Skip to content
Latest
Jscrambler npm Compromise Shows Build Pipelines Need Runtime ControlsGhost Phishing Shows Why Email Security Must Follow the BrowserPakistani Police Intrusions Show Why Public-Sector Data Systems Are Strategic TargetsBad Epoll Shows Linux Kernel LPEs Belong in the Patch Priority QueueFake Payment SDKs Show Why Dependency Risk Is Credential RiskCritical UniFi Flaws Put Network Control Planes Back in the Patch QueueVidar Stealer Campaign Shows Why File Size and Fake Signatures Still Beat Weak ControlsADFS Signing Keys Show Why Federation Servers Are Tier-Zero Identity InfrastructureUAT-7810 Shows Edge Devices Are Becoming China-Nexus Relay InfrastructureFortiBleed Shows Firewall Credentials Are Ransomware FuelNetNut and Popa Takedown Shows Residential Proxies Are Now Attack InfrastructureVect and TeamPCP Show Supply-Chain Credentials Are Ransomware FuelOusaban Shows Banking Trojans Are Learning to Hide From SandboxesNUT upsmon Command Injection Shows UPS Monitoring Belongs in the Patch Queue

Indicator of Compromise

claude[.]ai

Domain Seen in 7 reports Watch this →

A domain observed in malicious infrastructure. Block or monitor it in DNS and web proxies. Shown defanged for safe viewing; use Copy live value for the functional form.

Included in the Domains feed (live, machine-readable).

Related indicators

Indicators that appear alongside this one in the same reporting, often shared infrastructure or the same campaign.

0434437a073a3f3a49e84d5ecb20c99dd551bacc32bf100fbb8cf67a50642181 13[.]227[.]180[.]4 15de71073f44c657c23f5f97caa11f1b12e654d4d17684bfc628cc1e5b6bcdd5 193[.]143[.]1[.]104 1bd605ef84b6767df74bd6290f1468eed5a88264df23fcf70b6a75d5bdcf7d76 2050468744e44554fac17fb83f1515c95f2f2236716e2b5267a81c2b94205e6a 213[.]165[.]51[.]115 2abe0ef88ba92db79d82cde4c0ed1f382bb347517a54ea82084c841d0f955518 34[.]34[.]57[.]14134[.]34[.]81[.]12935[.]192[.]41[.]201 4264a88035aa0b63e9aef96daa78a58114d60a344ea10168a8ef5ef36bf8edbd 433a13cc70396f80dc29d1150c050339d78964fdc91bcdc3f40c67a77add1476 449f528f5ceae8c3f8336d0d8e3e3ec9031d1ad67c31ee7311b67e01d5fdf225 45[.]59[.]160[.]19945[.]93[.]20[.]19545[.]93[.]20[.]61 4e90d386c1c7d3d1fd4176975795a2f432d95685690778e09313b4a1dbab9997 576692df4bf1c7d8927d3a183f5219a81c3bff3dd22971691f8af6889f80c5a0 7f2315b89fb9a47e1516def136844d617bfcdce19000a1b0436706692dbe166c adrinal[.]com aefd15e3c395edd16ede7685c6e97ca0350a702ee7c8585274b457166e86b1fa archicad3d[.]comatlassian[.]netbarankinyserialxud[.]onlinebest-tinted[.]combest-tinted[.]com/github-download[.]htmlbotshield[.]vubotshield[.]vu/kFcjldbotshield[.]vu/KKRkm9brw[.]so c40b9913e79c5dd09751b1afb03aaa98658bab61bacf27a299abd84fd44fe707 CVE-2026-21509 CVE-2026-21513 d295720bc0c1111ce1c3d8b1bc1b36ba840f103b3ca7e95a5a8bf03e2cc44fe5 dropbox[.]com ed1745cc49b929e499966d87e163219fe0f24069fe88dfacbd69c0ebab85a640 egest[.]filen[.]io fa767391b99865f8533efc1fe6dfa6175215718679fb00ca85fc13c3bd4ae4b7 fe4e5fb28d2c2b3a640112b6b125ce8c4afa8be28342e3bfda097ad9dd2ef9ee