Reconnecting to live updates…

Maltrail IOC for 2026-06-02

Severity: mediumType: malware

AI Analysis

Technical Summary

The report details a malware IOC identified by Maltrail on 2026-06-02, sourced from CIRCL OSINT Feed. It represents an observation of network activity linked to malware but lacks specific technical indicators, affected software versions, or exploit details. No patch or fix is applicable as this is an IOC rather than a vulnerability. The IOC is tagged with medium risk and is intended for threat intelligence and monitoring purposes.

Potential Impact

The impact is limited to threat detection and situational awareness. There is no direct vulnerability or exploit described, so no immediate compromise or damage is indicated. Organizations can use this IOC to enhance detection capabilities but should not expect direct remediation actions from this report.

Mitigation Recommendations

No patch or official remediation is available or required for this IOC. Organizations should incorporate the IOC into their detection and monitoring systems as appropriate. No urgent action is mandated based on this report alone.

Indicators of Compromise

url: https://api.github.com/repos/stamparm/maltrail/commits/f04e78fc9e109400f740b2e34c86ad5630c7048a
domain: 0jr87375qt.v6.navy
domain: 2ecy51395u.v6.navy
domain: b8fq9189g6.dns.navy
domain: confirm1.moois-nid.remotewire.net
domain: cxmfcubfnq.dns.navy
domain: diaxwn61lp.dynv6.net
domain: dns-setup.remotewire.net
domain: e639kk.wjyx49u3cu3.dns.army
domain: egbzqa25gw.v6.navy
domain: health-doc.giize.com
domain: info.dns-setup.remotewire.net
domain: ip-cloud.theworkpc.com
domain: ips-doc.webredirect.org
domain: ips.dynuddns.net
domain: ispd.nts-write.remotewire.net
domain: jbyaa6xotk.v6.army
domain: lopm.webredirect.org
domain: mois-doc.roxa.org
domain: mois.mytunnel.org
domain: moois-nid.remotewire.net
domain: ms-cloud.ezgateway.net
domain: mybox.camdvr.org
domain: n-corp.hets12ex.dns.army
domain: n2gdnw08p4.dns.navy
domain: nav-log.moois-nid.remotewire.net
domain: naver.mywire.org
domain: ncodcnpass.dns.navy
domain: nd8f3lxih4.v6.navy
domain: ndoc.nid-sign.opik.net
domain: nid-nver.mybox.camdvr.org
domain: nid-sign.opik.net
domain: nid.ips-doc.webredirect.org
domain: nid.naver.mywire.org
domain: nid.ncodcnpass.dns.navy
domain: nid.nid-sign.opik.net
domain: nid.niws.mysynology.net
domain: nid.puoios.o-r.kr
domain: niws.mysynology.net
domain: nj1oayuy2o.dns.army
domain: nps-load.remotewire.net
domain: nst.mysynology.net
domain: nts-write.remotewire.net
domain: nudoc-check.e639kk.wjyx49u3cu3.dns.army
domain: nusrauth.gleeze.com
domain: passnid.lopm.webredirect.org
domain: puoios.o-r.kr
domain: r461wn14u1.dns.army
domain: support.nst.mysynology.net
domain: tahpuoto94.dns.army
domain: u4bhx3zo39.v6.navy
domain: udoc-nid.freeddns.org
domain: uxk-nid.nps-load.remotewire.net
domain: wjyx49u3cu3.dns.army
domain: x6nnfysecw.v6.navy
domain: xblhfkri2q.dns.army
url: https://api.github.com/repos/stamparm/maltrail/commits/ebd1000999f6fd3b8a0aa53ae6a24f3ead3e6059
url: https://urlscan.io/result/019e8775-e654-735c-b730-e6f4e64ea3a0
domain: remotewire.net
url: https://api.github.com/repos/stamparm/maltrail/commits/4ce92d25d687727fddae6a2f3d90befd31e9cb11
domain: montgqd.cyou
url: https://api.github.com/repos/stamparm/maltrail/commits/d2932d53a18a83c7beb6bd03c910f4b8694def1b
domain: a93xkcs4y2.v6.army
domain: edoc-mand.dns.army
domain: er-edoc.ezgateway.net
domain: ercmpola21s.dynv6.net
domain: ercmpola41s.dynv6.net
domain: ercmpola64s.dynv6.net
domain: ercmpola75s.dynv6.net
domain: ercmpola77s.dynv6.net
domain: ercmpola79s.dynv6.net
domain: ercmpola87s.dynv6.net
domain: ercmpola8s.dynv6.net
domain: info.edoc-mand.dns.army
domain: naver.cloudbarfbag.com
domain: navs.ncodcoverify.dns.navy
domain: ncodcbcheck.dynv6.net
domain: ncodcjpass.dns.army
domain: ncodcnverify.dns.navy
domain: ncodcoverify.dns.navy
domain: ncodcpcheck.dns.navy
domain: ncodcqverify.dns.navy
domain: ncodctcheck.dns.navy
domain: ncodcuverify.dns.navy
domain: ncodcwcheck.dns.navy
domain: ncodcwpass.dns.navy
domain: ndocmpjjcoz.ntu5invoice.dynu.org
domain: nid.naver.cloudbarfbag.com
domain: nid.ncodcpcheck.dns.navy
domain: nidlogins.ncodcbcheck.dynv6.net
domain: nidlogins.ncodcnverify.dns.navy
domain: nidservers.ntpx13ee.dns.army
domain: npigoji16sv.dns.army
domain: npigoji18sv.dns.army
domain: npigoji8sv.dns.army
domain: npspartyapp0sv.dns.army
domain: ntpx13ee.dns.army
domain: ntpx15ee.dns.army
domain: ntu5invoice.dynu.org
domain: ntxesdoc38s.dynv6.net
domain: nvapptax39s.dynv6.net
domain: nvapptax43s.dynv6.net
domain: tech-nid.z1gd.a93xkcs4y2.v6.army
domain: ywcdrzkqzmo.dns.navy
domain: z1gd.a93xkcs4y2.v6.army
url: https://api.github.com/repos/stamparm/maltrail/commits/11754adcbc99f356fbb36eb23ad1c435c5e52c0a
domain: leeincidiin.com
domain: linkadiin.com
domain: linkjdeen.com
domain: pumpra.fun
url: https://api.github.com/repos/stamparm/maltrail/commits/31e4b1f4184dd909ca5aa6b67073f4873158cf5b
domain: prismrocket.top
url: https://api.github.com/repos/stamparm/maltrail/commits/2e7168e5e4a58762cb1e75e45ea2b84780e791b3
domain: frontsky.top
url: https://api.github.com/repos/stamparm/maltrail/commits/fa7c3046070b232e55c2093ef44da823a0eb95f4
domain: coppervoyager.top
url: https://api.github.com/repos/stamparm/maltrail/commits/2a39fe6a3d9729ab77afc8a54356a3002cdb0a3d
domain: agbnbne.icu
domain: ahjnmt.icu
domain: cdn.qqebna.icu
domain: oojnme.icu
domain: qqerfge.icu
domain: segbnn.icu
domain: ssadfe.icu
domain: uijnne.icu
domain: uyanbn.icu
domain: zeqfge.icu
domain: zzafgeb.icu
url: https://api.github.com/repos/stamparm/maltrail/commits/88c7515411478029b7b9e25064ae0fc167e5ce0e
domain: linomu.com
domain: whiteharvest.top
url: https://api.github.com/repos/stamparm/maltrail/commits/5bc1f6f2261a4c44e82e6d525cd62c1f46e67f1f
domain: dist-ctroy.top
domain: fliqkera.com
domain: goldenvectorlab.top
domain: khaosyn.top
domain: powerjolytia.com
domain: silentmatrix.top
domain: velvetsignal.top
url: https://api.github.com/repos/stamparm/maltrail/commits/cc75c74f9677432fd4a8ef508e87f67e19579b5a
domain: fresicrto.top
domain: gralino.top
url: https://api.github.com/repos/stamparm/maltrail/commits/abe487f0a72ca7339f6f52f11cb14802808f4d6e
domain: alcovemac.com
domain: alcovemac.net
domain: cleanmymacos.net
domain: getmaccy.click
domain: maccyapp.com
domain: maccyapp.net
domain: macrepair.help
url: https://api.github.com/repos/stamparm/maltrail/commits/17697a8a56986c443f68fed2e23b88844b5dcd01
ip: 82.158.88.99
domain: kali.aeyehub.net
url: https://api.github.com/repos/stamparm/maltrail/commits/5af363e25ecccbacc9dbe6f417ff64f72216c210
domain: arcylianquanta.com
domain: austinportapotty.com
domain: drenslio.it.com
domain: nodevarianlabs.com
url: https://api.github.com/repos/stamparm/maltrail/commits/a0d0c89e869c1a7136960acfb421c01fb234c8d1
url: https://x.com/masaomi346/status/2061630833644228967
domain: aspen32.com
url: https://api.github.com/repos/stamparm/maltrail/commits/0585824f4441dbc6b2999f0d809fd2f049ab301a
domain: vodka777bet.com
url: https://api.github.com/repos/stamparm/maltrail/commits/01de6e2e3f1bb28501e447e71035d3d9376f555a
domain: cdn.xviralhub.com
domain: chickroadbet.com
domain: chickroaditalia.com
domain: dapurmanda.com
domain: dbshop.org
domain: dubaimodelscatalog.top
domain: freedyn.net
domain: igromafia.com
domain: igromafia.info
domain: igromafia.org
domain: linkbaba.fun
domain: linkraja.fun
domain: musichub-streampro-70e4870a-5255.omnicoder.app
domain: news.rarib.org
domain: parimatch-review.in
domain: qoob.name
domain: rarib.net
domain: rarib.org
domain: redcity-industries.de
domain: sloturismart.ro
domain: teratube.net
domain: wallspace4k.com
domain: wealthbridgemarkets.com
domain: xviralhub.com
url: https://api.github.com/repos/stamparm/maltrail/commits/c8158acee80c40388685969d59a4ceb9ba5c5e44
domain: 96.wallspacemac.com
domain: filearcticsignal.online
