e.kr
domain: count-doc.tax-doc.abrdns.com
domain: cox7y4ipua.dns.navy
domain: cpnikyd43jh.dns.army
domain: cupon-log.tax-kor.mytunnel.org
domain: d9z5fqxt49.dynv6.net
domain: deliver-tax-auth.3ol2k.ie7up41y3x.dynv6.net
domain: deliver-tax-auth.duqf6.nvet6v0ryy.dynv6.net
domain: demp.tax-auth.ydns.eu
domain: dhif24bvt7.dynv6.net
domain: djq2wz7jsv.dns.navy
domain: doc-auth.check.nid-user.kro.kr
domain: docinfo.cloud-ip.cc
domain: du0oakjsbs.dynv6.net
domain: duqf6.nvet6v0ryy.dynv6.net
domain: e063y2.w6quflavdm.dynv6.net
domain: e6phj0xnr0.dynv6.net
domain: e6ro1jnzss.dynv6.net
domain: fak1.7l30nhkxuv.dynv6.net
domain: fiw.security.token-manage.o-r.kr
domain: fm4yoenkfru.dns.navy
domain: fmgu300wg6.dynv6.net
domain: fpau3zk7hi.dynv6.net
domain: gabia.kozow.com
domain: gbotlft7b7.dynv6.net
domain: gpi7ynn4oqp.dns.navy
domain: guider.serverpit.com
domain: hflax.ylhej608mk.dynv6.net
domain: hfxq7cbqv5.dynv6.net
domain: hgpzb1szps.v6.army
domain: hkn1a.il0qjijik3.v6.army
domain: hlbr31s20w.v6.army
domain: hrdxnu.zwrymm61og4.dns.army
domain: i0zhs.o46r3ey36xw.dns.navy
domain: i3idbzcf7m.dynv6.net
domain: ie7up41y3x.dynv6.net
domain: il0qjijik3.v6.army
domain: invoice.bumbleshrimp.com
domain: invoicedoc.abrdns.com
domain: irg8gqizqz.dns.army
domain: ivugt.irg8gqizqz.dns.army
domain: jfp9wd3hht.v6.army
domain: jghs63qw5w.v6.army
domain: jir0gq4huk.v6.army
domain: jlej4dom3m.dynv6.net
domain: jpnqb.e6phj0xnr0.dynv6.net
domain: kd0wcadw5v.dns.army
domain: ke6jp62jt2.dynv6.net
domain: kgw0xm.fmgu300wg6.dynv6.net
domain: kqtc.uc78hw71gb.dynv6.net
domain: l5m2cxdaxjy.dns.navy
domain: l9rmt5.fmgu300wg6.dynv6.net
domain: ldspau7pxy8.dns.navy
domain: lodni.ntesdoc.1cooldns.com
domain: luhp.xtfcnu7acx.v6.army
domain: ly5x0d.p4nbsl4cli.dns.navy
domain: m0dfmjbfj7.dns.navy
domain: m5i7.qhwfwllupj.dynv6.net
domain: maincert.1cooldns.com
domain: mbzgitbhj6.v6.navy
domain: mois-nid.i0zhs.o46r3ey36xw.dns.navy
domain: mos-nid.wazd9.7f44zhxz1x2.dns.navy
domain: mphfy4zbpb.v6.navy
domain: mvtv7vr0nr.dynv6.net
domain: nav-log.check.nid-user.kro.kr
domain: naver-auth-tax.2ra7.njkdhfptwn.dynv6.net
domain: naver-auth-tax.q83s.2fmx5tfk22.dynv6.net
domain: naver-auth.s8liln.4nu00ypt6u.dynv6.net
domain: nchosedirect.connection.n-e.kr
domain: nchosedirect.maincert.1cooldns.com
domain: nchosedirect.nooeg.1cooldns.com
domain: ndco.abrdns.com
domain: ndcondi.nooeg.1cooldns.com
domain: ndoc-post.cloud-ip.cc
domain: ndoc.ndoctax.dns.navy
domain: ndoc.nidcloud.dns.army
domain: ndoctax.dns.navy
domain: ndsp-ventor.ndoc-post.cloud-ip.cc
domain: nem1fg.ucc8pb4qud.v6.army
domain: nid-auth-tax.9jhf95.i3idbzcf7m.dynv6.net
domain: nid-doc-auth.00pr43.picid1fdl6.dynv6.net
domain: nid-doc-auth.1lelpu.5jzttrmpkf.dynv6.net
domain: nid-doc-auth.2yvl15.hfxq7cbqv5.dynv6.net
domain: nid-doc-auth.3gxf.du0oakjsbs.dynv6.net
domain: nid-doc-auth.9k2i.73tlkp3alr.dynv6.net
domain: nid-doc-auth.bbxnc.1k2j842o08.dynv6.net
domain: nid-doc-auth.nyhf.hfxq7cbqv5.dynv6.net
domain: nid-log.9a8zp.2ta9vkc3b2.dns.navy
domain: nid-log.yml63.cox7y4ipua.dns.navy
domain: nid-session.govt.hu
domain: nid-tax-auth.49wlf.3t2jh7awf0.dynv6.net
domain: nid-tax-doc.1kgz2l.ze5aip8t1r.dynv6.net
domain: nid-tax-doc.5m2ub.jlej4dom3m.dynv6.net
domain: nid-tax-doc.e063y2.w6quflavdm.dynv6.net
domain: nid-tax-doc.hkn1a.il0qjijik3.v6.army
domain: nid-tax-doc.m5i7.qhwfwllupj.dynv6.net
domain: nid-tax.abrdns.com
domain: nid-user.kro.kr
domain: nid.ndoctax.dns.navy
domain: nid.nloginvoice.dns.navy
domain: nid.nusersec.dns.navy
domain: nidauth.4sifx.ug4kghrroou.dns.navy
domain: nidcloud.dns.army
domain: nidtax.hrdxnu.zwrymm61og4.dns.army
domain: nidtax.ntndoc.abrdns.com
domain: nidtax.o4e82.5a8zsghait2.dns.army
domain: ninvoice.nloginvoice.dns.navy
domain: ninvoice.ntsscan.dns.navy
domain: ninvoice.nusersec.dns.navy
domain: ninvoice.nusetx.dns.army
domain: njkdhfptwn.dynv6.net
domain: njnbm6648f.dns.navy
domain: nloginvoice.dns.navy
domain: nooeg.1cooldns.com
domain: nopts.xubi.org
domain: np-doc-nid.85xcwj.se4z5cvxnk.v6.navy
domain: nps-hall.cloud-ip.cc
domain: npskol.1cooldns.com
domain: nstlog.store
domain: nt-deliver.cloud-ip.cc
domain: ntax.abrdns.com
domain: ntclss.cloud-ip.cc
domain: ntdocs.abrdns.com
domain: ntesdoc.1cooldns.com
domain: ntexq.mydns.vc
domain: ntlog.gabia.kozow.com
domain: ntlog.upd-log.ezgateway.net
domain: ntndoc.abrdns.com
domain: nts-load.twilightparadox.com
domain: ntsdoc.dynuddns.com
domain: ntsg.tvoice-doc.ddnsguru.com
domain: ntsscan.dns.navy
domain: nupt-log.dynuddns.com
domain: nusersec.dns.navy
domain: nusetx.dns.army
domain: nusr-doc.83cn.0grde8ebon.dns.army
domain: nusr-doc.ch4l.oz3oqqrrxl.dns.army
domain: nusr-doc.st2zeg.y4rs6m4w3z.dns.army
domain: nusrdoc.1cooldns.com
domain: nv-team.mysynology.net
domain: nvere-log.abrdns.com
domain: nvet6v0ryy.dynv6.net
domain: nvoice.flashhub.net
domain: nvoice.nv-team.mysynology.net
domain: nvoictax.6hpgd.1br8jch4r2l.dns.army
domain: nyhf.hfxq7cbqv5.dynv6.net
domain: o46r3ey36xw.dns.navy
domain: o4e82.5a8zsghait2.dns.army
domain: omtj8m.qj4xml8hxh.dynv6.net
domain: omyfdwsxnd.dns.army
domain: oz3oqqrrxl.dns.army
domain: p4nbsl4cli.dns.navy
domain: p9tfgmd5r5.v6.army
domain: p9woh.qj4xml8hxh.dynv6.net
domain: pay-voice.cloud-ip.cc
domain: pd-redirect.cloud-ip.cc
domain: perfect.bumbleshrimp.com
domain: pgul.gbotlft7b7.dynv6.net
domain: picid1fdl6.dynv6.net
domain: psxyqs93is.dynv6.net
domain: ptdmu1.d9z5fqxt49.dynv6.net
domain: q83s.2fmx5tfk22.dynv6.net
domain: qhwfwllupj.dynv6.net
domain: qiz172u9i01.dns.army
domain: qj4xml8hxh.dynv6.net
domain: qs0gvu97ec.dynv6.net
domain: r7xy4u626e.dynv6.net
domain: rea5wljzgp.dns.army
domain: redirect-nid.ivugt.irg8gqizqz.dns.army
domain: s8liln.4nu00ypt6u.dynv6.net
domain: se4z5cvxnk.v6.navy
domain: security.token-manage.o-r.kr
domain: securityconfirm.perfect.bumbleshrimp.com
domain: shdgud.abrdns.com
domain: si63k8gmso.v6.army
domain: sk48350fzc.v6.army
domain: st2zeg.y4rs6m4w3z.dns.army
url: https://api.github.com/repos/stamparm/maltrail/commits/852f3f83860cf839591b93a15b9832747804629b
url: https://x.com/Fact_Finder03/status/2058800481980514384
url: https://www.virustotal.com/gui/file/647f968d18620d7d69fe51e67a7f2f83ddc8551716472d4468197e2dc8130a94/detection
ip: 179.43.186.239
domain: vpnwhitelist.ru
url: https://api.github.com/repos/stamparm/maltrail/commits/0f29ee23e9c1046792528dd2bb8a19db241400c4
url: https://api.github.com/repos/stamparm/maltrail/commits/032a59437e8b560f288a6885f4aada5b2c5aecee
url: https://x.com/Fact_Finder03/status/2058791170764157064
ip: 94.125.103.45
domain: st406.m0dfmjbfj7.dns.navy
domain: statistics.mysynology.net
domain: suyny3rnd6.v6.army
domain: talkcloud.abrdns.com
domain: tax-auth-notification.238hl.sk48350fzc.v6.army
domain: tax-auth-notification.24ilry.sk48350fzc.v6.army
domain: tax-auth-notification.26kp3x.jghs63qw5w.v6.army
domain: tax-auth-notification.luhp.xtfcnu7acx.v6.army
domain: tax-auth-notification.tvua0.suyny3rnd6.v6.army
domain: tax-auth-notification.udw1vs.suyny3rnd6.v6.army
domain: tax-auth.ydns.eu
domain: tax-deliver-auth.3oqhgj.1l8wzyn09e.dynv6.net
domain: tax-deliver-auth.fak1.7l30nhkxuv.dynv6.net
domain: tax-deliver-auth.y26b.r7xy4u626e.dynv6.net
domain: tax-deliver-auth.zsp8.0a1fi7nsne.dynv6.net
domain: tax-doc.abrdns.com
domain: tax-guide.abrdns.com
domain: tax-kor.mytunnel.org
domain: tax-link-nid.kgw0xm.fmgu300wg6.dynv6.net
domain: tax-link-nid.kqtc.uc78hw71gb.dynv6.net
domain: tax-link-nid.l9rmt5.fmgu300wg6.dynv6.net
domain: tax-link-nid.omtj8m.qj4xml8hxh.dynv6.net
domain: tax-link-nid.p9woh.qj4xml8hxh.dynv6.net
domain: tax-link-nid.pgul.gbotlft7b7.dynv6.net
domain: tax-link-nid.y8f3.9u8dnvzzim.dynv6.net
domain: tax-link-nid.yrpwqd.ke6jp62jt2.dynv6.net
domain: tax.petfoodkorea.kr
domain: taxinvoice.mydns.jp
domain: tdoc-noreply.ly5x0d.p4nbsl4cli.dns.navy
domain: tdoc-noreply.st406.m0dfmjbfj7.dns.navy
domain: tdoc.cloud-ip.cc
domain: tdrive.camdvr.org
domain: te2kmk0f5x.v6.army
domain: tech-nid.nem1fg.ucc8pb4qud.v6.army
domain: tguidelink.0sv8.qiz172u9i01.dns.army
domain: tguider.cloud-ip.cc
domain: token-manage.o-r.kr
domain: triect.abrdns.com
domain: ttgdoc.cloud-ip.cc
domain: ttsuget.nvoice.flashhub.net
domain: tvoice-doc.ddnsguru.com
domain: tvua0.suyny3rnd6.v6.army
domain: tx-reply.server-on.net
domain: uc78hw71gb.dynv6.net
domain: ucc8pb4qud.v6.army
domain: udw1vs.suyny3rnd6.v6.army
domain: ug4kghrroou.dns.navy
domain: uh431hluirw.dns.navy
domain: upd-log.ezgateway.net
domain: ve-us.check.nid-user.kro.kr
domain: vmdm9xw4swx.dns.navy
domain: w6quflavdm.dynv6.net
domain: wazd9.7f44zhxz1x2.dns.navy
domain: wlxvtiw7h7.v6.army
domain: x21a945ebj.v6.army
domain: x8co6.2ohjwx1f7e.v6.navy
domain: xtfcnu7acx.v6.army
domain: y26b.r7xy4u626e.dynv6.net
domain: y4rs6m4w3z.dns.army
domain: y8f3.9u8dnvzzim.dynv6.net
domain: ycq2.ylhej608mk.dynv6.net
domain: ylhej608mk.dynv6.net
domain: yml63.cox7y4ipua.dns.navy
domain: yrpwqd.ke6jp62jt2.dynv6.net
domain: ze5aip8t1r.dynv6.net
domain: zp2mfm42al.v6.army
domain: zsp8.0a1fi7nsne.dynv6.net
domain: zwrymm61og4.dns.army
url: https://api.github.com/repos/stamparm/maltrail/commits/10b3d474bed0592d7904ee8f3f051215fc5771f9
url: https://www.virustotal.com/gui/ip-address/27.102.137.212/relations
domain: noreplynever.ydns.eu
url: https://api.github.com/repos/stamparm/maltrail/commits/acbcbb7b3cf3804919b9d58531e50f9bfe45b368
domain: htax-login.nts-kr.dns.army
domain: nts-kr.dns.army
url: https://api.github.com/repos/stamparm/maltrail/commits/bd60e208a666523f198c4fdb36ce79b40c7c4811
domain: diplokb.cyou
url: https://api.github.com/repos/stamparm/maltrail/commits/2d68c48eb642504b946a5e4870b13ef543b87e2c
ip: 147.93.147.46
ip: 147.93.181.178
ip: 66.94.114.97
url: https://api.github.com/repos/stamparm/maltrail/commits/54d01f250356e8cca611577ba3148ce807aefa30
url: https://www.virustotal.com/gui/file/2c1764610a7f3113bb01fdaeede3b411acc99843bbb7d642c26024a601460efe/detection
ip: 178.170.220.14
url: https://api.github.com/repos/stamparm/maltrail/commits/e8049683d2df86b5b10ea1f07fb6ceafc35c12df
url: https://x.com/safedepio/status/2058848260845076651
ip: 195.201.194.107
url: https://api.github.com/repos/stamparm/maltrail/commits/3c62c4b09f6760250b0e792f2b928cb5f750dbfc
url: https://mp.weixin.qq.com/s/9wGEdvuJVPIv_D6PpoaZHg
ip: 212.193.2.162
ip: 45.130.146.197
domain: microsoft-updates-windows.servehttp.com
url: https://api.github.com/repos/stamparm/maltrail/commits/bd09f2fc7a3e82f791017d16abbd617e77885446
url: https://x.com/masaomi346/status/2058844105728512123
url: https://www.virustotal.com/gui/file/a608b591a7096c106c95a5df41be33be4b1c9374a4cff98e52a6a74e1a4dc62e/detection
domain: cewwq.xyz
domain: dfreygr.cewwq.xyz
url: https://api.github.com/repos/stamparm/maltrail/commits/be38617dfacc9fcdc40364685b7d8a9dc1b3bc7e
url: https://x.com/Fact_Finder03/status/2058785313393360975
ip: 178.105.197.117
ip: 62.97.160.112
ip: 84.215.61.54
domain: helios.fancybear.xyz
url: https://api.github.com/repos/stamparm/maltrail/commits/c8892f3612532a98f209da000218bfe820fdb90b
url: https://x.com/abh1sek/status/2058885937149759960
domain: violet-tricky-quelea-562.mypinata.cloud
url: https://api.github.com/repos/stamparm/maltrail/commits/2a34cef3702022334bc56ec5a04646697665d2d1
ip: 5.252.155.252
url: https://api.github.com/repos/stamparm/maltrail/commits/123e8616a0c3320b1b2972863595edc7b94256c8
url: https://api.github.com/repos/stamparm/maltrail/commits/1f2edbe4b50a397d2be71449329c4d5cfefb9192
domain: orizsuaeo-jp.icu
domain: thuide.bumbleshrimp.com
url: https://api.github.com/repos/stamparm/maltrail/commits/901c81bb15e35671e7924e780933a112f01fc611
url: https://x.com/skocherhan/status/2058608475404382446
domain: 5pj699tmhd.dynv6.net
domain: ar2aqxha855.dns.navy
domain: hkt77mguo03.dns.navy
domain: s62zzsmd7cq.dns.navy
domain: uykqg44ikx.v6.army
domain: wcatc7r8701.dns.navy
url: https://api.github.com/repos/stamparm/maltrail/commits/97128da69534ece3b35a696d7472425f0ca395ad
domain: bytonrian.com
domain: camarillotowing.com
domain: sparklingsenior.com
domain: tokhu.top
domain: usbouldering.com
url: https://api.github.com/repos/stamparm/maltrail/commits/a8078a46d384c9527be4fc2dcb558bffbace43d6
domain: acrence-racked.com
domain: ardentscrips.com
domain: baceurierprixists.com
domain: chiganhonsubber.com
domain: cid.echoatlas.xyz
domain: ciraqi-sampumps.com
domain: click.beasttrackad.online
domain: clk.age-defier.com
domain: comentcomens.com
domain: coolkshop-scrences.com
domain: coppentalmedits.com
domain: d1ng0op1m0ewnr.cloudfront.net
domain: d7jy4scahojcu.cloudfront.net
domain: dirojiebgu.pro
domain: ethequaldouter.com
domain: fun.playnoxx.com
domain: go.alwayswilling.ai
domain: go.deegoodstuff.com
domain: go.deri.la
domain: go.myinsurlab.com
domain: go.traildiv.com
domain: go.wwwtrk.com
domain: goactiveclick.site
domain: info.top10singleboersen.com
domain: kugazuupy.pro
domain: letivesgenning.com
domain: mativingterous.com
domain: muntingpanging.com
domain: nicking-unding.com
domain: obvalsapprolved.com
domain: olysished-peekly.com
domain: ordianafainewal.com
domain: ourcense-pixesian.com
domain: progoodsartening.com
domain: screatlystortion.com
domain: sentlydunialty.com
domain: ssl.vitalratgeber24.com
domain: suberty-theadius.xyz
domain: thernator-mysineral.com
domain: tick.fashvision.com
domain: track.basedgelab.com
domain: track.exclick.xyz
domain: track.fabuloustrack.com
domain: track.fearzboom.com
domain: track.hawkeyedtracking.com
domain: track.openshield.com
domain: track.ourtrk.com
domain: track.petpriority.co
domain: track.tankxbaby.com
domain: tracking.angelinos.com
domain: tracking.financialtrendline.com
domain: tracking.greentavio.com
domain: tracking.vitalvista.xyz
domain: tracks.esperti-udito.com
domain: trk.bangmilfstoday.com
domain: trk.selectedbookies.co.uk
domain: versitypokirts.com
url: https://api.github.com/repos/stamparm/maltrail/commits/3a6922c23b67e72a8bbdbc8d188fc88d4bfa0344
url: https://x.com/patialavii/status/2058883490628911541
url: https://www.virustotal.com/gui/ip-address/209.182.224.47/relations
domain: 2zoouumin.com
domain: 360yvos.com
domain: adobeviewpdf.online
domain: bestbiddy.com
domain: bestcameraup.com
domain: bestelectricpicks.com
domain: bestsawzone.com
domain: bestsowftware.com
domain: blue-preview.info
domain: blvas.online
domain: candulalydateams.top
domain: cloudteamupdata.top
domain: currentdate.top
domain: currentme.top
domain: diamondexchangeus.store
domain: documentviwxle.com
domain: dpgamer.com
domain: earn-smarter.com
domain: entsecuremsg.com
domain: entsecurremsg.com
domain: exploreweb3dappwalletrestore.com
domain: googleeemeet.click
domain: googlemeeets.click
domain: googlemeeting.org
domain: googlemeetings.click
domain: googlemeets.cfd
domain: googlemeets.click
domain: guardmessaging.com
domain: harraiyatimes.com
domain: heavenoff.com
domain: hi5video.com
domain: historicalsocietyoflakeworth.org
domain: infotauro.com
domain: infotourism.info
domain: invitation-live.com
domain: invitationletter.click
domain: iranbus.net
domain: ithithanamelankavu.com
domain: jaratii.com
domain: jitosol-download.xyz
domain: johndavis-millivanilli.com
domain: keassembly.org
domain: koiranengp.com
domain: laplumedejade.com
domain: latestupdatecloud.us
domain: magnumbet88.com
domain: mankoaawaz.com
domain: msteamsmeeeting.com
domain: murreehill.com
domain: mybestmonitor.com
domain: newtick.org
domain: nutrimartbd.com
domain: orizaa.in
domain: palmdesertsistercities.com
domain: paysmorlaixenvironnement.info
domain: pinpointpromote.com
domain: plqosayq.online
domain: shonendaily.com
domain: softwarebygeeks10.online
domain: stiglianoeventi.org
domain: streamingcommunityz.pics
domain: t5sis.com
domain: teamscloudata.top
domain: thetravelupdates.com
domain: topbesttv.com
domain: traveltosantamarta.com
domain: turismocordoba.info
domain: ufabet.inc
domain: us03web-invitee.top
domain: us04web.org
domain: us05webinterviewsession.com
domain: uswebin03acc.top
domain: wa-s1.serverpanel.com
domain: wa-s1.serverpanel.net
domain: znrsign2x2nz3-document-view.online
domain: zoom4usweb.com
domain: zoommeetingnjoin.com
domain: zoouummeetin.com
domain: zupet.co
url: https://api.github.com/repos/stamparm/maltrail/commits/9763db1d9ebfc0f4ac4f3a08e52e4731e6091f79
domain: huyajn.icu
domain: inamety.icu
domain: oiklaet.icu
domain: ubnamn.icu
domain: yybane.icu

Maltrail IOC for 2026-05-25

Severity: medium

Type: malware

Maltrail IOC for 2026-05-25

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

url: https://api.github.com/repos/stamparm/maltrail/commits/a2e6089817d061250df30343a38157823d568831
ip: 156.232.10.206
ip: 76.13.17.190
url: https://api.github.com/repos/stamparm/maltrail/commits/463e8cb36ac89ce75892d249062fb86badafd214
domain: clavdiyaivanon.com
domain: cloudfilebridge.com
domain: fileamberrocket.sbs
domain: filecobaltharbor.sbs
domain: filecometblanket.sbs
domain: fileechoisland.sbs
domain: fileembergarden.sbs
domain: filefalconbridge.sbs
domain: filefrostengine.sbs
domain: fileglacierwallet.sbs
domain: fileivorysignal.sbs
domain: filelotusbasket.sbs
domain: filemintcastle.sbs
domain: filemistyplanet.sbs
domain: filemossmarket.sbs
domain: fileopalcoffee.sbs
domain: filepearltractor.sbs
domain: filequartzmachine.sbs
domain: filerubyfolder.sbs
domain: filesapphirecanvas.sbs
domain: filesunsetcamera.sbs
domain: filevaultsync.com
domain: filevioletcastle.sbs
domain: filewildflowerengine.sbs
domain: itemacnow.com
domain: smartcloudfiles.com
url: https://api.github.com/repos/stamparm/maltrail/commits/95d80f56d4138b6f76877f3564c909dfacbd47a3
domain: banmet.icu
domain: cdn.iquenme.shop
domain: iuybna.icu
domain: oijnaet.icu
domain: oomank.icu
domain: qqebna.icu
domain: wakamn.icu
domain: ybnmaga.icu
domain: zebanme.icu
domain: zzgabn.icu
url: https://api.github.com/repos/stamparm/maltrail/commits/7893a0531d401062036b45d7fd8c8baae066121a
url: https://x.com/skocherhan/status/2058662939301904825
domain: access.ips-nifty.dns.navy
domain: djhl.edoc.ips-bang.dynv6.net
domain: edoc-manc.dns.navy
domain: edoc-mane.dns.army
domain: edoc-one.dns.navy
domain: edoc.ips-bang.dynv6.net
domain: edoc.ips-mew.dynv6.net
domain: edoc.pol-otp.dns.navy
domain: info.edoc-manc.dns.navy
domain: info.edoc-mane.dns.army
domain: info.edoc-one.dns.navy
domain: ips-bang.dynv6.net
domain: ips-mew.dynv6.net
domain: ips-nifty.dns.navy
domain: mew-pol.dns.navy
domain: mld.edoc.pol-otp.dns.navy
domain: mood.navers.mew-pol.dns.navy
domain: mood.police-service.dns.army
domain: navers.mew-pol.dns.navy
domain: ndbp.political-view.dns.army
domain: pol-otp.dns.navy
domain: police-service.dns.army
domain: political-view.dns.army
domain: taeo.edoc.ips-mew.dynv6.net
domain: zxzc.edoc.ips-bang.dynv6.net
url: https://api.github.com/repos/stamparm/maltrail/commits/01f666b445cc990f7b1e3afb1bbfa4613dfa503e
url: https://x.com/skocherhan/status/2058637967954935824
url: https://www.virustotal.com/gui/file/72eadebd2f62d9706eaeae182dcb8ccf42919c019deaa812fb2225e005860edd/detection
url: https://www.virustotal.com/gui/file/126c4e1ae730a7213e496663f413efad3ab7e8ce0c3bf581b5dc42f3ca246ad2/detection
domain: clipviet.blog
domain: nangcucz.blog
domain: cryptolocker.nangcucz.blog
domain: dridex.nangcucz.blog
domain: emotet.nangcucz.blog
domain: malware.clipviet.blog
domain: x.clipviet.blog
url: https://api.github.com/repos/stamparm/maltrail/commits/66fde3e5e54ab9e307ff99d4f9d5800c921064a1
domain: printerdrvrs.com
domain: u8.asdasfa.com
url: https://api.github.com/repos/stamparm/maltrail/commits/aa07276eb59c4f80a776668850f278c0b7905663
url: https://x.com/skocherhan/status/2058661946719654013
url: https://www.virustotal.com/gui/ip-address/118.193.69.44/relations
domain: 5w9y60z9yy.dynv6.net
url: https://api.github.com/repos/stamparm/maltrail/commits/cc725fbd53b57bc24843bad3f8cf27917678262a
url: https://x.com/masaomi346/status/2058695167696371826
domain: olympiapetemergency.com
url: https://api.github.com/repos/stamparm/maltrail/commits/89aa0efea744c7fb969363c30cb9ace3ec06fead
url: https://x.com/masaomi346/status/2058709359291662651
domain: rudderwillow8.com
url: https://api.github.com/repos/stamparm/maltrail/commits/27a7d8d51334973e89968725ce52e91ba29e4493
url: https://x.com/EricParker/status/2058411298195661221
url: https://www.virustotal.com/gui/file/7d44e0009d251ae4983f5bf29f7d8aa9af668df88dba05a17a7a314f6780ceff/detection
ip: 38.190.225.166
ip: 38.190.225.167
ip: 38.190.225.179
url: https://api.github.com/repos/stamparm/maltrail/commits/82516868bcf1184332a8c80407f7cf3afc175bd5
domain: iscanxlive.fun
domain: iscanxlive.top
domain: iscanxonline.top
domain: openclawxlive.fun
domain: openclawxlive.top
domain: openclawxtool.fun
domain: opneclawai.club
url: https://api.github.com/repos/stamparm/maltrail/commits/537ac7184ac43e64611baf20fbcafd4202fd8db2
url: https://x.com/skocherhan/status/2058672128015106427
domain: 00pr43.picid1fdl6.dynv6.net
domain: 086k3a.93vf4b71cv.dynv6.net
domain: 0a1fi7nsne.dynv6.net
domain: 0grde8ebon.dns.army
domain: 0sv8.qiz172u9i01.dns.army
domain: 1br8jch4r2l.dns.army
domain: 1gb5eoww4y.dynv6.net
domain: 1jjrv5oset8.dns.navy
domain: 1k2j842o08.dynv6.net
domain: 1kgz2l.ze5aip8t1r.dynv6.net
domain: 1l8wzyn09e.dynv6.net
domain: 1lelpu.5jzttrmpkf.dynv6.net
domain: 1w0izrjp8f.v6.navy
domain: 238hl.sk48350fzc.v6.army
domain: 249h2syiju.v6.army
domain: 24ilry.sk48350fzc.v6.army
domain: 26kp3x.jghs63qw5w.v6.army
domain: 2cpuaxmkws.v6.army
domain: 2ea1fm3lj0.v6.army
domain: 2fmx5tfk22.dynv6.net
domain: 2ohjwx1f7e.v6.navy
domain: 2ra7.njkdhfptwn.dynv6.net
domain: 2ta9vkc3b2.dns.navy
domain: 2tj40eda2f.dynv6.net
domain: 2vm4g1ro8j.dns.navy
domain: 2yvl15.hfxq7cbqv5.dynv6.net
domain: 3d3mt6lf1x.v6.army
domain: 3gxf.du0oakjsbs.dynv6.net
domain: 3ol2k.ie7up41y3x.dynv6.net
domain: 3oqhgj.1l8wzyn09e.dynv6.net
domain: 3sd5y62mi2.dynv6.net
domain: 3t2jh7awf0.dynv6.net
domain: 49wlf.3t2jh7awf0.dynv6.net
domain: 4nu00ypt6u.dynv6.net
domain: 4sifx.ug4kghrroou.dns.navy
domain: 5a8zsghait2.dns.army
domain: 5jzttrmpkf.dynv6.net
domain: 5m2ub.jlej4dom3m.dynv6.net
domain: 6545f.3sd5y62mi2.dynv6.net
domain: 6hpgd.1br8jch4r2l.dns.army
domain: 6pzmcnjfl7e.dns.navy
domain: 733h2kubch.dynv6.net
domain: 73tlkp3alr.dynv6.net
domain: 77sg7t.2tj40eda2f.dynv6.net
domain: 7f44zhxz1x2.dns.navy
domain: 7itl05g1mj.dns.navy
domain: 7l30nhkxuv.dynv6.net
domain: 83cn.0grde8ebon.dns.army
domain: 85xcwj.se4z5cvxnk.v6.navy
domain: 8lqx92qwn3.v6.army
domain: 93vf4b71cv.dynv6.net
domain: 9a8zp.2ta9vkc3b2.dns.navy
domain: 9jhf95.i3idbzcf7m.dynv6.net
domain: 9k2i.73tlkp3alr.dynv6.net
domain: 9ok90wamt4.dns.navy
domain: 9u8dnvzzim.dynv6.net
domain: a1fi7nsne.dynv6.net
domain: auth-check-nvr.6545f.3sd5y62mi2.dynv6.net
domain: auth-check-nvr.77sg7t.2tj40eda2f.dynv6.net
domain: auth-check-nvr.hflax.ylhej608mk.dynv6.net
domain: auth-check-nvr.jpnqb.e6phj0xnr0.dynv6.net
domain: auth-check-nvr.ptdmu1.d9z5fqxt49.dynv6.net
domain: auth-check-nvr.ycq2.ylhej608mk.dynv6.net
domain: b45zyjuecl.dns.navy
domain: bbxnc.1k2j842o08.dynv6.net
domain: browse-naver.x8co6.2ohjwx1f7e.v6.navy
domain: btee.dynuddns.net
domain: c9q0l37ffb.dns.navy
domain: cddp00ow2m.dynv6.net
domain: cgv8ijdqybf.dns.navy
domain: ch4l.oz3oqqrrxl.dns.army
domain: check.nid-user.kro.kr
domain: cloud-doc.abrdns.com
domain: confirm-ver.ttgdoc.cloud-ip.cc
domain: connection.n-e.kr
domain: count-doc.tax-doc.abrdns.com
domain: cox7y4ipua.dns.navy
domain: cpnikyd43jh.dns.army
domain: cupon-log.tax-kor.mytunnel.org
domain: d9z5fqxt49.dynv6.net
domain: deliver-tax-auth.3ol2k.ie7up41y3x.dynv6.net
domain: deliver-tax-auth.duqf6.nvet6v0ryy.dynv6.net
domain: demp.tax-auth.ydns.eu
domain: dhif24bvt7.dynv6.net
domain: djq2wz7jsv.dns.navy
domain: doc-auth.check.nid-user.kro.kr
domain: docinfo.cloud-ip.cc
domain: du0oakjsbs.dynv6.net
domain: duqf6.nvet6v0ryy.dynv6.net
domain: e063y2.w6quflavdm.dynv6.net
domain: e6phj0xnr0.dynv6.net
domain: e6ro1jnzss.dynv6.net
domain: fak1.7l30nhkxuv.dynv6.net
domain: fiw.security.token-manage.o-r.kr
domain: fm4yoenkfru.dns.navy
domain: fmgu300wg6.dynv6.net
domain: fpau3zk7hi.dynv6.net
domain: gabia.kozow.com
domain: gbotlft7b7.dynv6.net
domain: gpi7ynn4oqp.dns.navy
domain: guider.serverpit.com
domain: hflax.ylhej608mk.dynv6.net
domain: hfxq7cbqv5.dynv6.net
domain: hgpzb1szps.v6.army
domain: hkn1a.il0qjijik3.v6.army
domain: hlbr31s20w.v6.army
domain: hrdxnu.zwrymm61og4.dns.army
domain: i0zhs.o46r3ey36xw.dns.navy
domain: i3idbzcf7m.dynv6.net
domain: ie7up41y3x.dynv6.net
domain: il0qjijik3.v6.army
domain: invoice.bumbleshrimp.com
domain: invoicedoc.abrdns.com
domain: irg8gqizqz.dns.army
domain: ivugt.irg8gqizqz.dns.army
domain: jfp9wd3hht.v6.army
domain: jghs63qw5w.v6.army
domain: jir0gq4huk.v6.army
domain: jlej4dom3m.dynv6.net
domain: jpnqb.e6phj0xnr0.dynv6.net
domain: kd0wcadw5v.dns.army
domain: ke6jp62jt2.dynv6.net
domain: kgw0xm.fmgu300wg6.dynv6.net
domain: kqtc.uc78hw71gb.dynv6.net
domain: l5m2cxdaxjy.dns.navy
domain: l9rmt5.fmgu300wg6.dynv6.net
domain: ldspau7pxy8.dns.navy
domain: lodni.ntesdoc.1cooldns.com
domain: luhp.xtfcnu7acx.v6.army
domain: ly5x0d.p4nbsl4cli.dns.navy
domain: m0dfmjbfj7.dns.navy
domain: m5i7.qhwfwllupj.dynv6.net
domain: maincert.1cooldns.com
domain: mbzgitbhj6.v6.navy
domain: mois-nid.i0zhs.o46r3ey36xw.dns.navy
domain: mos-nid.wazd9.7f44zhxz1x2.dns.navy
domain: mphfy4zbpb.v6.navy
domain: mvtv7vr0nr.dynv6.net
domain: nav-log.check.nid-user.kro.kr
domain: naver-auth-tax.2ra7.njkdhfptwn.dynv6.net
domain: naver-auth-tax.q83s.2fmx5tfk22.dynv6.net
domain: naver-auth.s8liln.4nu00ypt6u.dynv6.net
domain: nchosedirect.connection.n-e.kr
domain: nchosedirect.maincert.1cooldns.com
domain: nchosedirect.nooeg.1cooldns.com
domain: ndco.abrdns.com
domain: ndcondi.nooeg.1cooldns.com
domain: ndoc-post.cloud-ip.cc
domain: ndoc.ndoctax.dns.navy
domain: ndoc.nidcloud.dns.army
domain: ndoctax.dns.navy
domain: ndsp-ventor.ndoc-post.cloud-ip.cc
domain: nem1fg.ucc8pb4qud.v6.army
domain: nid-auth-tax.9jhf95.i3idbzcf7m.dynv6.net
domain: nid-doc-auth.00pr43.picid1fdl6.dynv6.net
domain: nid-doc-auth.1lelpu.5jzttrmpkf.dynv6.net
domain: nid-doc-auth.2yvl15.hfxq7cbqv5.dynv6.net
domain: nid-doc-auth.3gxf.du0oakjsbs.dynv6.net
domain: nid-doc-auth.9k2i.73tlkp3alr.dynv6.net
domain: nid-doc-auth.bbxnc.1k2j842o08.dynv6.net
domain: nid-doc-auth.nyhf.hfxq7cbqv5.dynv6.net
domain: nid-log.9a8zp.2ta9vkc3b2.dns.navy
domain: nid-log.yml63.cox7y4ipua.dns.navy
domain: nid-session.govt.hu
domain: nid-tax-auth.49wlf.3t2jh7awf0.dynv6.net
domain: nid-tax-doc.1kgz2l.ze5aip8t1r.dynv6.net
domain: nid-tax-doc.5m2ub.jlej4dom3m.dynv6.net
domain: nid-tax-doc.e063y2.w6quflavdm.dynv6.net
domain: nid-tax-doc.hkn1a.il0qjijik3.v6.army
domain: nid-tax-doc.m5i7.qhwfwllupj.dynv6.net
domain: nid-tax.abrdns.com
domain: nid-user.kro.kr
domain: nid.ndoctax.dns.navy
domain: nid.nloginvoice.dns.navy
domain: nid.nusersec.dns.navy
domain: nidauth.4sifx.ug4kghrroou.dns.navy
domain: nidcloud.dns.army
domain: nidtax.hrdxnu.zwrymm61og4.dns.army
domain: nidtax.ntndoc.abrdns.com
domain: nidtax.o4e82.5a8zsghait2.dns.army
domain: ninvoice.nloginvoice.dns.navy
domain: ninvoice.ntsscan.dns.navy
domain: ninvoice.nusersec.dns.navy
domain: ninvoice.nusetx.dns.army
domain: njkdhfptwn.dynv6.net
domain: njnbm6648f.dns.navy
domain: nloginvoice.dns.navy
domain: nooeg.1cooldns.com
domain: nopts.xubi.org
domain: np-doc-nid.85xcwj.se4z5cvxnk.v6.navy
domain: nps-hall.cloud-ip.cc
domain: npskol.1cooldns.com
domain: nstlog.store
domain: nt-deliver.cloud-ip.cc
domain: ntax.abrdns.com
domain: ntclss.cloud-ip.cc
domain: ntdocs.abrdns.com
domain: ntesdoc.1cooldns.com
domain: ntexq.mydns.vc
domain: ntlog.gabia.kozow.com
domain: ntlog.upd-log.ezgateway.net
domain: ntndoc.abrdns.com
domain: nts-load.twilightparadox.com
domain: ntsdoc.dynuddns.com
domain: ntsg.tvoice-doc.ddnsguru.com
domain: ntsscan.dns.navy
domain: nupt-log.dynuddns.com
domain: nusersec.dns.navy
domain: nusetx.dns.army
domain: nusr-doc.83cn.0grde8ebon.dns.army
domain: nusr-doc.ch4l.oz3oqqrrxl.dns.army
domain: nusr-doc.st2zeg.y4rs6m4w3z.dns.army
domain: nusrdoc.1cooldns.com
domain: nv-team.mysynology.net
domain: nvere-log.abrdns.com
domain: nvet6v0ryy.dynv6.net
domain: nvoice.flashhub.net
domain: nvoice.nv-team.mysynology.net
domain: nvoictax.6hpgd.1br8jch4r2l.dns.army
domain: nyhf.hfxq7cbqv5.dynv6.net
domain: o46r3ey36xw.dns.navy
domain: o4e82.5a8zsghait2.dns.army
domain: omtj8m.qj4xml8hxh.dynv6.net
domain: omyfdwsxnd.dns.army
domain: oz3oqqrrxl.dns.army
domain: p4nbsl4cli.dns.navy
domain: p9tfgmd5r5.v6.army
domain: p9woh.qj4xml8hxh.dynv6.net
domain: pay-voice.cloud-ip.cc
domain: pd-redirect.cloud-ip.cc
domain: perfect.bumbleshrimp.com
domain: pgul.gbotlft7b7.dynv6.net
domain: picid1fdl6.dynv6.net
domain: psxyqs93is.dynv6.net
domain: ptdmu1.d9z5fqxt49.dynv6.net
domain: q83s.2fmx5tfk22.dynv6.net
domain: qhwfwllupj.dynv6.net
domain: qiz172u9i01.dns.army
domain: qj4xml8hxh.dynv6.net
domain: qs0gvu97ec.dynv6.net
domain: r7xy4u626e.dynv6.net
domain: rea5wljzgp.dns.army
domain: redirect-nid.ivugt.irg8gqizqz.dns.army
domain: s8liln.4nu00ypt6u.dynv6.net
domain: se4z5cvxnk.v6.navy
domain: security.token-manage.o-r.kr
domain: securityconfirm.perfect.bumbleshrimp.com
domain: shdgud.abrdns.com
domain: si63k8gmso.v6.army
domain: sk48350fzc.v6.army
domain: st2zeg.y4rs6m4w3z.dns.army
url: https://api.github.com/repos/stamparm/maltrail/commits/852f3f83860cf839591b93a15b9832747804629b
url: https://x.com/Fact_Finder03/status/2058800481980514384
url: https://www.virustotal.com/gui/file/647f968d18620d7d69fe51e67a7f2f83ddc8551716472d4468197e2dc8130a94/detection
ip: 179.43.186.239
domain: vpnwhitelist.ru
url: https://api.github.com/repos/stamparm/maltrail/commits/0f29ee23e9c1046792528dd2bb8a19db241400c4
url: https://api.github.com/repos/stamparm/maltrail/commits/032a59437e8b560f288a6885f4aada5b2c5aecee
url: https://x.com/Fact_Finder03/status/2058791170764157064
ip: 94.125.103.45
domain: st406.m0dfmjbfj7.dns.navy
domain: statistics.mysynology.net
domain: suyny3rnd6.v6.army
domain: talkcloud.abrdns.com
domain: tax-auth-notification.238hl.sk48350fzc.v6.army
domain: tax-auth-notification.24ilry.sk48350fzc.v6.army
domain: tax-auth-notification.26kp3x.jghs63qw5w.v6.army
domain: tax-auth-notification.luhp.xtfcnu7acx.v6.army
domain: tax-auth-notification.tvua0.suyny3rnd6.v6.army
domain: tax-auth-notification.udw1vs.suyny3rnd6.v6.army
domain: tax-auth.ydns.eu
domain: tax-deliver-auth.3oqhgj.1l8wzyn09e.dynv6.net
domain: tax-deliver-auth.fak1.7l30nhkxuv.dynv6.net
domain: tax-deliver-auth.y26b.r7xy4u626e.dynv6.net
domain: tax-deliver-auth.zsp8.0a1fi7nsne.dynv6.net
domain: tax-doc.abrdns.com
domain: tax-guide.abrdns.com
domain: tax-kor.mytunnel.org
domain: tax-link-nid.kgw0xm.fmgu300wg6.dynv6.net
domain: tax-link-nid.kqtc.uc78hw71gb.dynv6.net
domain: tax-link-nid.l9rmt5.fmgu300wg6.dynv6.net
domain: tax-link-nid.omtj8m.qj4xml8hxh.dynv6.net
domain: tax-link-nid.p9woh.qj4xml8hxh.dynv6.net
domain: tax-link-nid.pgul.gbotlft7b7.dynv6.net
domain: tax-link-nid.y8f3.9u8dnvzzim.dynv6.net
domain: tax-link-nid.yrpwqd.ke6jp62jt2.dynv6.net
domain: tax.petfoodkorea.kr
domain: taxinvoice.mydns.jp
domain: tdoc-noreply.ly5x0d.p4nbsl4cli.dns.navy
domain: tdoc-noreply.st406.m0dfmjbfj7.dns.navy
domain: tdoc.cloud-ip.cc
domain: tdrive.camdvr.org
domain: te2kmk0f5x.v6.army
domain: tech-nid.nem1fg.ucc8pb4qud.v6.army
domain: tguidelink.0sv8.qiz172u9i01.dns.army
domain: tguider.cloud-ip.cc
domain: token-manage.o-r.kr
domain: triect.abrdns.com
domain: ttgdoc.cloud-ip.cc
domain: ttsuget.nvoice.flashhub.net
domain: tvoice-doc.ddnsguru.com
domain: tvua0.suyny3rnd6.v6.army
domain: tx-reply.server-on.net
domain: uc78hw71gb.dynv6.net
domain: ucc8pb4qud.v6.army
domain: udw1vs.suyny3rnd6.v6.army
domain: ug4kghrroou.dns.navy
domain: uh431hluirw.dns.navy
domain: upd-log.ezgateway.net
domain: ve-us.check.nid-user.kro.kr
domain: vmdm9xw4swx.dns.navy
domain: w6quflavdm.dynv6.net
domain: wazd9.7f44zhxz1x2.dns.navy
domain: wlxvtiw7h7.v6.army
domain: x21a945ebj.v6.army
domain: x8co6.2ohjwx1f7e.v6.navy
domain: xtfcnu7acx.v6.army
domain: y26b.r7xy4u626e.dynv6.net
domain: y4rs6m4w3z.dns.army
domain: y8f3.9u8dnvzzim.dynv6.net
domain: ycq2.ylhej608mk.dynv6.net
domain: ylhej608mk.dynv6.net
domain: yml63.cox7y4ipua.dns.navy
domain: yrpwqd.ke6jp62jt2.dynv6.net
domain: ze5aip8t1r.dynv6.net
domain: zp2mfm42al.v6.army
domain: zsp8.0a1fi7nsne.dynv6.net
domain: zwrymm61og4.dns.army
url: https://api.github.com/repos/stamparm/maltrail/commits/10b3d474bed0592d7904ee8f3f051215fc5771f9
url: https://www.virustotal.com/gui/ip-address/27.102.137.212/relations
domain: noreplynever.ydns.eu
url: https://api.github.com/repos/stamparm/maltrail/commits/acbcbb7b3cf3804919b9d58531e50f9bfe45b368
domain: htax-login.nts-kr.dns.army
domain: nts-kr.dns.army
url: https://api.github.com/repos/stamparm/maltrail/commits/bd60e208a666523f198c4fdb36ce79b40c7c4811
domain: diplokb.cyou
url: https://api.github.com/repos/stamparm/maltrail/commits/2d68c48eb642504b946a5e4870b13ef543b87e2c
ip: 147.93.147.46
ip: 147.93.181.178
ip: 66.94.114.97
url: https://api.github.com/repos/stamparm/maltrail/commits/54d01f250356e8cca611577ba3148ce807aefa30
url: https://www.virustotal.com/gui/file/2c1764610a7f3113bb01fdaeede3b411acc99843bbb7d642c26024a601460efe/detection
ip: 178.170.220.14
url: https://api.github.com/repos/stamparm/maltrail/commits/e8049683d2df86b5b10ea1f07fb6ceafc35c12df
url: https://x.com/safedepio/status/2058848260845076651
ip: 195.201.194.107
url: https://api.github.com/repos/stamparm/maltrail/commits/3c62c4b09f6760250b0e792f2b928cb5f750dbfc
url: https://mp.weixin.qq.com/s/9wGEdvuJVPIv_D6PpoaZHg
ip: 212.193.2.162
ip: 45.130.146.197
domain: microsoft-updates-windows.servehttp.com
url: https://api.github.com/repos/stamparm/maltrail/commits/bd09f2fc7a3e82f791017d16abbd617e77885446
url: https://x.com/masaomi346/status/2058844105728512123
url: https://www.virustotal.com/gui/file/a608b591a7096c106c95a5df41be33be4b1c9374a4cff98e52a6a74e1a4dc62e/detection
domain: cewwq.xyz
domain: dfreygr.cewwq.xyz
url: https://api.github.com/repos/stamparm/maltrail/commits/be38617dfacc9fcdc40364685b7d8a9dc1b3bc7e
url: https://x.com/Fact_Finder03/status/2058785313393360975
ip: 178.105.197.117
ip: 62.97.160.112
ip: 84.215.61.54
domain: helios.fancybear.xyz
url: https://api.github.com/repos/stamparm/maltrail/commits/c8892f3612532a98f209da000218bfe820fdb90b
url: https://x.com/abh1sek/status/2058885937149759960
domain: violet-tricky-quelea-562.mypinata.cloud
url: https://api.github.com/repos/stamparm/maltrail/commits/2a34cef3702022334bc56ec5a04646697665d2d1
ip: 5.252.155.252
url: https://api.github.com/repos/stamparm/maltrail/commits/123e8616a0c3320b1b2972863595edc7b94256c8
url: https://api.github.com/repos/stamparm/maltrail/commits/1f2edbe4b50a397d2be71449329c4d5cfefb9192
domain: orizsuaeo-jp.icu
domain: thuide.bumbleshrimp.com
url: https://api.github.com/repos/stamparm/maltrail/commits/901c81bb15e35671e7924e780933a112f01fc611
url: https://x.com/skocherhan/status/2058608475404382446
domain: 5pj699tmhd.dynv6.net
domain: ar2aqxha855.dns.navy
domain: hkt77mguo03.dns.navy
domain: s62zzsmd7cq.dns.navy
domain: uykqg44ikx.v6.army
domain: wcatc7r8701.dns.navy
url: https://api.github.com/repos/stamparm/maltrail/commits/97128da69534ece3b35a696d7472425f0ca395ad
domain: bytonrian.com
domain: camarillotowing.com
domain: sparklingsenior.com
domain: tokhu.top
domain: usbouldering.com
url: https://api.github.com/repos/stamparm/maltrail/commits/a8078a46d384c9527be4fc2dcb558bffbace43d6
domain: acrence-racked.com
domain: ardentscrips.com
domain: baceurierprixists.com
domain: chiganhonsubber.com
domain: cid.echoatlas.xyz
domain: ciraqi-sampumps.com
domain: click.beasttrackad.online
domain: clk.age-defier.com
domain: comentcomens.com
domain: coolkshop-scrences.com
domain: coppentalmedits.com
domain: d1ng0op1m0ewnr.cloudfront.net
domain: d7jy4scahojcu.cloudfront.net
domain: dirojiebgu.pro
domain: ethequaldouter.com
domain: fun.playnoxx.com
domain: go.alwayswilling.ai
domain: go.deegoodstuff.com
domain: go.deri.la
domain: go.myinsurlab.com
domain: go.traildiv.com
domain: go.wwwtrk.com
domain: goactiveclick.site
domain: info.top10singleboersen.com
domain: kugazuupy.pro
domain: letivesgenning.com
domain: mativingterous.com
domain: muntingpanging.com
domain: nicking-unding.com
domain: obvalsapprolved.com
domain: olysished-peekly.com
domain: ordianafainewal.com
domain: ourcense-pixesian.com
domain: progoodsartening.com
domain: screatlystortion.com
domain: sentlydunialty.com
domain: ssl.vitalratgeber24.com
domain: suberty-theadius.xyz
domain: thernator-mysineral.com
domain: tick.fashvision.com
domain: track.basedgelab.com
domain: track.exclick.xyz
domain: track.fabuloustrack.com
domain: track.fearzboom.com
domain: track.hawkeyedtracking.com
domain: track.openshield.com
domain: track.ourtrk.com
domain: track.petpriority.co
domain: track.tankxbaby.com
domain: tracking.angelinos.com
domain: tracking.financialtrendline.com
domain: tracking.greentavio.com
domain: tracking.vitalvista.xyz
domain: tracks.esperti-udito.com
domain: trk.bangmilfstoday.com
domain: trk.selectedbookies.co.uk
domain: versitypokirts.com
url: https://api.github.com/repos/stamparm/maltrail/commits/3a6922c23b67e72a8bbdbc8d188fc88d4bfa0344
url: https://x.com/patialavii/status/2058883490628911541
url: https://www.virustotal.com/gui/ip-address/209.182.224.47/relations
domain: 2zoouumin.com
domain: 360yvos.com
domain: adobeviewpdf.online
domain: bestbiddy.com
domain: bestcameraup.com
domain: bestelectricpicks.com
domain: bestsawzone.com
domain: bestsowftware.com
domain: blue-preview.info
domain: blvas.online
domain: candulalydateams.top
domain: cloudteamupdata.top
domain: currentdate.top
domain: currentme.top
domain: diamondexchangeus.store
domain: documentviwxle.com
domain: dpgamer.com
domain: earn-smarter.com
domain: entsecuremsg.com
domain: entsecurremsg.com
domain: exploreweb3dappwalletrestore.com
domain: googleeemeet.click
domain: googlemeeets.click
domain: googlemeeting.org
domain: googlemeetings.click
domain: googlemeets.cfd
domain: googlemeets.click
domain: guardmessaging.com
domain: harraiyatimes.com
domain: heavenoff.com
domain: hi5video.com
domain: historicalsocietyoflakeworth.org
domain: infotauro.com
domain: infotourism.info
domain: invitation-live.com
domain: invitationletter.click
domain: iranbus.net
domain: ithithanamelankavu.com
domain: jaratii.com
domain: jitosol-download.xyz
domain: johndavis-millivanilli.com
domain: keassembly.org
domain: koiranengp.com
domain: laplumedejade.com
domain: latestupdatecloud.us
domain: magnumbet88.com
domain: mankoaawaz.com
domain: msteamsmeeeting.com
domain: murreehill.com
domain: mybestmonitor.com
domain: newtick.org
domain: nutrimartbd.com
domain: orizaa.in
domain: palmdesertsistercities.com
domain: paysmorlaixenvironnement.info
domain: pinpointpromote.com
domain: plqosayq.online
domain: shonendaily.com
domain: softwarebygeeks10.online
domain: stiglianoeventi.org
domain: streamingcommunityz.pics
domain: t5sis.com
domain: teamscloudata.top
domain: thetravelupdates.com
domain: topbesttv.com
domain: traveltosantamarta.com
domain: turismocordoba.info
domain: ufabet.inc
domain: us03web-invitee.top
domain: us04web.org
domain: us05webinterviewsession.com
domain: uswebin03acc.top
domain: wa-s1.serverpanel.com
domain: wa-s1.serverpanel.net
domain: znrsign2x2nz3-document-view.online
domain: zoom4usweb.com
domain: zoommeetingnjoin.com
domain: zoouummeetin.com
domain: zupet.co
url: https://api.github.com/repos/stamparm/maltrail/commits/9763db1d9ebfc0f4ac4f3a08e52e4731e6091f79
domain: huyajn.icu
domain: inamety.icu
domain: oiklaet.icu
domain: ubnamn.icu
domain: yybane.icu

Source: CIRCL OSINT Feed

Published: Sun May 24 2026

Maltrail IOC for 2026-05-25

Medium

Malwaretlp:clear malware misp:threat-level="medium-risk"misp:event-type="observation"misp:automation-level="unsupervised"type:osint osint:lifetime="perpetual"osint:source-type="manual-collection"

Published: Sun May 24 2026 (05/24/2026, 00:00:00 UTC)

Source: CIRCL OSINT Feed

Vendor/Project: tlp

Product: clear

Description

Maltrail IOC for 2026-05-25

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 05/25/2026, 15:24:51 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Uuid: ee072c55-80ac-4de0-a589-d9f179a82efd
Original Timestamp: 1779721204

Indicators of Compromise

Url

Value	Description	Copy
urlhttps://api.github.com/repos/stamparm/maltrail/commits/a2e6089817d061250df30343a38157823d568831	cyberstrikeai
urlhttps://api.github.com/repos/stamparm/maltrail/commits/463e8cb36ac89ce75892d249062fb86badafd214	osx_atomic
urlhttps://api.github.com/repos/stamparm/maltrail/commits/95d80f56d4138b6f76877f3564c909dfacbd47a3	android_fvncbot
urlhttps://api.github.com/repos/stamparm/maltrail/commits/7893a0531d401062036b45d7fd8c8baae066121a	apt_kimsuky
urlhttps://x.com/skocherhan/status/2058662939301904825	apt_kimsuky
urlhttps://api.github.com/repos/stamparm/maltrail/commits/01f666b445cc990f7b1e3afb1bbfa4613dfa503e	asyncrat
urlhttps://x.com/skocherhan/status/2058637967954935824	asyncrat
urlhttps://www.virustotal.com/gui/file/72eadebd2f62d9706eaeae182dcb8ccf42919c019deaa812fb2225e005860edd/detection	asyncrat
urlhttps://www.virustotal.com/gui/file/126c4e1ae730a7213e496663f413efad3ab7e8ce0c3bf581b5dc42f3ca246ad2/detection	asyncrat
urlhttps://api.github.com/repos/stamparm/maltrail/commits/66fde3e5e54ab9e307ff99d4f9d5800c921064a1	netsupport
urlhttps://api.github.com/repos/stamparm/maltrail/commits/aa07276eb59c4f80a776668850f278c0b7905663	apt_kimsuky
urlhttps://x.com/skocherhan/status/2058661946719654013	apt_kimsuky
urlhttps://www.virustotal.com/gui/ip-address/118.193.69.44/relations	apt_kimsuky
urlhttps://api.github.com/repos/stamparm/maltrail/commits/cc725fbd53b57bc24843bad3f8cf27917678262a	osx_atomic
urlhttps://x.com/masaomi346/status/2058695167696371826	osx_atomic
urlhttps://api.github.com/repos/stamparm/maltrail/commits/89aa0efea744c7fb969363c30cb9ace3ec06fead	osx_atomic
urlhttps://x.com/masaomi346/status/2058709359291662651	osx_atomic
urlhttps://api.github.com/repos/stamparm/maltrail/commits/27a7d8d51334973e89968725ce52e91ba29e4493	android_fakeapp
urlhttps://x.com/EricParker/status/2058411298195661221	android_fakeapp
urlhttps://www.virustotal.com/gui/file/7d44e0009d251ae4983f5bf29f7d8aa9af668df88dba05a17a7a314f6780ceff/detection	android_fakeapp
urlhttps://api.github.com/repos/stamparm/maltrail/commits/82516868bcf1184332a8c80407f7cf3afc175bd5	osx_nova
urlhttps://api.github.com/repos/stamparm/maltrail/commits/537ac7184ac43e64611baf20fbcafd4202fd8db2	apt_kimsuky
urlhttps://x.com/skocherhan/status/2058672128015106427	apt_kimsuky
urlhttps://api.github.com/repos/stamparm/maltrail/commits/852f3f83860cf839591b93a15b9832747804629b	gosimpletunnel
urlhttps://x.com/Fact_Finder03/status/2058800481980514384	gosimpletunnel
urlhttps://www.virustotal.com/gui/file/647f968d18620d7d69fe51e67a7f2f83ddc8551716472d4468197e2dc8130a94/detection	gosimpletunnel
urlhttps://api.github.com/repos/stamparm/maltrail/commits/0f29ee23e9c1046792528dd2bb8a19db241400c4	c2_panel
urlhttps://api.github.com/repos/stamparm/maltrail/commits/032a59437e8b560f288a6885f4aada5b2c5aecee	c2_panel
urlhttps://x.com/Fact_Finder03/status/2058791170764157064	c2_panel
urlhttps://api.github.com/repos/stamparm/maltrail/commits/10b3d474bed0592d7904ee8f3f051215fc5771f9	apt_kimsuky
urlhttps://www.virustotal.com/gui/ip-address/27.102.137.212/relations	apt_kimsuky
urlhttps://api.github.com/repos/stamparm/maltrail/commits/acbcbb7b3cf3804919b9d58531e50f9bfe45b368	apt_kimsuky
urlhttps://api.github.com/repos/stamparm/maltrail/commits/bd60e208a666523f198c4fdb36ce79b40c7c4811	lummac2
urlhttps://api.github.com/repos/stamparm/maltrail/commits/2d68c48eb642504b946a5e4870b13ef543b87e2c	vacbot
urlhttps://api.github.com/repos/stamparm/maltrail/commits/54d01f250356e8cca611577ba3148ce807aefa30	yorotrooper
urlhttps://www.virustotal.com/gui/file/2c1764610a7f3113bb01fdaeede3b411acc99843bbb7d642c26024a601460efe/detection	yorotrooper
urlhttps://api.github.com/repos/stamparm/maltrail/commits/e8049683d2df86b5b10ea1f07fb6ceafc35c12df	apt_lazarus
urlhttps://x.com/safedepio/status/2058848260845076651	apt_lazarus
urlhttps://api.github.com/repos/stamparm/maltrail/commits/3c62c4b09f6760250b0e792f2b928cb5f750dbfc	yorotrooper
urlhttps://mp.weixin.qq.com/s/9wGEdvuJVPIv_D6PpoaZHg	yorotrooper
urlhttps://api.github.com/repos/stamparm/maltrail/commits/bd09f2fc7a3e82f791017d16abbd617e77885446	android_roamingmantis
urlhttps://x.com/masaomi346/status/2058844105728512123	android_roamingmantis
urlhttps://www.virustotal.com/gui/file/a608b591a7096c106c95a5df41be33be4b1c9374a4cff98e52a6a74e1a4dc62e/detection	android_roamingmantis
urlhttps://api.github.com/repos/stamparm/maltrail/commits/be38617dfacc9fcdc40364685b7d8a9dc1b3bc7e	c2_panel
urlhttps://x.com/Fact_Finder03/status/2058785313393360975	c2_panel
urlhttps://api.github.com/repos/stamparm/maltrail/commits/c8892f3612532a98f209da000218bfe820fdb90b	hacked_npmrepos
urlhttps://x.com/abh1sek/status/2058885937149759960	hacked_npmrepos
urlhttps://api.github.com/repos/stamparm/maltrail/commits/2a34cef3702022334bc56ec5a04646697665d2d1	c2_panel
urlhttps://api.github.com/repos/stamparm/maltrail/commits/123e8616a0c3320b1b2972863595edc7b94256c8	peaklight
urlhttps://api.github.com/repos/stamparm/maltrail/commits/1f2edbe4b50a397d2be71449329c4d5cfefb9192	apt_kimsuky
urlhttps://api.github.com/repos/stamparm/maltrail/commits/901c81bb15e35671e7924e780933a112f01fc611	apt_kimsuky
urlhttps://x.com/skocherhan/status/2058608475404382446	apt_kimsuky
urlhttps://api.github.com/repos/stamparm/maltrail/commits/97128da69534ece3b35a696d7472425f0ca395ad	apt_unc2465
urlhttps://api.github.com/repos/stamparm/maltrail/commits/a8078a46d384c9527be4fc2dcb558bffbace43d6	osx_atomic
urlhttps://api.github.com/repos/stamparm/maltrail/commits/3a6922c23b67e72a8bbdbc8d188fc88d4bfa0344	fakeapp
urlhttps://x.com/patialavii/status/2058883490628911541	fakeapp
urlhttps://www.virustotal.com/gui/ip-address/209.182.224.47/relations	fakeapp
urlhttps://api.github.com/repos/stamparm/maltrail/commits/9763db1d9ebfc0f4ac4f3a08e52e4731e6091f79	android_fvncbot

Ip

Value	Description	Copy
ip156.232.10.206	cyberstrikeai
ip76.13.17.190	cyberstrikeai
ip38.190.225.166	android_fakeapp
ip38.190.225.167	android_fakeapp
ip38.190.225.179	android_fakeapp
ip179.43.186.239	gosimpletunnel
ip94.125.103.45	c2_panel
ip147.93.147.46	vacbot
ip147.93.181.178	vacbot
ip66.94.114.97	vacbot
ip178.170.220.14	yorotrooper
ip195.201.194.107	apt_lazarus
ip212.193.2.162	yorotrooper
ip45.130.146.197	yorotrooper
ip178.105.197.117	c2_panel
ip62.97.160.112	c2_panel
ip84.215.61.54	c2_panel
ip5.252.155.252	c2_panel

Domain

Value	Description	Copy
domainclavdiyaivanon.com	osx_atomic
domaincloudfilebridge.com	osx_atomic
domainfileamberrocket.sbs	osx_atomic
domainfilecobaltharbor.sbs	osx_atomic
domainfilecometblanket.sbs	osx_atomic
domainfileechoisland.sbs	osx_atomic
domainfileembergarden.sbs	osx_atomic
domainfilefalconbridge.sbs	osx_atomic
domainfilefrostengine.sbs	osx_atomic
domainfileglacierwallet.sbs	osx_atomic
domainfileivorysignal.sbs	osx_atomic
domainfilelotusbasket.sbs	osx_atomic
domainfilemintcastle.sbs	osx_atomic
domainfilemistyplanet.sbs	osx_atomic
domainfilemossmarket.sbs	osx_atomic
domainfileopalcoffee.sbs	osx_atomic
domainfilepearltractor.sbs	osx_atomic
domainfilequartzmachine.sbs	osx_atomic
domainfilerubyfolder.sbs	osx_atomic
domainfilesapphirecanvas.sbs	osx_atomic
domainfilesunsetcamera.sbs	osx_atomic
domainfilevaultsync.com	osx_atomic
domainfilevioletcastle.sbs	osx_atomic
domainfilewildflowerengine.sbs	osx_atomic
domainitemacnow.com	osx_atomic
domainsmartcloudfiles.com	osx_atomic
domainbanmet.icu	android_fvncbot
domaincdn.iquenme.shop	android_fvncbot
domainiuybna.icu	android_fvncbot
domainoijnaet.icu	android_fvncbot
domainoomank.icu	android_fvncbot
domainqqebna.icu	android_fvncbot
domainwakamn.icu	android_fvncbot
domainybnmaga.icu	android_fvncbot
domainzebanme.icu	android_fvncbot
domainzzgabn.icu	android_fvncbot
domainaccess.ips-nifty.dns.navy	apt_kimsuky
domaindjhl.edoc.ips-bang.dynv6.net	apt_kimsuky
domainedoc-manc.dns.navy	apt_kimsuky
domainedoc-mane.dns.army	apt_kimsuky
domainedoc-one.dns.navy	apt_kimsuky
domainedoc.ips-bang.dynv6.net	apt_kimsuky
domainedoc.ips-mew.dynv6.net	apt_kimsuky
domainedoc.pol-otp.dns.navy	apt_kimsuky
domaininfo.edoc-manc.dns.navy	apt_kimsuky
domaininfo.edoc-mane.dns.army	apt_kimsuky
domaininfo.edoc-one.dns.navy	apt_kimsuky
domainips-bang.dynv6.net	apt_kimsuky
domainips-mew.dynv6.net	apt_kimsuky
domainips-nifty.dns.navy	apt_kimsuky
domainmew-pol.dns.navy	apt_kimsuky
domainmld.edoc.pol-otp.dns.navy	apt_kimsuky
domainmood.navers.mew-pol.dns.navy	apt_kimsuky
domainmood.police-service.dns.army	apt_kimsuky
domainnavers.mew-pol.dns.navy	apt_kimsuky
domainndbp.political-view.dns.army	apt_kimsuky
domainpol-otp.dns.navy	apt_kimsuky
domainpolice-service.dns.army	apt_kimsuky
domainpolitical-view.dns.army	apt_kimsuky
domaintaeo.edoc.ips-mew.dynv6.net	apt_kimsuky
domainzxzc.edoc.ips-bang.dynv6.net	apt_kimsuky
domainclipviet.blog	asyncrat
domainnangcucz.blog	asyncrat
domaincryptolocker.nangcucz.blog	asyncrat
domaindridex.nangcucz.blog	asyncrat
domainemotet.nangcucz.blog	asyncrat
domainmalware.clipviet.blog	asyncrat
domainx.clipviet.blog	asyncrat
domainprinterdrvrs.com	netsupport
domainu8.asdasfa.com	netsupport
domain5w9y60z9yy.dynv6.net	apt_kimsuky
domainolympiapetemergency.com	osx_atomic
domainrudderwillow8.com	osx_atomic
domainiscanxlive.fun	osx_nova
domainiscanxlive.top	osx_nova
domainiscanxonline.top	osx_nova
domainopenclawxlive.fun	osx_nova
domainopenclawxlive.top	osx_nova
domainopenclawxtool.fun	osx_nova
domainopneclawai.club	osx_nova
domain00pr43.picid1fdl6.dynv6.net	apt_kimsuky
domain086k3a.93vf4b71cv.dynv6.net	apt_kimsuky
domain0a1fi7nsne.dynv6.net	apt_kimsuky
domain0grde8ebon.dns.army	apt_kimsuky
domain0sv8.qiz172u9i01.dns.army	apt_kimsuky
domain1br8jch4r2l.dns.army	apt_kimsuky
domain1gb5eoww4y.dynv6.net	apt_kimsuky
domain1jjrv5oset8.dns.navy	apt_kimsuky
domain1k2j842o08.dynv6.net	apt_kimsuky
domain1kgz2l.ze5aip8t1r.dynv6.net	apt_kimsuky
domain1l8wzyn09e.dynv6.net	apt_kimsuky
domain1lelpu.5jzttrmpkf.dynv6.net	apt_kimsuky
domain1w0izrjp8f.v6.navy	apt_kimsuky
domain238hl.sk48350fzc.v6.army	apt_kimsuky
domain249h2syiju.v6.army	apt_kimsuky
domain24ilry.sk48350fzc.v6.army	apt_kimsuky
domain26kp3x.jghs63qw5w.v6.army	apt_kimsuky
domain2cpuaxmkws.v6.army	apt_kimsuky
domain2ea1fm3lj0.v6.army	apt_kimsuky
domain2fmx5tfk22.dynv6.net	apt_kimsuky
domain2ohjwx1f7e.v6.navy	apt_kimsuky
domain2ra7.njkdhfptwn.dynv6.net	apt_kimsuky
domain2ta9vkc3b2.dns.navy	apt_kimsuky
domain2tj40eda2f.dynv6.net	apt_kimsuky
domain2vm4g1ro8j.dns.navy	apt_kimsuky
domain2yvl15.hfxq7cbqv5.dynv6.net	apt_kimsuky
domain3d3mt6lf1x.v6.army	apt_kimsuky
domain3gxf.du0oakjsbs.dynv6.net	apt_kimsuky
domain3ol2k.ie7up41y3x.dynv6.net	apt_kimsuky
domain3oqhgj.1l8wzyn09e.dynv6.net	apt_kimsuky
domain3sd5y62mi2.dynv6.net	apt_kimsuky
domain3t2jh7awf0.dynv6.net	apt_kimsuky
domain49wlf.3t2jh7awf0.dynv6.net	apt_kimsuky
domain4nu00ypt6u.dynv6.net	apt_kimsuky
domain4sifx.ug4kghrroou.dns.navy	apt_kimsuky
domain5a8zsghait2.dns.army	apt_kimsuky
domain5jzttrmpkf.dynv6.net	apt_kimsuky
domain5m2ub.jlej4dom3m.dynv6.net	apt_kimsuky
domain6545f.3sd5y62mi2.dynv6.net	apt_kimsuky
domain6hpgd.1br8jch4r2l.dns.army	apt_kimsuky
domain6pzmcnjfl7e.dns.navy	apt_kimsuky
domain733h2kubch.dynv6.net	apt_kimsuky
domain73tlkp3alr.dynv6.net	apt_kimsuky
domain77sg7t.2tj40eda2f.dynv6.net	apt_kimsuky
domain7f44zhxz1x2.dns.navy	apt_kimsuky
domain7itl05g1mj.dns.navy	apt_kimsuky
domain7l30nhkxuv.dynv6.net	apt_kimsuky
domain83cn.0grde8ebon.dns.army	apt_kimsuky
domain85xcwj.se4z5cvxnk.v6.navy	apt_kimsuky
domain8lqx92qwn3.v6.army	apt_kimsuky
domain93vf4b71cv.dynv6.net	apt_kimsuky
domain9a8zp.2ta9vkc3b2.dns.navy	apt_kimsuky
domain9jhf95.i3idbzcf7m.dynv6.net	apt_kimsuky
domain9k2i.73tlkp3alr.dynv6.net	apt_kimsuky
domain9ok90wamt4.dns.navy	apt_kimsuky
domain9u8dnvzzim.dynv6.net	apt_kimsuky
domaina1fi7nsne.dynv6.net	apt_kimsuky
domainauth-check-nvr.6545f.3sd5y62mi2.dynv6.net	apt_kimsuky
domainauth-check-nvr.77sg7t.2tj40eda2f.dynv6.net	apt_kimsuky
domainauth-check-nvr.hflax.ylhej608mk.dynv6.net	apt_kimsuky
domainauth-check-nvr.jpnqb.e6phj0xnr0.dynv6.net	apt_kimsuky
domainauth-check-nvr.ptdmu1.d9z5fqxt49.dynv6.net	apt_kimsuky
domainauth-check-nvr.ycq2.ylhej608mk.dynv6.net	apt_kimsuky
domainb45zyjuecl.dns.navy	apt_kimsuky
domainbbxnc.1k2j842o08.dynv6.net	apt_kimsuky
domainbrowse-naver.x8co6.2ohjwx1f7e.v6.navy	apt_kimsuky
domainbtee.dynuddns.net	apt_kimsuky
domainc9q0l37ffb.dns.navy	apt_kimsuky
domaincddp00ow2m.dynv6.net	apt_kimsuky
domaincgv8ijdqybf.dns.navy	apt_kimsuky
domainch4l.oz3oqqrrxl.dns.army	apt_kimsuky
domaincheck.nid-user.kro.kr	apt_kimsuky
domaincloud-doc.abrdns.com	apt_kimsuky
domainconfirm-ver.ttgdoc.cloud-ip.cc	apt_kimsuky
domainconnection.n-e.kr	apt_kimsuky
domaincount-doc.tax-doc.abrdns.com	apt_kimsuky
domaincox7y4ipua.dns.navy	apt_kimsuky
domaincpnikyd43jh.dns.army	apt_kimsuky
domaincupon-log.tax-kor.mytunnel.org	apt_kimsuky
domaind9z5fqxt49.dynv6.net	apt_kimsuky
domaindeliver-tax-auth.3ol2k.ie7up41y3x.dynv6.net	apt_kimsuky
domaindeliver-tax-auth.duqf6.nvet6v0ryy.dynv6.net	apt_kimsuky
domaindemp.tax-auth.ydns.eu	apt_kimsuky
domaindhif24bvt7.dynv6.net	apt_kimsuky
domaindjq2wz7jsv.dns.navy	apt_kimsuky
domaindoc-auth.check.nid-user.kro.kr	apt_kimsuky
domaindocinfo.cloud-ip.cc	apt_kimsuky
domaindu0oakjsbs.dynv6.net	apt_kimsuky
domainduqf6.nvet6v0ryy.dynv6.net	apt_kimsuky
domaine063y2.w6quflavdm.dynv6.net	apt_kimsuky
domaine6phj0xnr0.dynv6.net	apt_kimsuky
domaine6ro1jnzss.dynv6.net	apt_kimsuky
domainfak1.7l30nhkxuv.dynv6.net	apt_kimsuky
domainfiw.security.token-manage.o-r.kr	apt_kimsuky
domainfm4yoenkfru.dns.navy	apt_kimsuky
domainfmgu300wg6.dynv6.net	apt_kimsuky
domainfpau3zk7hi.dynv6.net	apt_kimsuky
domaingabia.kozow.com	apt_kimsuky
domaingbotlft7b7.dynv6.net	apt_kimsuky
domaingpi7ynn4oqp.dns.navy	apt_kimsuky
domainguider.serverpit.com	apt_kimsuky
domainhflax.ylhej608mk.dynv6.net	apt_kimsuky
domainhfxq7cbqv5.dynv6.net	apt_kimsuky
domainhgpzb1szps.v6.army	apt_kimsuky
domainhkn1a.il0qjijik3.v6.army	apt_kimsuky
domainhlbr31s20w.v6.army	apt_kimsuky
domainhrdxnu.zwrymm61og4.dns.army	apt_kimsuky
domaini0zhs.o46r3ey36xw.dns.navy	apt_kimsuky
domaini3idbzcf7m.dynv6.net	apt_kimsuky
domainie7up41y3x.dynv6.net	apt_kimsuky
domainil0qjijik3.v6.army	apt_kimsuky
domaininvoice.bumbleshrimp.com	apt_kimsuky
domaininvoicedoc.abrdns.com	apt_kimsuky
domainirg8gqizqz.dns.army	apt_kimsuky
domainivugt.irg8gqizqz.dns.army	apt_kimsuky
domainjfp9wd3hht.v6.army	apt_kimsuky
domainjghs63qw5w.v6.army	apt_kimsuky
domainjir0gq4huk.v6.army	apt_kimsuky
domainjlej4dom3m.dynv6.net	apt_kimsuky
domainjpnqb.e6phj0xnr0.dynv6.net	apt_kimsuky
domainkd0wcadw5v.dns.army	apt_kimsuky
domainke6jp62jt2.dynv6.net	apt_kimsuky
domainkgw0xm.fmgu300wg6.dynv6.net	apt_kimsuky
domainkqtc.uc78hw71gb.dynv6.net	apt_kimsuky
domainl5m2cxdaxjy.dns.navy	apt_kimsuky
domainl9rmt5.fmgu300wg6.dynv6.net	apt_kimsuky
domainldspau7pxy8.dns.navy	apt_kimsuky
domainlodni.ntesdoc.1cooldns.com	apt_kimsuky
domainluhp.xtfcnu7acx.v6.army	apt_kimsuky
domainly5x0d.p4nbsl4cli.dns.navy	apt_kimsuky
domainm0dfmjbfj7.dns.navy	apt_kimsuky
domainm5i7.qhwfwllupj.dynv6.net	apt_kimsuky
domainmaincert.1cooldns.com	apt_kimsuky
domainmbzgitbhj6.v6.navy	apt_kimsuky
domainmois-nid.i0zhs.o46r3ey36xw.dns.navy	apt_kimsuky
domainmos-nid.wazd9.7f44zhxz1x2.dns.navy	apt_kimsuky
domainmphfy4zbpb.v6.navy	apt_kimsuky
domainmvtv7vr0nr.dynv6.net	apt_kimsuky
domainnav-log.check.nid-user.kro.kr	apt_kimsuky
domainnaver-auth-tax.2ra7.njkdhfptwn.dynv6.net	apt_kimsuky
domainnaver-auth-tax.q83s.2fmx5tfk22.dynv6.net	apt_kimsuky
domainnaver-auth.s8liln.4nu00ypt6u.dynv6.net	apt_kimsuky
domainnchosedirect.connection.n-e.kr	apt_kimsuky
domainnchosedirect.maincert.1cooldns.com	apt_kimsuky
domainnchosedirect.nooeg.1cooldns.com	apt_kimsuky
domainndco.abrdns.com	apt_kimsuky
domainndcondi.nooeg.1cooldns.com	apt_kimsuky
domainndoc-post.cloud-ip.cc	apt_kimsuky
domainndoc.ndoctax.dns.navy	apt_kimsuky
domainndoc.nidcloud.dns.army	apt_kimsuky
domainndoctax.dns.navy	apt_kimsuky
domainndsp-ventor.ndoc-post.cloud-ip.cc	apt_kimsuky
domainnem1fg.ucc8pb4qud.v6.army	apt_kimsuky
domainnid-auth-tax.9jhf95.i3idbzcf7m.dynv6.net	apt_kimsuky
domainnid-doc-auth.00pr43.picid1fdl6.dynv6.net	apt_kimsuky
domainnid-doc-auth.1lelpu.5jzttrmpkf.dynv6.net	apt_kimsuky
domainnid-doc-auth.2yvl15.hfxq7cbqv5.dynv6.net	apt_kimsuky
domainnid-doc-auth.3gxf.du0oakjsbs.dynv6.net	apt_kimsuky
domainnid-doc-auth.9k2i.73tlkp3alr.dynv6.net	apt_kimsuky
domainnid-doc-auth.bbxnc.1k2j842o08.dynv6.net	apt_kimsuky
domainnid-doc-auth.nyhf.hfxq7cbqv5.dynv6.net	apt_kimsuky
domainnid-log.9a8zp.2ta9vkc3b2.dns.navy	apt_kimsuky
domainnid-log.yml63.cox7y4ipua.dns.navy	apt_kimsuky
domainnid-session.govt.hu	apt_kimsuky
domainnid-tax-auth.49wlf.3t2jh7awf0.dynv6.net	apt_kimsuky
domainnid-tax-doc.1kgz2l.ze5aip8t1r.dynv6.net	apt_kimsuky
domainnid-tax-doc.5m2ub.jlej4dom3m.dynv6.net	apt_kimsuky
domainnid-tax-doc.e063y2.w6quflavdm.dynv6.net	apt_kimsuky
domainnid-tax-doc.hkn1a.il0qjijik3.v6.army	apt_kimsuky
domainnid-tax-doc.m5i7.qhwfwllupj.dynv6.net	apt_kimsuky
domainnid-tax.abrdns.com	apt_kimsuky
domainnid-user.kro.kr	apt_kimsuky
domainnid.ndoctax.dns.navy	apt_kimsuky
domainnid.nloginvoice.dns.navy	apt_kimsuky
domainnid.nusersec.dns.navy	apt_kimsuky
domainnidauth.4sifx.ug4kghrroou.dns.navy	apt_kimsuky
domainnidcloud.dns.army	apt_kimsuky
domainnidtax.hrdxnu.zwrymm61og4.dns.army	apt_kimsuky
domainnidtax.ntndoc.abrdns.com	apt_kimsuky
domainnidtax.o4e82.5a8zsghait2.dns.army	apt_kimsuky
domainninvoice.nloginvoice.dns.navy	apt_kimsuky
domainninvoice.ntsscan.dns.navy	apt_kimsuky
domainninvoice.nusersec.dns.navy	apt_kimsuky
domainninvoice.nusetx.dns.army	apt_kimsuky
domainnjkdhfptwn.dynv6.net	apt_kimsuky
domainnjnbm6648f.dns.navy	apt_kimsuky
domainnloginvoice.dns.navy	apt_kimsuky
domainnooeg.1cooldns.com	apt_kimsuky
domainnopts.xubi.org	apt_kimsuky
domainnp-doc-nid.85xcwj.se4z5cvxnk.v6.navy	apt_kimsuky
domainnps-hall.cloud-ip.cc	apt_kimsuky
domainnpskol.1cooldns.com	apt_kimsuky
domainnstlog.store	apt_kimsuky
domainnt-deliver.cloud-ip.cc	apt_kimsuky
domainntax.abrdns.com	apt_kimsuky
domainntclss.cloud-ip.cc	apt_kimsuky
domainntdocs.abrdns.com	apt_kimsuky
domainntesdoc.1cooldns.com	apt_kimsuky
domainntexq.mydns.vc	apt_kimsuky
domainntlog.gabia.kozow.com	apt_kimsuky
domainntlog.upd-log.ezgateway.net	apt_kimsuky
domainntndoc.abrdns.com	apt_kimsuky
domainnts-load.twilightparadox.com	apt_kimsuky
domainntsdoc.dynuddns.com	apt_kimsuky
domainntsg.tvoice-doc.ddnsguru.com	apt_kimsuky
domainntsscan.dns.navy	apt_kimsuky
domainnupt-log.dynuddns.com	apt_kimsuky
domainnusersec.dns.navy	apt_kimsuky
domainnusetx.dns.army	apt_kimsuky
domainnusr-doc.83cn.0grde8ebon.dns.army	apt_kimsuky
domainnusr-doc.ch4l.oz3oqqrrxl.dns.army	apt_kimsuky
domainnusr-doc.st2zeg.y4rs6m4w3z.dns.army	apt_kimsuky
domainnusrdoc.1cooldns.com	apt_kimsuky
domainnv-team.mysynology.net	apt_kimsuky
domainnvere-log.abrdns.com	apt_kimsuky
domainnvet6v0ryy.dynv6.net	apt_kimsuky
domainnvoice.flashhub.net	apt_kimsuky
domainnvoice.nv-team.mysynology.net	apt_kimsuky
domainnvoictax.6hpgd.1br8jch4r2l.dns.army	apt_kimsuky
domainnyhf.hfxq7cbqv5.dynv6.net	apt_kimsuky
domaino46r3ey36xw.dns.navy	apt_kimsuky
domaino4e82.5a8zsghait2.dns.army	apt_kimsuky
domainomtj8m.qj4xml8hxh.dynv6.net	apt_kimsuky
domainomyfdwsxnd.dns.army	apt_kimsuky
domainoz3oqqrrxl.dns.army	apt_kimsuky
domainp4nbsl4cli.dns.navy	apt_kimsuky
domainp9tfgmd5r5.v6.army	apt_kimsuky
domainp9woh.qj4xml8hxh.dynv6.net	apt_kimsuky
domainpay-voice.cloud-ip.cc	apt_kimsuky
domainpd-redirect.cloud-ip.cc	apt_kimsuky
domainperfect.bumbleshrimp.com	apt_kimsuky
domainpgul.gbotlft7b7.dynv6.net	apt_kimsuky
domainpicid1fdl6.dynv6.net	apt_kimsuky
domainpsxyqs93is.dynv6.net	apt_kimsuky
domainptdmu1.d9z5fqxt49.dynv6.net	apt_kimsuky
domainq83s.2fmx5tfk22.dynv6.net	apt_kimsuky
domainqhwfwllupj.dynv6.net	apt_kimsuky
domainqiz172u9i01.dns.army	apt_kimsuky
domainqj4xml8hxh.dynv6.net	apt_kimsuky
domainqs0gvu97ec.dynv6.net	apt_kimsuky
domainr7xy4u626e.dynv6.net	apt_kimsuky
domainrea5wljzgp.dns.army	apt_kimsuky
domainredirect-nid.ivugt.irg8gqizqz.dns.army	apt_kimsuky
domains8liln.4nu00ypt6u.dynv6.net	apt_kimsuky
domainse4z5cvxnk.v6.navy	apt_kimsuky
domainsecurity.token-manage.o-r.kr	apt_kimsuky
domainsecurityconfirm.perfect.bumbleshrimp.com	apt_kimsuky
domainshdgud.abrdns.com	apt_kimsuky
domainsi63k8gmso.v6.army	apt_kimsuky
domainsk48350fzc.v6.army	apt_kimsuky
domainst2zeg.y4rs6m4w3z.dns.army	apt_kimsuky
domainvpnwhitelist.ru	gosimpletunnel
domainst406.m0dfmjbfj7.dns.navy	apt_kimsuky
domainstatistics.mysynology.net	apt_kimsuky
domainsuyny3rnd6.v6.army	apt_kimsuky
domaintalkcloud.abrdns.com	apt_kimsuky
domaintax-auth-notification.238hl.sk48350fzc.v6.army	apt_kimsuky
domaintax-auth-notification.24ilry.sk48350fzc.v6.army	apt_kimsuky
domaintax-auth-notification.26kp3x.jghs63qw5w.v6.army	apt_kimsuky
domaintax-auth-notification.luhp.xtfcnu7acx.v6.army	apt_kimsuky
domaintax-auth-notification.tvua0.suyny3rnd6.v6.army	apt_kimsuky
domaintax-auth-notification.udw1vs.suyny3rnd6.v6.army	apt_kimsuky
domaintax-auth.ydns.eu	apt_kimsuky
domaintax-deliver-auth.3oqhgj.1l8wzyn09e.dynv6.net	apt_kimsuky
domaintax-deliver-auth.fak1.7l30nhkxuv.dynv6.net	apt_kimsuky
domaintax-deliver-auth.y26b.r7xy4u626e.dynv6.net	apt_kimsuky
domaintax-deliver-auth.zsp8.0a1fi7nsne.dynv6.net	apt_kimsuky
domaintax-doc.abrdns.com	apt_kimsuky
domaintax-guide.abrdns.com	apt_kimsuky
domaintax-kor.mytunnel.org	apt_kimsuky
domaintax-link-nid.kgw0xm.fmgu300wg6.dynv6.net	apt_kimsuky
domaintax-link-nid.kqtc.uc78hw71gb.dynv6.net	apt_kimsuky
domaintax-link-nid.l9rmt5.fmgu300wg6.dynv6.net	apt_kimsuky
domaintax-link-nid.omtj8m.qj4xml8hxh.dynv6.net	apt_kimsuky
domaintax-link-nid.p9woh.qj4xml8hxh.dynv6.net	apt_kimsuky
domaintax-link-nid.pgul.gbotlft7b7.dynv6.net	apt_kimsuky
domaintax-link-nid.y8f3.9u8dnvzzim.dynv6.net	apt_kimsuky
domaintax-link-nid.yrpwqd.ke6jp62jt2.dynv6.net	apt_kimsuky
domaintax.petfoodkorea.kr	apt_kimsuky
domaintaxinvoice.mydns.jp	apt_kimsuky
domaintdoc-noreply.ly5x0d.p4nbsl4cli.dns.navy	apt_kimsuky
domaintdoc-noreply.st406.m0dfmjbfj7.dns.navy	apt_kimsuky
domaintdoc.cloud-ip.cc	apt_kimsuky
domaintdrive.camdvr.org	apt_kimsuky
domainte2kmk0f5x.v6.army	apt_kimsuky
domaintech-nid.nem1fg.ucc8pb4qud.v6.army	apt_kimsuky
domaintguidelink.0sv8.qiz172u9i01.dns.army	apt_kimsuky
domaintguider.cloud-ip.cc	apt_kimsuky
domaintoken-manage.o-r.kr	apt_kimsuky
domaintriect.abrdns.com	apt_kimsuky
domainttgdoc.cloud-ip.cc	apt_kimsuky
domainttsuget.nvoice.flashhub.net	apt_kimsuky
domaintvoice-doc.ddnsguru.com	apt_kimsuky
domaintvua0.suyny3rnd6.v6.army	apt_kimsuky
domaintx-reply.server-on.net	apt_kimsuky
domainuc78hw71gb.dynv6.net	apt_kimsuky
domainucc8pb4qud.v6.army	apt_kimsuky
domainudw1vs.suyny3rnd6.v6.army	apt_kimsuky
domainug4kghrroou.dns.navy	apt_kimsuky
domainuh431hluirw.dns.navy	apt_kimsuky
domainupd-log.ezgateway.net	apt_kimsuky
domainve-us.check.nid-user.kro.kr	apt_kimsuky
domainvmdm9xw4swx.dns.navy	apt_kimsuky
domainw6quflavdm.dynv6.net	apt_kimsuky
domainwazd9.7f44zhxz1x2.dns.navy	apt_kimsuky
domainwlxvtiw7h7.v6.army	apt_kimsuky
domainx21a945ebj.v6.army	apt_kimsuky
domainx8co6.2ohjwx1f7e.v6.navy	apt_kimsuky
domainxtfcnu7acx.v6.army	apt_kimsuky
domainy26b.r7xy4u626e.dynv6.net	apt_kimsuky
domainy4rs6m4w3z.dns.army	apt_kimsuky
domainy8f3.9u8dnvzzim.dynv6.net	apt_kimsuky
domainycq2.ylhej608mk.dynv6.net	apt_kimsuky
domainylhej608mk.dynv6.net	apt_kimsuky
domainyml63.cox7y4ipua.dns.navy	apt_kimsuky
domainyrpwqd.ke6jp62jt2.dynv6.net	apt_kimsuky
domainze5aip8t1r.dynv6.net	apt_kimsuky
domainzp2mfm42al.v6.army	apt_kimsuky
domainzsp8.0a1fi7nsne.dynv6.net	apt_kimsuky
domainzwrymm61og4.dns.army	apt_kimsuky
domainnoreplynever.ydns.eu	apt_kimsuky
domainhtax-login.nts-kr.dns.army	apt_kimsuky
domainnts-kr.dns.army	apt_kimsuky
domaindiplokb.cyou	lummac2
domainmicrosoft-updates-windows.servehttp.com	yorotrooper
domaincewwq.xyz	android_roamingmantis
domaindfreygr.cewwq.xyz	android_roamingmantis
domainhelios.fancybear.xyz	c2_panel
domainviolet-tricky-quelea-562.mypinata.cloud	hacked_npmrepos
domainorizsuaeo-jp.icu	apt_kimsuky
domainthuide.bumbleshrimp.com	apt_kimsuky
domain5pj699tmhd.dynv6.net	apt_kimsuky
domainar2aqxha855.dns.navy	apt_kimsuky
domainhkt77mguo03.dns.navy	apt_kimsuky
domains62zzsmd7cq.dns.navy	apt_kimsuky
domainuykqg44ikx.v6.army	apt_kimsuky
domainwcatc7r8701.dns.navy	apt_kimsuky
domainbytonrian.com	apt_unc2465
domaincamarillotowing.com	apt_unc2465
domainsparklingsenior.com	apt_unc2465
domaintokhu.top	apt_unc2465
domainusbouldering.com	apt_unc2465
domainacrence-racked.com	osx_atomic
domainardentscrips.com	osx_atomic
domainbaceurierprixists.com	osx_atomic
domainchiganhonsubber.com	osx_atomic
domaincid.echoatlas.xyz	osx_atomic
domainciraqi-sampumps.com	osx_atomic
domainclick.beasttrackad.online	osx_atomic
domainclk.age-defier.com	osx_atomic
domaincomentcomens.com	osx_atomic
domaincoolkshop-scrences.com	osx_atomic
domaincoppentalmedits.com	osx_atomic
domaind1ng0op1m0ewnr.cloudfront.net	osx_atomic
domaind7jy4scahojcu.cloudfront.net	osx_atomic
domaindirojiebgu.pro	osx_atomic
domainethequaldouter.com	osx_atomic
domainfun.playnoxx.com	osx_atomic
domaingo.alwayswilling.ai	osx_atomic
domaingo.deegoodstuff.com	osx_atomic
domaingo.deri.la	osx_atomic
domaingo.myinsurlab.com	osx_atomic
domaingo.traildiv.com	osx_atomic
domaingo.wwwtrk.com	osx_atomic
domaingoactiveclick.site	osx_atomic
domaininfo.top10singleboersen.com	osx_atomic
domainkugazuupy.pro	osx_atomic
domainletivesgenning.com	osx_atomic
domainmativingterous.com	osx_atomic
domainmuntingpanging.com	osx_atomic
domainnicking-unding.com	osx_atomic
domainobvalsapprolved.com	osx_atomic
domainolysished-peekly.com	osx_atomic
domainordianafainewal.com	osx_atomic
domainourcense-pixesian.com	osx_atomic
domainprogoodsartening.com	osx_atomic
domainscreatlystortion.com	osx_atomic
domainsentlydunialty.com	osx_atomic
domainssl.vitalratgeber24.com	osx_atomic
domainsuberty-theadius.xyz	osx_atomic
domainthernator-mysineral.com	osx_atomic
domaintick.fashvision.com	osx_atomic
domaintrack.basedgelab.com	osx_atomic
domaintrack.exclick.xyz	osx_atomic
domaintrack.fabuloustrack.com	osx_atomic
domaintrack.fearzboom.com	osx_atomic
domaintrack.hawkeyedtracking.com	osx_atomic
domaintrack.openshield.com	osx_atomic
domaintrack.ourtrk.com	osx_atomic
domaintrack.petpriority.co	osx_atomic
domaintrack.tankxbaby.com	osx_atomic
domaintracking.angelinos.com	osx_atomic
domaintracking.financialtrendline.com	osx_atomic
domaintracking.greentavio.com	osx_atomic
domaintracking.vitalvista.xyz	osx_atomic
domaintracks.esperti-udito.com	osx_atomic
domaintrk.bangmilfstoday.com	osx_atomic
domaintrk.selectedbookies.co.uk	osx_atomic
domainversitypokirts.com	osx_atomic
domain2zoouumin.com	fakeapp
domain360yvos.com	fakeapp
domainadobeviewpdf.online	fakeapp
domainbestbiddy.com	fakeapp
domainbestcameraup.com	fakeapp
domainbestelectricpicks.com	fakeapp
domainbestsawzone.com	fakeapp
domainbestsowftware.com	fakeapp
domainblue-preview.info	fakeapp
domainblvas.online	fakeapp
domaincandulalydateams.top	fakeapp
domaincloudteamupdata.top	fakeapp
domaincurrentdate.top	fakeapp
domaincurrentme.top	fakeapp
domaindiamondexchangeus.store	fakeapp
domaindocumentviwxle.com	fakeapp
domaindpgamer.com	fakeapp
domainearn-smarter.com	fakeapp
domainentsecuremsg.com	fakeapp
domainentsecurremsg.com	fakeapp
domainexploreweb3dappwalletrestore.com	fakeapp
domaingoogleeemeet.click	fakeapp
domaingooglemeeets.click	fakeapp
domaingooglemeeting.org	fakeapp
domaingooglemeetings.click	fakeapp
domaingooglemeets.cfd	fakeapp
domaingooglemeets.click	fakeapp
domainguardmessaging.com	fakeapp
domainharraiyatimes.com	fakeapp
domainheavenoff.com	fakeapp
domainhi5video.com	fakeapp
domainhistoricalsocietyoflakeworth.org	fakeapp
domaininfotauro.com	fakeapp
domaininfotourism.info	fakeapp
domaininvitation-live.com	fakeapp
domaininvitationletter.click	fakeapp
domainiranbus.net	fakeapp
domainithithanamelankavu.com	fakeapp
domainjaratii.com	fakeapp
domainjitosol-download.xyz	fakeapp
domainjohndavis-millivanilli.com	fakeapp
domainkeassembly.org	fakeapp
domainkoiranengp.com	fakeapp
domainlaplumedejade.com	fakeapp
domainlatestupdatecloud.us	fakeapp
domainmagnumbet88.com	fakeapp
domainmankoaawaz.com	fakeapp
domainmsteamsmeeeting.com	fakeapp
domainmurreehill.com	fakeapp
domainmybestmonitor.com	fakeapp
domainnewtick.org	fakeapp
domainnutrimartbd.com	fakeapp
domainorizaa.in	fakeapp
domainpalmdesertsistercities.com	fakeapp
domainpaysmorlaixenvironnement.info	fakeapp
domainpinpointpromote.com	fakeapp
domainplqosayq.online	fakeapp
domainshonendaily.com	fakeapp
domainsoftwarebygeeks10.online	fakeapp
domainstiglianoeventi.org	fakeapp
domainstreamingcommunityz.pics	fakeapp
domaint5sis.com	fakeapp
domainteamscloudata.top	fakeapp
domainthetravelupdates.com	fakeapp
domaintopbesttv.com	fakeapp
domaintraveltosantamarta.com	fakeapp
domainturismocordoba.info	fakeapp
domainufabet.inc	fakeapp
domainus03web-invitee.top	fakeapp
domainus04web.org	fakeapp
domainus05webinterviewsession.com	fakeapp
domainuswebin03acc.top	fakeapp
domainwa-s1.serverpanel.com	fakeapp
domainwa-s1.serverpanel.net	fakeapp
domainznrsign2x2nz3-document-view.online	fakeapp
domainzoom4usweb.com	fakeapp
domainzoommeetingnjoin.com	fakeapp
domainzoouummeetin.com	fakeapp
domainzupet.co	fakeapp
domainhuyajn.icu	android_fvncbot
domaininamety.icu	android_fvncbot
domainoiklaet.icu	android_fvncbot
domainubnamn.icu	android_fvncbot
domainyybane.icu	android_fvncbot

Threat ID: 6a14663ba5ae1af1aaab5a86

Added to database: 5/25/2026, 3:09:47 PM

Last enriched: 5/25/2026, 3:24:51 PM

Last updated: 5/26/2026, 2:23:14 AM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited

View courses

Maltrail IOC for 2026-05-25

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

Maltrail IOC for 2026-05-25

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Technical Details

Indicators of Compromise

Url

Ip

Domain

Community Reviews

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility

Maltrail IOC for 2026-05-25

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

Maltrail IOC for 2026-05-25

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Technical Details

Indicators of Compromise

Url

Ip

Domain

Community Reviews

Related Threats

ThreatFox IOCs for 2026-05-25

RemotePE: The Lazarus RAT that lives in memory

TeamPCP Supply Chain Campaign: Activity Through 2026-05-24, (Mon, May 25th)

Suspicious ass website asking to run a terminal command (MacOS)

Laravel-Lang Packages Poisoned for Malware Delivery

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility