Indicator of Compromise
www[.]aikido[.]dev
A domain observed in malicious infrastructure. Block or monitor it in DNS and web proxies. Shown defanged for safe viewing; use Copy live value for the functional form.
Included in the Domains feed (live, machine-readable).
Seen in these reports
Cyber Security Blog · Jun 3, 2026
Red Hat’s Miasma npm Compromise Shows Trusted Publishing Is Not a Control Boundary
Iranian Cyber Threat Intelligence · Mar 24, 2026
CanisterWorm Wiper Weaponizes Trivy Supply Chain to Target Iran
Malware · Jan 27, 2026
Fake Clawdbot VS Code Extension Deploys ScreenConnect RAT
Related indicators
Indicators that appear alongside this one in the same reporting, often shared infrastructure or the same campaign.
04ef48b104d6ebd05ad70f6685ade26c1905495456f52dfe0fb42f550bd43388 0c5077e51419868618aeaa5fe8019c62421857d6 178[.]16[.]54[.]253179[.]43[.]176[.]32 adbcdb613c04fd51936cb0863d2417604db0cd04792ab7cae02526d48944c77b bulletmailer[.]netchampionships-peoples-point-cassette[.]trycloudflare[.]comclawdbot[.]getintwopc[.]site d1e0c26774cb8beabaf64f119652719f673fb530368d5b2166178191ad5fcbea darkgptprivate[.]com de0fac2e4500dabe0009e67214ff5f5447ce83dd dl[.]k8s[.]iodropbox[.]com/scl/fi/tmwi4j86op04r9qo2xdgh/zoomupdate[.]msi?rlkey=ymr9yn5p3q2w2l3uz9cg71dvm& e20b920c7af988aa215c95bbaa365d005dd673544ab7e3577b60fecf11dcdea2 getintwopc[.]sitegetintwopc[.]site/config[.]jsongetintwopc[.]site/config[.]json'hxxp://clawdbot[.]getintwopc[.]site/config[.]json'hxxp://clawdbot[.]getintwopc[.]site/dl/Lightshot[.]dll'hxxp://clawdbot[.]getintwopc[.]site/dl/Lightshot[.]exe'hxxps://championships-peoples-point-cassette[.]trycloudflare[.]comhxxps://championships-peoples-point-cassette[.]trycloudflare[.]com/prop[.]pyhxxps://darkgptprivate[.]com/d111"hxxps://dl[.]k8s[.]io/release/$(curlhxxps://dl[.]k8s[.]io/release/stable[.]txt)/bin/linux/${ARCH}/kubectl"hxxps://investigation-launches-hearings-copying[.]trycloudflare[.]com/hxxps://souls-entire-defined-routes[.]trycloudflare[.]com/hxxps://souls-entire-defined-routes[.]trycloudflare[.]com/kamikaze[.]shhxxps://souls-entire-defined-routes[.]trycloudflare[.]com/kube[.]py"hxxps://www[.]aikido[.]dev/blog/fake-clawdbot-vscode-extension-malwarehxxps://www[.]aikido[.]dev/blog/red-hat-npm-packages-compromised-credential-stealing-wormhxxps://www[.]aikido[.]dev/blog/teampcp-stage-payload-canisterworm-iranhxxps://www[.]dropbox[.]com/scl/fi/tmwi4j86op04r9qo2xdgh/zoomupdate[.]msi?rlkey=ymr9yn5p3q2w2l3uz9cg71dvm&st=q93av9p6&dl=1icp0[.]ioinvestigation-launches-hearings-copying[.]trycloudflare[.]commeeting[.]bulletmailer[.]netsouls-entire-defined-routes[.]trycloudflare[.]com tdtqy-oyaaa-aaaae-af2dq-cai[.]raw[.]icp0[.]io trycloudflare[.]comtrycloudflare[.]com/