domain: fileblossommeteor.online
domain: filecrystalharbor.online
domain: filegoldenecho.com
domain: fileoceanmachine.online
domain: filepolarfolder.online
domain: fileravenharbor.online
domain: filesilvercomet.com
domain: getmaccy.app
domain: getmaccy.net
domain: gp.macos-wallspace.com
domain: gx.macos-wallspace.net
domain: macos-wallspace.com
domain: macos-wallspace.net
domain: tickerpadapp.com
domain: wallspacemac.com
domain: xo.getmaccy.app
url: https://api.github.com/repos/stamparm/maltrail/commits/d46d1445444e43363c4d90369229392ebcbee42f
domain: dapingceng7788.com
url: https://api.github.com/repos/stamparm/maltrail/commits/9e6358dcb28cac60ef1cd1c0c1746c5e99149356
ip: 178.236.252.62
ip: 185.100.157.12
ip: 185.100.157.14
ip: 193.221.200.111
ip: 193.221.200.230
ip: 45.150.34.115
ip: 77.91.97.121
url: https://api.github.com/repos/stamparm/maltrail/commits/d46913c18ae0e0924bd8ef2ae69926d86fa1dbd2
url: https://x.com/blackorbird/status/2061110101264789983
url: https://www.silentpush.com/blog/drivesurge
url: https://www.virustotal.com/gui/ip-address/178.16.53.137/relations
domain: dnsnewtds.shop
domain: dntds.shop
domain: ntdnewtds.shop
domain: nttdss.shop
domain: sdntds.shop
domain: tdsio.shop
url: https://api.github.com/repos/stamparm/maltrail/commits/6f73256d94ba1dd985417b7d7004e087009eaae7
url: https://www.virustotal.com/gui/file/18af97e74b4461e938ff17bda0a0cbc68780bbca6d1de74b37c80c2afcdc55bb/detection
domain: banerpanel.live
url: https://api.github.com/repos/stamparm/maltrail/commits/dc29cd80cbf40d3991d2877517d482fb5b3c7984
url: https://blog.sekoia.io/fsbs-matryoshka-1-3-gamaredons-gifts-that-keeps-unpacking-gammaphish-and-gammaworm
domain: quitethepastry.ru
domain: zsjtn41091.workers.dev
domain: bold.zsjtn41091.workers.dev
url: https://api.github.com/repos/stamparm/maltrail/commits/b282e97d56cb2baffeee5ddafaa6552456670941
url: https://www.virustotal.com/gui/file/7aa15de93cf85729ddf970e8d7897f69ece3ca29608f73e784a9ba40c9cea18d/detection
ip: 147.45.42.205
url: https://api.github.com/repos/stamparm/maltrail/commits/5ba5a00f54fd39d754f8d90a42ed6b0e00289c78
url: https://x.com/blackorbird/status/2061386428559548759
ip: 112.213.116.170
ip: 118.107.24.242
ip: 118.107.24.243
ip: 118.107.32.155
ip: 118.107.40.48
ip: 118.107.47.76
ip: 118.107.47.78
ip: 134.122.183.142
ip: 137.220.229.16
ip: 137.220.229.5
ip: 14.128.50.26
ip: 143.92.48.15
ip: 143.92.52.183
ip: 143.92.53.134
ip: 143.92.53.251
ip: 143.92.56.180
ip: 143.92.56.81
ip: 143.92.56.8
ip: 143.92.57.29
ip: 143.92.63.213
ip: 143.92.63.214
ip: 143.92.63.247
ip: 143.92.63.249
ip: 192.252.176.48
ip: 202.79.168.144
ip: 202.79.168.160
ip: 202.79.171.149
ip: 202.79.174.219
ip: 202.79.175.100
ip: 202.95.11.163
ip: 202.95.11.179
ip: 202.95.14.218
ip: 202.95.14.230
ip: 202.95.14.241
ip: 202.95.14.252
ip: 27.124.12.72
ip: 27.124.17.11
ip: 27.124.17.18
ip: 27.124.2.196
ip: 27.124.2.214
ip: 27.124.20.237
ip: 27.124.20.238
ip: 27.124.34.143
ip: 27.124.34.144
ip: 27.124.41.92
ip: 27.124.42.32
ip: 27.124.42.39
ip: 27.124.42.48
ip: 27.124.42.50
ip: 27.124.42.51
ip: 27.124.45.61
url: https://api.github.com/repos/stamparm/maltrail/commits/71cd5f031360494a554059db26598b50177e655c
domain: 0nwfyg62.onja1bet.com
domain: 1aed1cm5.cloudzone.com.tr
domain: 30tr04n4gr4m4.cndb-jsdelivr-net.christmas
domain: 4iod03t4.eutoor.com
domain: 509ukk9c.enf90.vip
domain: 635k6cma.uniquetilingsa.com.au
domain: 6feq96px.eutoor.com
domain: 7d6da0ri.axee.net
domain: 96mjt1sb.axee.net
domain: 99ytipqf.mayochem.com
domain: 9nwu3map.jetform.football
domain: a0sadcof.ogabbet.com
domain: a1bpvfc4.enfejar2.com
domain: archive-shlyah.digital
domain: byjsjzzd.byte-relay.digital
domain: byte-relay.digital
domain: chernichco5t.digital
domain: cloudzone.tr
domain: cndb-jsdelivr-net.christmas
domain: cw5zuej3.baxus.net
domain: dettyquu.quantum-vault.digital
domain: ef8qorio.latat-long.digital
domain: ff4ekbmd.7lf.net
domain: gfwbeo2g.7lf.net
domain: gnetier6.hegong-tools.com
domain: htcaqoat.universaltyresautos.com.au
domain: i0gxewzq.webuyurcar.com.au
domain: jkxbmyut.latat-long.digital
domain: k5k1f5zd.cloudzone.tr
domain: klga3rph.easyprocode.com
domain: latat-long.digital
domain: mjvdhq4d.destek1.com
domain: o8x1lij5.archive-shlyah.digital
domain: p4nkss83.alsulmicpa.com
domain: pengzsout.christmas
domain: ps10z3qz.eutoor.com
domain: quantum-vault.digital
domain: runtime-foundry.digital
domain: rzdwkgtc.chernichco5t.digital
domain: s61j30vp.snugglebloom.com.au
domain: sax166rh.funkboi.com
domain: udyvsthy.quantum-vault.digital
domain: vekdf8au.srlashnbrow.com.au
url: https://api.github.com/repos/stamparm/maltrail/commits/214c4a9a78d395e4b62aa1158fc589aa9b392e4c
domain: hdkskwkwgg.shop
domain: hdkskwkwgg.today
url: https://api.github.com/repos/stamparm/maltrail/commits/dd03aece78b9dafbcc376e5d1e148c0dcc7984ff
ip: 209.99.184.44
ip: 45.225.135.25
ip: 85.192.38.178
url: https://api.github.com/repos/stamparm/maltrail/commits/186a2e23e83358c7c3ee3de84b044c3ce70ce689
url: https://api.github.com/repos/stamparm/maltrail/commits/abf28baf4dcb0eed7b9fd2ad23dbc2df76e903eb
url: https://x.com/malwrhunterteam/status/2061777691758498296
url: https://www.virustotal.com/gui/file/c3fa88eaee2c12c7b17812184d9f6cdf570275e88ab096d909cddf2a82d04257/detection
domain: larpers.fun
domain: api.larpers.fun
url: https://api.github.com/repos/stamparm/maltrail/commits/45025da4faba7652cb3f08155b5b7ab65d744f4c
domain: hdkskwkwgg.auction
domain: hdkskwkwgg.autos
domain: hdkskwkwgg.boats
domain: hdkskwkwgg.bond
domain: hdkskwkwgg.business
domain: hdkskwkwgg.digital
domain: hdkskwkwgg.life
domain: hdkskwkwgg.live
domain: hdkskwkwgg.online
domain: hdkskwkwgg.quest
domain: hdkskwkwgg.sbs
domain: hdkskwkwgg.space
domain: hdkskwkwgg.surf
domain: hdkskwkwgg.top
domain: hdkskwkwgg.watch
domain: hdkskwkwgg.xyz
url: https://api.github.com/repos/stamparm/maltrail/commits/49df0b606ac2232022e961f75dc46acc0373bf9e
url: https://www.virustotal.com/gui/ip-address/45.140.204.42/relations
domain: applicat-download.top
url: https://api.github.com/repos/stamparm/maltrail/commits/b5e3e1e6f98e7fb159c102a8d4f504d9cf55a10a
url: https://x.com/suyog41/status/2061790546935636086
url: https://www.virustotal.com/gui/file/af99ae281b7afe9a8e7d1496fd2bc98b2ad7e9bbfac2617184ddc30ec3b541ea/detection
domain: update-installer.com
url: https://api.github.com/repos/stamparm/maltrail/commits/21b0e0c078d25c16e709a1c8c071e9a8267d83a7
ip: 185.235.137.106
url: https://api.github.com/repos/stamparm/maltrail/commits/d9843546bd670d228db9a209e1db6ab4b1531340
url: https://www.seqrite.com/blog/operation-xenofiscal-sidecopy-deploying-persistent-xenorat-targeting-the-mof-afghanistan
url: https://www.virustotal.com/gui/file/efeaa796fbbfc78472dab466b09406aa23be197f39074c964490c89066afaf7e/detection
url: https://www.virustotal.com/gui/file/99127c8c67d90e2776beeb85281f9c68399bf4567b07a6b638d68b760212e88d/detection
domain: abimj.edu.af
url: https://api.github.com/repos/stamparm/maltrail/commits/f582ccc6e0115c2c991b36a59a12af44bbf9ad06
url: https://x.com/Fact_Finder03/status/2061731618809880922
url: https://x.com/moneroon/status/2061748687487770769
url: https://www.virustotal.com/gui/ip-address/80.91.79.189/relations
url: https://www.virustotal.com/gui/file/c1a89655910530e47a6707286c83d8e8c944cdd0076d7f6dc50556fc6fff6978/detection
domain: notvaporhack.cc
domain: vaporhack.cc
domain: matrix.notvaporhack.cc
domain: remote.vaporhack.cc
domain: z.vaporhack.cc
url: https://api.github.com/repos/stamparm/maltrail/commits/ec9409e19e262353c109346a9b07cfd24ec028d1
ip: 38.91.104.111
domain: titanicservice.net
domain: nathiaibot.chickenkiller.com
url: https://api.github.com/repos/stamparm/maltrail/commits/9b2624177f3904363e10d524219f9e2691957d24
domain: betalegenda.cfd
domain: biletors.cfd
domain: bistrolord.lat
domain: krolikrojer.lat
domain: lenders.digital
domain: marinaradom.cfd
domain: mavpaprokla.lat
domain: megamegalodon.click
domain: smackit.lat
domain: spartanec.lat

Maltrail IOC for 2026-06-02

Severity: medium

Type: malware

Maltrail IOC for 2026-06-02

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

url: https://api.github.com/repos/stamparm/maltrail/commits/f04e78fc9e109400f740b2e34c86ad5630c7048a
domain: 0jr87375qt.v6.navy
domain: 2ecy51395u.v6.navy
domain: b8fq9189g6.dns.navy
domain: confirm1.moois-nid.remotewire.net
domain: cxmfcubfnq.dns.navy
domain: diaxwn61lp.dynv6.net
domain: dns-setup.remotewire.net
domain: e639kk.wjyx49u3cu3.dns.army
domain: egbzqa25gw.v6.navy
domain: health-doc.giize.com
domain: info.dns-setup.remotewire.net
domain: ip-cloud.theworkpc.com
domain: ips-doc.webredirect.org
domain: ips.dynuddns.net
domain: ispd.nts-write.remotewire.net
domain: jbyaa6xotk.v6.army
domain: lopm.webredirect.org
domain: mois-doc.roxa.org
domain: mois.mytunnel.org
domain: moois-nid.remotewire.net
domain: ms-cloud.ezgateway.net
domain: mybox.camdvr.org
domain: n-corp.hets12ex.dns.army
domain: n2gdnw08p4.dns.navy
domain: nav-log.moois-nid.remotewire.net
domain: naver.mywire.org
domain: ncodcnpass.dns.navy
domain: nd8f3lxih4.v6.navy
domain: ndoc.nid-sign.opik.net
domain: nid-nver.mybox.camdvr.org
domain: nid-sign.opik.net
domain: nid.ips-doc.webredirect.org
domain: nid.naver.mywire.org
domain: nid.ncodcnpass.dns.navy
domain: nid.nid-sign.opik.net
domain: nid.niws.mysynology.net
domain: nid.puoios.o-r.kr
domain: niws.mysynology.net
domain: nj1oayuy2o.dns.army
domain: nps-load.remotewire.net
domain: nst.mysynology.net
domain: nts-write.remotewire.net
domain: nudoc-check.e639kk.wjyx49u3cu3.dns.army
domain: nusrauth.gleeze.com
domain: passnid.lopm.webredirect.org
domain: puoios.o-r.kr
domain: r461wn14u1.dns.army
domain: support.nst.mysynology.net
domain: tahpuoto94.dns.army
domain: u4bhx3zo39.v6.navy
domain: udoc-nid.freeddns.org
domain: uxk-nid.nps-load.remotewire.net
domain: wjyx49u3cu3.dns.army
domain: x6nnfysecw.v6.navy
domain: xblhfkri2q.dns.army
url: https://api.github.com/repos/stamparm/maltrail/commits/ebd1000999f6fd3b8a0aa53ae6a24f3ead3e6059
url: https://urlscan.io/result/019e8775-e654-735c-b730-e6f4e64ea3a0
domain: remotewire.net
url: https://api.github.com/repos/stamparm/maltrail/commits/4ce92d25d687727fddae6a2f3d90befd31e9cb11
domain: montgqd.cyou
url: https://api.github.com/repos/stamparm/maltrail/commits/d2932d53a18a83c7beb6bd03c910f4b8694def1b
domain: a93xkcs4y2.v6.army
domain: edoc-mand.dns.army
domain: er-edoc.ezgateway.net
domain: ercmpola21s.dynv6.net
domain: ercmpola41s.dynv6.net
domain: ercmpola64s.dynv6.net
domain: ercmpola75s.dynv6.net
domain: ercmpola77s.dynv6.net
domain: ercmpola79s.dynv6.net
domain: ercmpola87s.dynv6.net
domain: ercmpola8s.dynv6.net
domain: info.edoc-mand.dns.army
domain: naver.cloudbarfbag.com
domain: navs.ncodcoverify.dns.navy
domain: ncodcbcheck.dynv6.net
domain: ncodcjpass.dns.army
domain: ncodcnverify.dns.navy
domain: ncodcoverify.dns.navy
domain: ncodcpcheck.dns.navy
domain: ncodcqverify.dns.navy
domain: ncodctcheck.dns.navy
domain: ncodcuverify.dns.navy
domain: ncodcwcheck.dns.navy
domain: ncodcwpass.dns.navy
domain: ndocmpjjcoz.ntu5invoice.dynu.org
domain: nid.naver.cloudbarfbag.com
domain: nid.ncodcpcheck.dns.navy
domain: nidlogins.ncodcbcheck.dynv6.net
domain: nidlogins.ncodcnverify.dns.navy
domain: nidservers.ntpx13ee.dns.army
domain: npigoji16sv.dns.army
domain: npigoji18sv.dns.army
domain: npigoji8sv.dns.army
domain: npspartyapp0sv.dns.army
domain: ntpx13ee.dns.army
domain: ntpx15ee.dns.army
domain: ntu5invoice.dynu.org
domain: ntxesdoc38s.dynv6.net
domain: nvapptax39s.dynv6.net
domain: nvapptax43s.dynv6.net
domain: tech-nid.z1gd.a93xkcs4y2.v6.army
domain: ywcdrzkqzmo.dns.navy
domain: z1gd.a93xkcs4y2.v6.army
url: https://api.github.com/repos/stamparm/maltrail/commits/11754adcbc99f356fbb36eb23ad1c435c5e52c0a
domain: leeincidiin.com
domain: linkadiin.com
domain: linkjdeen.com
domain: pumpra.fun
url: https://api.github.com/repos/stamparm/maltrail/commits/31e4b1f4184dd909ca5aa6b67073f4873158cf5b
domain: prismrocket.top
url: https://api.github.com/repos/stamparm/maltrail/commits/2e7168e5e4a58762cb1e75e45ea2b84780e791b3
domain: frontsky.top
url: https://api.github.com/repos/stamparm/maltrail/commits/fa7c3046070b232e55c2093ef44da823a0eb95f4
domain: coppervoyager.top
url: https://api.github.com/repos/stamparm/maltrail/commits/2a39fe6a3d9729ab77afc8a54356a3002cdb0a3d
domain: agbnbne.icu
domain: ahjnmt.icu
domain: cdn.qqebna.icu
domain: oojnme.icu
domain: qqerfge.icu
domain: segbnn.icu
domain: ssadfe.icu
domain: uijnne.icu
domain: uyanbn.icu
domain: zeqfge.icu
domain: zzafgeb.icu
url: https://api.github.com/repos/stamparm/maltrail/commits/88c7515411478029b7b9e25064ae0fc167e5ce0e
domain: linomu.com
domain: whiteharvest.top
url: https://api.github.com/repos/stamparm/maltrail/commits/5bc1f6f2261a4c44e82e6d525cd62c1f46e67f1f
domain: dist-ctroy.top
domain: fliqkera.com
domain: goldenvectorlab.top
domain: khaosyn.top
domain: powerjolytia.com
domain: silentmatrix.top
domain: velvetsignal.top
url: https://api.github.com/repos/stamparm/maltrail/commits/cc75c74f9677432fd4a8ef508e87f67e19579b5a
domain: fresicrto.top
domain: gralino.top
url: https://api.github.com/repos/stamparm/maltrail/commits/abe487f0a72ca7339f6f52f11cb14802808f4d6e
domain: alcovemac.com
domain: alcovemac.net
domain: cleanmymacos.net
domain: getmaccy.click
domain: maccyapp.com
domain: maccyapp.net
domain: macrepair.help
url: https://api.github.com/repos/stamparm/maltrail/commits/17697a8a56986c443f68fed2e23b88844b5dcd01
ip: 82.158.88.99
domain: kali.aeyehub.net
url: https://api.github.com/repos/stamparm/maltrail/commits/5af363e25ecccbacc9dbe6f417ff64f72216c210
domain: arcylianquanta.com
domain: austinportapotty.com
domain: drenslio.it.com
domain: nodevarianlabs.com
url: https://api.github.com/repos/stamparm/maltrail/commits/a0d0c89e869c1a7136960acfb421c01fb234c8d1
url: https://x.com/masaomi346/status/2061630833644228967
domain: aspen32.com
url: https://api.github.com/repos/stamparm/maltrail/commits/0585824f4441dbc6b2999f0d809fd2f049ab301a
domain: vodka777bet.com
url: https://api.github.com/repos/stamparm/maltrail/commits/01de6e2e3f1bb28501e447e71035d3d9376f555a
domain: cdn.xviralhub.com
domain: chickroadbet.com
domain: chickroaditalia.com
domain: dapurmanda.com
domain: dbshop.org
domain: dubaimodelscatalog.top
domain: freedyn.net
domain: igromafia.com
domain: igromafia.info
domain: igromafia.org
domain: linkbaba.fun
domain: linkraja.fun
domain: musichub-streampro-70e4870a-5255.omnicoder.app
domain: news.rarib.org
domain: parimatch-review.in
domain: qoob.name
domain: rarib.net
domain: rarib.org
domain: redcity-industries.de
domain: sloturismart.ro
domain: teratube.net
domain: wallspace4k.com
domain: wealthbridgemarkets.com
domain: xviralhub.com
url: https://api.github.com/repos/stamparm/maltrail/commits/c8158acee80c40388685969d59a4ceb9ba5c5e44
domain: 96.wallspacemac.com
domain: filearcticsignal.online
domain: fileblossommeteor.online
domain: filecrystalharbor.online
domain: filegoldenecho.com
domain: fileoceanmachine.online
domain: filepolarfolder.online
domain: fileravenharbor.online
domain: filesilvercomet.com
domain: getmaccy.app
domain: getmaccy.net
domain: gp.macos-wallspace.com
domain: gx.macos-wallspace.net
domain: macos-wallspace.com
domain: macos-wallspace.net
domain: tickerpadapp.com
domain: wallspacemac.com
domain: xo.getmaccy.app
url: https://api.github.com/repos/stamparm/maltrail/commits/d46d1445444e43363c4d90369229392ebcbee42f
domain: dapingceng7788.com
url: https://api.github.com/repos/stamparm/maltrail/commits/9e6358dcb28cac60ef1cd1c0c1746c5e99149356
ip: 178.236.252.62
ip: 185.100.157.12
ip: 185.100.157.14
ip: 193.221.200.111
ip: 193.221.200.230
ip: 45.150.34.115
ip: 77.91.97.121
url: https://api.github.com/repos/stamparm/maltrail/commits/d46913c18ae0e0924bd8ef2ae69926d86fa1dbd2
url: https://x.com/blackorbird/status/2061110101264789983
url: https://www.silentpush.com/blog/drivesurge
url: https://www.virustotal.com/gui/ip-address/178.16.53.137/relations
domain: dnsnewtds.shop
domain: dntds.shop
domain: ntdnewtds.shop
domain: nttdss.shop
domain: sdntds.shop
domain: tdsio.shop
url: https://api.github.com/repos/stamparm/maltrail/commits/6f73256d94ba1dd985417b7d7004e087009eaae7
url: https://www.virustotal.com/gui/file/18af97e74b4461e938ff17bda0a0cbc68780bbca6d1de74b37c80c2afcdc55bb/detection
domain: banerpanel.live
url: https://api.github.com/repos/stamparm/maltrail/commits/dc29cd80cbf40d3991d2877517d482fb5b3c7984
url: https://blog.sekoia.io/fsbs-matryoshka-1-3-gamaredons-gifts-that-keeps-unpacking-gammaphish-and-gammaworm
domain: quitethepastry.ru
domain: zsjtn41091.workers.dev
domain: bold.zsjtn41091.workers.dev
url: https://api.github.com/repos/stamparm/maltrail/commits/b282e97d56cb2baffeee5ddafaa6552456670941
url: https://www.virustotal.com/gui/file/7aa15de93cf85729ddf970e8d7897f69ece3ca29608f73e784a9ba40c9cea18d/detection
ip: 147.45.42.205
url: https://api.github.com/repos/stamparm/maltrail/commits/5ba5a00f54fd39d754f8d90a42ed6b0e00289c78
url: https://x.com/blackorbird/status/2061386428559548759
ip: 112.213.116.170
ip: 118.107.24.242
ip: 118.107.24.243
ip: 118.107.32.155
ip: 118.107.40.48
ip: 118.107.47.76
ip: 118.107.47.78
ip: 134.122.183.142
ip: 137.220.229.16
ip: 137.220.229.5
ip: 14.128.50.26
ip: 143.92.48.15
ip: 143.92.52.183
ip: 143.92.53.134
ip: 143.92.53.251
ip: 143.92.56.180
ip: 143.92.56.81
ip: 143.92.56.8
ip: 143.92.57.29
ip: 143.92.63.213
ip: 143.92.63.214
ip: 143.92.63.247
ip: 143.92.63.249
ip: 192.252.176.48
ip: 202.79.168.144
ip: 202.79.168.160
ip: 202.79.171.149
ip: 202.79.174.219
ip: 202.79.175.100
ip: 202.95.11.163
ip: 202.95.11.179
ip: 202.95.14.218
ip: 202.95.14.230
ip: 202.95.14.241
ip: 202.95.14.252
ip: 27.124.12.72
ip: 27.124.17.11
ip: 27.124.17.18
ip: 27.124.2.196
ip: 27.124.2.214
ip: 27.124.20.237
ip: 27.124.20.238
ip: 27.124.34.143
ip: 27.124.34.144
ip: 27.124.41.92
ip: 27.124.42.32
ip: 27.124.42.39
ip: 27.124.42.48
ip: 27.124.42.50
ip: 27.124.42.51
ip: 27.124.45.61
url: https://api.github.com/repos/stamparm/maltrail/commits/71cd5f031360494a554059db26598b50177e655c
domain: 0nwfyg62.onja1bet.com
domain: 1aed1cm5.cloudzone.com.tr
domain: 30tr04n4gr4m4.cndb-jsdelivr-net.christmas
domain: 4iod03t4.eutoor.com
domain: 509ukk9c.enf90.vip
domain: 635k6cma.uniquetilingsa.com.au
domain: 6feq96px.eutoor.com
domain: 7d6da0ri.axee.net
domain: 96mjt1sb.axee.net
domain: 99ytipqf.mayochem.com
domain: 9nwu3map.jetform.football
domain: a0sadcof.ogabbet.com
domain: a1bpvfc4.enfejar2.com
domain: archive-shlyah.digital
domain: byjsjzzd.byte-relay.digital
domain: byte-relay.digital
domain: chernichco5t.digital
domain: cloudzone.tr
domain: cndb-jsdelivr-net.christmas
domain: cw5zuej3.baxus.net
domain: dettyquu.quantum-vault.digital
domain: ef8qorio.latat-long.digital
domain: ff4ekbmd.7lf.net
domain: gfwbeo2g.7lf.net
domain: gnetier6.hegong-tools.com
domain: htcaqoat.universaltyresautos.com.au
domain: i0gxewzq.webuyurcar.com.au
domain: jkxbmyut.latat-long.digital
domain: k5k1f5zd.cloudzone.tr
domain: klga3rph.easyprocode.com
domain: latat-long.digital
domain: mjvdhq4d.destek1.com
domain: o8x1lij5.archive-shlyah.digital
domain: p4nkss83.alsulmicpa.com
domain: pengzsout.christmas
domain: ps10z3qz.eutoor.com
domain: quantum-vault.digital
domain: runtime-foundry.digital
domain: rzdwkgtc.chernichco5t.digital
domain: s61j30vp.snugglebloom.com.au
domain: sax166rh.funkboi.com
domain: udyvsthy.quantum-vault.digital
domain: vekdf8au.srlashnbrow.com.au
url: https://api.github.com/repos/stamparm/maltrail/commits/214c4a9a78d395e4b62aa1158fc589aa9b392e4c
domain: hdkskwkwgg.shop
domain: hdkskwkwgg.today
url: https://api.github.com/repos/stamparm/maltrail/commits/dd03aece78b9dafbcc376e5d1e148c0dcc7984ff
ip: 209.99.184.44
ip: 45.225.135.25
ip: 85.192.38.178
url: https://api.github.com/repos/stamparm/maltrail/commits/186a2e23e83358c7c3ee3de84b044c3ce70ce689
url: https://api.github.com/repos/stamparm/maltrail/commits/abf28baf4dcb0eed7b9fd2ad23dbc2df76e903eb
url: https://x.com/malwrhunterteam/status/2061777691758498296
url: https://www.virustotal.com/gui/file/c3fa88eaee2c12c7b17812184d9f6cdf570275e88ab096d909cddf2a82d04257/detection
domain: larpers.fun
domain: api.larpers.fun
url: https://api.github.com/repos/stamparm/maltrail/commits/45025da4faba7652cb3f08155b5b7ab65d744f4c
domain: hdkskwkwgg.auction
domain: hdkskwkwgg.autos
domain: hdkskwkwgg.boats
domain: hdkskwkwgg.bond
domain: hdkskwkwgg.business
domain: hdkskwkwgg.digital
domain: hdkskwkwgg.life
domain: hdkskwkwgg.live
domain: hdkskwkwgg.online
domain: hdkskwkwgg.quest
domain: hdkskwkwgg.sbs
domain: hdkskwkwgg.space
domain: hdkskwkwgg.surf
domain: hdkskwkwgg.top
domain: hdkskwkwgg.watch
domain: hdkskwkwgg.xyz
url: https://api.github.com/repos/stamparm/maltrail/commits/49df0b606ac2232022e961f75dc46acc0373bf9e
url: https://www.virustotal.com/gui/ip-address/45.140.204.42/relations
domain: applicat-download.top
url: https://api.github.com/repos/stamparm/maltrail/commits/b5e3e1e6f98e7fb159c102a8d4f504d9cf55a10a
url: https://x.com/suyog41/status/2061790546935636086
url: https://www.virustotal.com/gui/file/af99ae281b7afe9a8e7d1496fd2bc98b2ad7e9bbfac2617184ddc30ec3b541ea/detection
domain: update-installer.com
url: https://api.github.com/repos/stamparm/maltrail/commits/21b0e0c078d25c16e709a1c8c071e9a8267d83a7
ip: 185.235.137.106
url: https://api.github.com/repos/stamparm/maltrail/commits/d9843546bd670d228db9a209e1db6ab4b1531340
url: https://www.seqrite.com/blog/operation-xenofiscal-sidecopy-deploying-persistent-xenorat-targeting-the-mof-afghanistan
url: https://www.virustotal.com/gui/file/efeaa796fbbfc78472dab466b09406aa23be197f39074c964490c89066afaf7e/detection
url: https://www.virustotal.com/gui/file/99127c8c67d90e2776beeb85281f9c68399bf4567b07a6b638d68b760212e88d/detection
domain: abimj.edu.af
url: https://api.github.com/repos/stamparm/maltrail/commits/f582ccc6e0115c2c991b36a59a12af44bbf9ad06
url: https://x.com/Fact_Finder03/status/2061731618809880922
url: https://x.com/moneroon/status/2061748687487770769
url: https://www.virustotal.com/gui/ip-address/80.91.79.189/relations
url: https://www.virustotal.com/gui/file/c1a89655910530e47a6707286c83d8e8c944cdd0076d7f6dc50556fc6fff6978/detection
domain: notvaporhack.cc
domain: vaporhack.cc
domain: matrix.notvaporhack.cc
domain: remote.vaporhack.cc
domain: z.vaporhack.cc
url: https://api.github.com/repos/stamparm/maltrail/commits/ec9409e19e262353c109346a9b07cfd24ec028d1
ip: 38.91.104.111
domain: titanicservice.net
domain: nathiaibot.chickenkiller.com
url: https://api.github.com/repos/stamparm/maltrail/commits/9b2624177f3904363e10d524219f9e2691957d24
domain: betalegenda.cfd
domain: biletors.cfd
domain: bistrolord.lat
domain: krolikrojer.lat
domain: lenders.digital
domain: marinaradom.cfd
domain: mavpaprokla.lat
domain: megamegalodon.click
domain: smackit.lat
domain: spartanec.lat

Source: CIRCL OSINT Feed

Published: Mon Jun 01 2026

Maltrail IOC for 2026-06-02

Medium

Malwaretlp:clear malware misp:threat-level="medium-risk"misp:event-type="observation"misp:automation-level="unsupervised"type:osint osint:lifetime="perpetual"osint:source-type="manual-collection"

Published: Mon Jun 01 2026 (06/01/2026, 00:00:00 UTC)

Source: CIRCL OSINT Feed

Description

Maltrail IOC for 2026-06-02

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 06/02/2026, 17:03:29 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Uuid: 87f831ba-5e47-4210-b79a-d733f70f4a00
Original Timestamp: 1780416010

Indicators of Compromise

Url

Value	Description	Copy
urlhttps://api.github.com/repos/stamparm/maltrail/commits/f04e78fc9e109400f740b2e34c86ad5630c7048a	apt_kimsuky
urlhttps://api.github.com/repos/stamparm/maltrail/commits/ebd1000999f6fd3b8a0aa53ae6a24f3ead3e6059	dynamic_domain
urlhttps://urlscan.io/result/019e8775-e654-735c-b730-e6f4e64ea3a0	dynamic_domain
urlhttps://api.github.com/repos/stamparm/maltrail/commits/4ce92d25d687727fddae6a2f3d90befd31e9cb11	lummac2
urlhttps://api.github.com/repos/stamparm/maltrail/commits/d2932d53a18a83c7beb6bd03c910f4b8694def1b	apt_kimsuky
urlhttps://api.github.com/repos/stamparm/maltrail/commits/11754adcbc99f356fbb36eb23ad1c435c5e52c0a	osx_nova
urlhttps://api.github.com/repos/stamparm/maltrail/commits/31e4b1f4184dd909ca5aa6b67073f4873158cf5b	ek_zphp
urlhttps://api.github.com/repos/stamparm/maltrail/commits/2e7168e5e4a58762cb1e75e45ea2b84780e791b3	ek_zphp
urlhttps://api.github.com/repos/stamparm/maltrail/commits/fa7c3046070b232e55c2093ef44da823a0eb95f4	ek_zphp
urlhttps://api.github.com/repos/stamparm/maltrail/commits/2a39fe6a3d9729ab77afc8a54356a3002cdb0a3d	android_fvncbot
urlhttps://api.github.com/repos/stamparm/maltrail/commits/88c7515411478029b7b9e25064ae0fc167e5ce0e	ek_zphp
urlhttps://api.github.com/repos/stamparm/maltrail/commits/5bc1f6f2261a4c44e82e6d525cd62c1f46e67f1f	ek_zphp
urlhttps://api.github.com/repos/stamparm/maltrail/commits/cc75c74f9677432fd4a8ef508e87f67e19579b5a	ek_zphp
urlhttps://api.github.com/repos/stamparm/maltrail/commits/abe487f0a72ca7339f6f52f11cb14802808f4d6e	osx_atomic
urlhttps://api.github.com/repos/stamparm/maltrail/commits/17697a8a56986c443f68fed2e23b88844b5dcd01	cyberstrikeai
urlhttps://api.github.com/repos/stamparm/maltrail/commits/5af363e25ecccbacc9dbe6f417ff64f72216c210	apt_unc2465
urlhttps://api.github.com/repos/stamparm/maltrail/commits/a0d0c89e869c1a7136960acfb421c01fb234c8d1	osx_atomic
urlhttps://x.com/masaomi346/status/2061630833644228967	osx_atomic
urlhttps://api.github.com/repos/stamparm/maltrail/commits/0585824f4441dbc6b2999f0d809fd2f049ab301a	osx_atomic
urlhttps://api.github.com/repos/stamparm/maltrail/commits/01de6e2e3f1bb28501e447e71035d3d9376f555a	osx_atomic
urlhttps://api.github.com/repos/stamparm/maltrail/commits/c8158acee80c40388685969d59a4ceb9ba5c5e44	osx_atomic
urlhttps://api.github.com/repos/stamparm/maltrail/commits/d46d1445444e43363c4d90369229392ebcbee42f	adaptix_c2
urlhttps://api.github.com/repos/stamparm/maltrail/commits/9e6358dcb28cac60ef1cd1c0c1746c5e99149356	bad_service
urlhttps://api.github.com/repos/stamparm/maltrail/commits/d46913c18ae0e0924bd8ef2ae69926d86fa1dbd2	z_tds
urlhttps://x.com/blackorbird/status/2061110101264789983	z_tds
urlhttps://www.silentpush.com/blog/drivesurge	z_tds
urlhttps://www.virustotal.com/gui/ip-address/178.16.53.137/relations	z_tds
urlhttps://api.github.com/repos/stamparm/maltrail/commits/6f73256d94ba1dd985417b7d7004e087009eaae7	—
urlhttps://www.virustotal.com/gui/file/18af97e74b4461e938ff17bda0a0cbc68780bbca6d1de74b37c80c2afcdc55bb/detection	—
urlhttps://api.github.com/repos/stamparm/maltrail/commits/dc29cd80cbf40d3991d2877517d482fb5b3c7984	—
urlhttps://blog.sekoia.io/fsbs-matryoshka-1-3-gamaredons-gifts-that-keeps-unpacking-gammaphish-and-gammaworm	—
urlhttps://api.github.com/repos/stamparm/maltrail/commits/b282e97d56cb2baffeee5ddafaa6552456670941	osx_generic
urlhttps://www.virustotal.com/gui/file/7aa15de93cf85729ddf970e8d7897f69ece3ca29608f73e784a9ba40c9cea18d/detection	osx_generic
urlhttps://api.github.com/repos/stamparm/maltrail/commits/5ba5a00f54fd39d754f8d90a42ed6b0e00289c78	rogue_dns
urlhttps://x.com/blackorbird/status/2061386428559548759	rogue_dns
urlhttps://api.github.com/repos/stamparm/maltrail/commits/71cd5f031360494a554059db26598b50177e655c	—
urlhttps://api.github.com/repos/stamparm/maltrail/commits/214c4a9a78d395e4b62aa1158fc589aa9b392e4c	osx_atomic
urlhttps://api.github.com/repos/stamparm/maltrail/commits/dd03aece78b9dafbcc376e5d1e148c0dcc7984ff	generic_stealer
urlhttps://api.github.com/repos/stamparm/maltrail/commits/186a2e23e83358c7c3ee3de84b044c3ce70ce689	fakeapp
urlhttps://api.github.com/repos/stamparm/maltrail/commits/abf28baf4dcb0eed7b9fd2ad23dbc2df76e903eb	generic_stealer
urlhttps://x.com/malwrhunterteam/status/2061777691758498296	generic_stealer
urlhttps://www.virustotal.com/gui/file/c3fa88eaee2c12c7b17812184d9f6cdf570275e88ab096d909cddf2a82d04257/detection	generic_stealer
urlhttps://api.github.com/repos/stamparm/maltrail/commits/45025da4faba7652cb3f08155b5b7ab65d744f4c	osx_atomic
urlhttps://api.github.com/repos/stamparm/maltrail/commits/49df0b606ac2232022e961f75dc46acc0373bf9e	osx_atomic
urlhttps://www.virustotal.com/gui/ip-address/45.140.204.42/relations	osx_atomic
urlhttps://api.github.com/repos/stamparm/maltrail/commits/b5e3e1e6f98e7fb159c102a8d4f504d9cf55a10a	osx_atomic
urlhttps://x.com/suyog41/status/2061790546935636086	osx_atomic
urlhttps://www.virustotal.com/gui/file/af99ae281b7afe9a8e7d1496fd2bc98b2ad7e9bbfac2617184ddc30ec3b541ea/detection	osx_atomic
urlhttps://api.github.com/repos/stamparm/maltrail/commits/21b0e0c078d25c16e709a1c8c071e9a8267d83a7	xenorat
urlhttps://api.github.com/repos/stamparm/maltrail/commits/d9843546bd670d228db9a209e1db6ab4b1531340	xenorat
urlhttps://www.seqrite.com/blog/operation-xenofiscal-sidecopy-deploying-persistent-xenorat-targeting-the-mof-afghanistan	xenorat
urlhttps://www.virustotal.com/gui/file/efeaa796fbbfc78472dab466b09406aa23be197f39074c964490c89066afaf7e/detection	xenorat
urlhttps://www.virustotal.com/gui/file/99127c8c67d90e2776beeb85281f9c68399bf4567b07a6b638d68b760212e88d/detection	xenorat
urlhttps://api.github.com/repos/stamparm/maltrail/commits/f582ccc6e0115c2c991b36a59a12af44bbf9ad06	minecraftrat
urlhttps://x.com/Fact_Finder03/status/2061731618809880922	minecraftrat
urlhttps://x.com/moneroon/status/2061748687487770769	minecraftrat
urlhttps://www.virustotal.com/gui/ip-address/80.91.79.189/relations	minecraftrat
urlhttps://www.virustotal.com/gui/file/c1a89655910530e47a6707286c83d8e8c944cdd0076d7f6dc50556fc6fff6978/detection	minecraftrat
urlhttps://api.github.com/repos/stamparm/maltrail/commits/ec9409e19e262353c109346a9b07cfd24ec028d1	generic_stealer
urlhttps://api.github.com/repos/stamparm/maltrail/commits/9b2624177f3904363e10d524219f9e2691957d24	fakeapp

Domain

Value	Description	Copy
domain0jr87375qt.v6.navy	apt_kimsuky
domain2ecy51395u.v6.navy	apt_kimsuky
domainb8fq9189g6.dns.navy	apt_kimsuky
domainconfirm1.moois-nid.remotewire.net	apt_kimsuky
domaincxmfcubfnq.dns.navy	apt_kimsuky
domaindiaxwn61lp.dynv6.net	apt_kimsuky
domaindns-setup.remotewire.net	apt_kimsuky
domaine639kk.wjyx49u3cu3.dns.army	apt_kimsuky
domainegbzqa25gw.v6.navy	apt_kimsuky
domainhealth-doc.giize.com	apt_kimsuky
domaininfo.dns-setup.remotewire.net	apt_kimsuky
domainip-cloud.theworkpc.com	apt_kimsuky
domainips-doc.webredirect.org	apt_kimsuky
domainips.dynuddns.net	apt_kimsuky
domainispd.nts-write.remotewire.net	apt_kimsuky
domainjbyaa6xotk.v6.army	apt_kimsuky
domainlopm.webredirect.org	apt_kimsuky
domainmois-doc.roxa.org	apt_kimsuky
domainmois.mytunnel.org	apt_kimsuky
domainmoois-nid.remotewire.net	apt_kimsuky
domainms-cloud.ezgateway.net	apt_kimsuky
domainmybox.camdvr.org	apt_kimsuky
domainn-corp.hets12ex.dns.army	apt_kimsuky
domainn2gdnw08p4.dns.navy	apt_kimsuky
domainnav-log.moois-nid.remotewire.net	apt_kimsuky
domainnaver.mywire.org	apt_kimsuky
domainncodcnpass.dns.navy	apt_kimsuky
domainnd8f3lxih4.v6.navy	apt_kimsuky
domainndoc.nid-sign.opik.net	apt_kimsuky
domainnid-nver.mybox.camdvr.org	apt_kimsuky
domainnid-sign.opik.net	apt_kimsuky
domainnid.ips-doc.webredirect.org	apt_kimsuky
domainnid.naver.mywire.org	apt_kimsuky
domainnid.ncodcnpass.dns.navy	apt_kimsuky
domainnid.nid-sign.opik.net	apt_kimsuky
domainnid.niws.mysynology.net	apt_kimsuky
domainnid.puoios.o-r.kr	apt_kimsuky
domainniws.mysynology.net	apt_kimsuky
domainnj1oayuy2o.dns.army	apt_kimsuky
domainnps-load.remotewire.net	apt_kimsuky
domainnst.mysynology.net	apt_kimsuky
domainnts-write.remotewire.net	apt_kimsuky
domainnudoc-check.e639kk.wjyx49u3cu3.dns.army	apt_kimsuky
domainnusrauth.gleeze.com	apt_kimsuky
domainpassnid.lopm.webredirect.org	apt_kimsuky
domainpuoios.o-r.kr	apt_kimsuky
domainr461wn14u1.dns.army	apt_kimsuky
domainsupport.nst.mysynology.net	apt_kimsuky
domaintahpuoto94.dns.army	apt_kimsuky
domainu4bhx3zo39.v6.navy	apt_kimsuky
domainudoc-nid.freeddns.org	apt_kimsuky
domainuxk-nid.nps-load.remotewire.net	apt_kimsuky
domainwjyx49u3cu3.dns.army	apt_kimsuky
domainx6nnfysecw.v6.navy	apt_kimsuky
domainxblhfkri2q.dns.army	apt_kimsuky
domainremotewire.net	dynamic_domain
domainmontgqd.cyou	lummac2
domaina93xkcs4y2.v6.army	apt_kimsuky
domainedoc-mand.dns.army	apt_kimsuky
domainer-edoc.ezgateway.net	apt_kimsuky
domainercmpola21s.dynv6.net	apt_kimsuky
domainercmpola41s.dynv6.net	apt_kimsuky
domainercmpola64s.dynv6.net	apt_kimsuky
domainercmpola75s.dynv6.net	apt_kimsuky
domainercmpola77s.dynv6.net	apt_kimsuky
domainercmpola79s.dynv6.net	apt_kimsuky
domainercmpola87s.dynv6.net	apt_kimsuky
domainercmpola8s.dynv6.net	apt_kimsuky
domaininfo.edoc-mand.dns.army	apt_kimsuky
domainnaver.cloudbarfbag.com	apt_kimsuky
domainnavs.ncodcoverify.dns.navy	apt_kimsuky
domainncodcbcheck.dynv6.net	apt_kimsuky
domainncodcjpass.dns.army	apt_kimsuky
domainncodcnverify.dns.navy	apt_kimsuky
domainncodcoverify.dns.navy	apt_kimsuky
domainncodcpcheck.dns.navy	apt_kimsuky
domainncodcqverify.dns.navy	apt_kimsuky
domainncodctcheck.dns.navy	apt_kimsuky
domainncodcuverify.dns.navy	apt_kimsuky
domainncodcwcheck.dns.navy	apt_kimsuky
domainncodcwpass.dns.navy	apt_kimsuky
domainndocmpjjcoz.ntu5invoice.dynu.org	apt_kimsuky
domainnid.naver.cloudbarfbag.com	apt_kimsuky
domainnid.ncodcpcheck.dns.navy	apt_kimsuky
domainnidlogins.ncodcbcheck.dynv6.net	apt_kimsuky
domainnidlogins.ncodcnverify.dns.navy	apt_kimsuky
domainnidservers.ntpx13ee.dns.army	apt_kimsuky
domainnpigoji16sv.dns.army	apt_kimsuky
domainnpigoji18sv.dns.army	apt_kimsuky
domainnpigoji8sv.dns.army	apt_kimsuky
domainnpspartyapp0sv.dns.army	apt_kimsuky
domainntpx13ee.dns.army	apt_kimsuky
domainntpx15ee.dns.army	apt_kimsuky
domainntu5invoice.dynu.org	apt_kimsuky
domainntxesdoc38s.dynv6.net	apt_kimsuky
domainnvapptax39s.dynv6.net	apt_kimsuky
domainnvapptax43s.dynv6.net	apt_kimsuky
domaintech-nid.z1gd.a93xkcs4y2.v6.army	apt_kimsuky
domainywcdrzkqzmo.dns.navy	apt_kimsuky
domainz1gd.a93xkcs4y2.v6.army	apt_kimsuky
domainleeincidiin.com	osx_nova
domainlinkadiin.com	osx_nova
domainlinkjdeen.com	osx_nova
domainpumpra.fun	osx_nova
domainprismrocket.top	ek_zphp
domainfrontsky.top	ek_zphp
domaincoppervoyager.top	ek_zphp
domainagbnbne.icu	android_fvncbot
domainahjnmt.icu	android_fvncbot
domaincdn.qqebna.icu	android_fvncbot
domainoojnme.icu	android_fvncbot
domainqqerfge.icu	android_fvncbot
domainsegbnn.icu	android_fvncbot
domainssadfe.icu	android_fvncbot
domainuijnne.icu	android_fvncbot
domainuyanbn.icu	android_fvncbot
domainzeqfge.icu	android_fvncbot
domainzzafgeb.icu	android_fvncbot
domainlinomu.com	ek_zphp
domainwhiteharvest.top	ek_zphp
domaindist-ctroy.top	ek_zphp
domainfliqkera.com	ek_zphp
domaingoldenvectorlab.top	ek_zphp
domainkhaosyn.top	ek_zphp
domainpowerjolytia.com	ek_zphp
domainsilentmatrix.top	ek_zphp
domainvelvetsignal.top	ek_zphp
domainfresicrto.top	ek_zphp
domaingralino.top	ek_zphp
domainalcovemac.com	osx_atomic
domainalcovemac.net	osx_atomic
domaincleanmymacos.net	osx_atomic
domaingetmaccy.click	osx_atomic
domainmaccyapp.com	osx_atomic
domainmaccyapp.net	osx_atomic
domainmacrepair.help	osx_atomic
domainkali.aeyehub.net	cyberstrikeai
domainarcylianquanta.com	apt_unc2465
domainaustinportapotty.com	apt_unc2465
domaindrenslio.it.com	apt_unc2465
domainnodevarianlabs.com	apt_unc2465
domainaspen32.com	osx_atomic
domainvodka777bet.com	osx_atomic
domaincdn.xviralhub.com	osx_atomic
domainchickroadbet.com	osx_atomic
domainchickroaditalia.com	osx_atomic
domaindapurmanda.com	osx_atomic
domaindbshop.org	osx_atomic
domaindubaimodelscatalog.top	osx_atomic
domainfreedyn.net	osx_atomic
domainigromafia.com	osx_atomic
domainigromafia.info	osx_atomic
domainigromafia.org	osx_atomic
domainlinkbaba.fun	osx_atomic
domainlinkraja.fun	osx_atomic
domainmusichub-streampro-70e4870a-5255.omnicoder.app	osx_atomic
domainnews.rarib.org	osx_atomic
domainparimatch-review.in	osx_atomic
domainqoob.name	osx_atomic
domainrarib.net	osx_atomic
domainrarib.org	osx_atomic
domainredcity-industries.de	osx_atomic
domainsloturismart.ro	osx_atomic
domainteratube.net	osx_atomic
domainwallspace4k.com	osx_atomic
domainwealthbridgemarkets.com	osx_atomic
domainxviralhub.com	osx_atomic
domain96.wallspacemac.com	osx_atomic
domainfilearcticsignal.online	osx_atomic
domainfileblossommeteor.online	osx_atomic
domainfilecrystalharbor.online	osx_atomic
domainfilegoldenecho.com	osx_atomic
domainfileoceanmachine.online	osx_atomic
domainfilepolarfolder.online	osx_atomic
domainfileravenharbor.online	osx_atomic
domainfilesilvercomet.com	osx_atomic
domaingetmaccy.app	osx_atomic
domaingetmaccy.net	osx_atomic
domaingp.macos-wallspace.com	osx_atomic
domaingx.macos-wallspace.net	osx_atomic
domainmacos-wallspace.com	osx_atomic
domainmacos-wallspace.net	osx_atomic
domaintickerpadapp.com	osx_atomic
domainwallspacemac.com	osx_atomic
domainxo.getmaccy.app	osx_atomic
domaindapingceng7788.com	adaptix_c2
domaindnsnewtds.shop	z_tds
domaindntds.shop	z_tds
domainntdnewtds.shop	z_tds
domainnttdss.shop	z_tds
domainsdntds.shop	z_tds
domaintdsio.shop	z_tds
domainbanerpanel.live	—
domainquitethepastry.ru	—
domainzsjtn41091.workers.dev	—
domainbold.zsjtn41091.workers.dev	—
domain0nwfyg62.onja1bet.com	—
domain1aed1cm5.cloudzone.com.tr	—
domain30tr04n4gr4m4.cndb-jsdelivr-net.christmas	—
domain4iod03t4.eutoor.com	—
domain509ukk9c.enf90.vip	—
domain635k6cma.uniquetilingsa.com.au	—
domain6feq96px.eutoor.com	—
domain7d6da0ri.axee.net	—
domain96mjt1sb.axee.net	—
domain99ytipqf.mayochem.com	—
domain9nwu3map.jetform.football	—
domaina0sadcof.ogabbet.com	—
domaina1bpvfc4.enfejar2.com	—
domainarchive-shlyah.digital	—
domainbyjsjzzd.byte-relay.digital	—
domainbyte-relay.digital	—
domainchernichco5t.digital	—
domaincloudzone.tr	—
domaincndb-jsdelivr-net.christmas	—
domaincw5zuej3.baxus.net	—
domaindettyquu.quantum-vault.digital	—
domainef8qorio.latat-long.digital	—
domainff4ekbmd.7lf.net	—
domaingfwbeo2g.7lf.net	—
domaingnetier6.hegong-tools.com	—
domainhtcaqoat.universaltyresautos.com.au	—
domaini0gxewzq.webuyurcar.com.au	—
domainjkxbmyut.latat-long.digital	—
domaink5k1f5zd.cloudzone.tr	—
domainklga3rph.easyprocode.com	—
domainlatat-long.digital	—
domainmjvdhq4d.destek1.com	—
domaino8x1lij5.archive-shlyah.digital	—
domainp4nkss83.alsulmicpa.com	—
domainpengzsout.christmas	—
domainps10z3qz.eutoor.com	—
domainquantum-vault.digital	—
domainruntime-foundry.digital	—
domainrzdwkgtc.chernichco5t.digital	—
domains61j30vp.snugglebloom.com.au	—
domainsax166rh.funkboi.com	—
domainudyvsthy.quantum-vault.digital	—
domainvekdf8au.srlashnbrow.com.au	—
domainhdkskwkwgg.shop	osx_atomic
domainhdkskwkwgg.today	osx_atomic
domainlarpers.fun	generic_stealer
domainapi.larpers.fun	generic_stealer
domainhdkskwkwgg.auction	osx_atomic
domainhdkskwkwgg.autos	osx_atomic
domainhdkskwkwgg.boats	osx_atomic
domainhdkskwkwgg.bond	osx_atomic
domainhdkskwkwgg.business	osx_atomic
domainhdkskwkwgg.digital	osx_atomic
domainhdkskwkwgg.life	osx_atomic
domainhdkskwkwgg.live	osx_atomic
domainhdkskwkwgg.online	osx_atomic
domainhdkskwkwgg.quest	osx_atomic
domainhdkskwkwgg.sbs	osx_atomic
domainhdkskwkwgg.space	osx_atomic
domainhdkskwkwgg.surf	osx_atomic
domainhdkskwkwgg.top	osx_atomic
domainhdkskwkwgg.watch	osx_atomic
domainhdkskwkwgg.xyz	osx_atomic
domainapplicat-download.top	osx_atomic
domainupdate-installer.com	osx_atomic
domainabimj.edu.af	xenorat
domainnotvaporhack.cc	minecraftrat
domainvaporhack.cc	minecraftrat
domainmatrix.notvaporhack.cc	minecraftrat
domainremote.vaporhack.cc	minecraftrat
domainz.vaporhack.cc	minecraftrat
domaintitanicservice.net	generic_stealer
domainnathiaibot.chickenkiller.com	generic_stealer
domainbetalegenda.cfd	fakeapp
domainbiletors.cfd	fakeapp
domainbistrolord.lat	fakeapp
domainkrolikrojer.lat	fakeapp
domainlenders.digital	fakeapp
domainmarinaradom.cfd	fakeapp
domainmavpaprokla.lat	fakeapp
domainmegamegalodon.click	fakeapp
domainsmackit.lat	fakeapp
domainspartanec.lat	fakeapp

Ip

Value	Description	Copy
ip82.158.88.99	cyberstrikeai
ip178.236.252.62	bad_service
ip185.100.157.12	bad_service
ip185.100.157.14	bad_service
ip193.221.200.111	bad_service
ip193.221.200.230	bad_service
ip45.150.34.115	bad_service
ip77.91.97.121	bad_service
ip147.45.42.205	osx_generic
ip112.213.116.170	rogue_dns
ip118.107.24.242	rogue_dns
ip118.107.24.243	rogue_dns
ip118.107.32.155	rogue_dns
ip118.107.40.48	rogue_dns
ip118.107.47.76	rogue_dns
ip118.107.47.78	rogue_dns
ip134.122.183.142	rogue_dns
ip137.220.229.16	rogue_dns
ip137.220.229.5	rogue_dns
ip14.128.50.26	rogue_dns
ip143.92.48.15	rogue_dns
ip143.92.52.183	rogue_dns
ip143.92.53.134	rogue_dns
ip143.92.53.251	rogue_dns
ip143.92.56.180	rogue_dns
ip143.92.56.81	rogue_dns
ip143.92.56.8	rogue_dns
ip143.92.57.29	rogue_dns
ip143.92.63.213	rogue_dns
ip143.92.63.214	rogue_dns
ip143.92.63.247	rogue_dns
ip143.92.63.249	rogue_dns
ip192.252.176.48	rogue_dns
ip202.79.168.144	rogue_dns
ip202.79.168.160	rogue_dns
ip202.79.171.149	rogue_dns
ip202.79.174.219	rogue_dns
ip202.79.175.100	rogue_dns
ip202.95.11.163	rogue_dns
ip202.95.11.179	rogue_dns
ip202.95.14.218	rogue_dns
ip202.95.14.230	rogue_dns
ip202.95.14.241	rogue_dns
ip202.95.14.252	rogue_dns
ip27.124.12.72	rogue_dns
ip27.124.17.11	rogue_dns
ip27.124.17.18	rogue_dns
ip27.124.2.196	rogue_dns
ip27.124.2.214	rogue_dns
ip27.124.20.237	rogue_dns
ip27.124.20.238	rogue_dns
ip27.124.34.143	rogue_dns
ip27.124.34.144	rogue_dns
ip27.124.41.92	rogue_dns
ip27.124.42.32	rogue_dns
ip27.124.42.39	rogue_dns
ip27.124.42.48	rogue_dns
ip27.124.42.50	rogue_dns
ip27.124.42.51	rogue_dns
ip27.124.45.61	rogue_dns
ip209.99.184.44	generic_stealer
ip45.225.135.25	generic_stealer
ip85.192.38.178	generic_stealer
ip185.235.137.106	xenorat
ip38.91.104.111	generic_stealer

Threat ID: 6a1f0955e29bf47b50dfc90f

Added to database: 6/2/2026, 4:48:21 PM

Last enriched: 6/2/2026, 5:03:29 PM

Last updated: 6/2/2026, 5:48:48 PM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited

View courses

Maltrail IOC for 2026-06-02

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

Maltrail IOC for 2026-06-02

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Technical Details

Indicators of Compromise

Url

Domain

Ip

Community Reviews

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility

Maltrail IOC for 2026-06-02

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Indicators of Compromise

Maltrail IOC for 2026-06-02

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Technical Details

Indicators of Compromise

Url

Domain

Ip

Community Reviews

Related Threats

JSMonoGlyphRAT: The Persistent Backdoor Targeting US Businesses

This is a scam and probably a malware/trojan. Path Of Exile 2 builder ...

The Zero-Knowledge Threat Actor and the End of Responsible Disclosure

Nimbus RAT: How Threat Actors Are Abusing Microsoft Teams and Google Drive to Deploy a Java RAT

Mini Shai-Hulud Campaign Hits Red Hat Cloud Services npm Packages

Actions

External Links

Need more coverage?

Latest Threats

Check if your credentials are on the dark web

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility