Skip to content
Latest
Jscrambler npm Compromise Shows Build Pipelines Need Runtime ControlsGhost Phishing Shows Why Email Security Must Follow the BrowserPakistani Police Intrusions Show Why Public-Sector Data Systems Are Strategic TargetsBad Epoll Shows Linux Kernel LPEs Belong in the Patch Priority QueueFake Payment SDKs Show Why Dependency Risk Is Credential RiskCritical UniFi Flaws Put Network Control Planes Back in the Patch QueueVidar Stealer Campaign Shows Why File Size and Fake Signatures Still Beat Weak ControlsADFS Signing Keys Show Why Federation Servers Are Tier-Zero Identity InfrastructureUAT-7810 Shows Edge Devices Are Becoming China-Nexus Relay InfrastructureFortiBleed Shows Firewall Credentials Are Ransomware FuelNetNut and Popa Takedown Shows Residential Proxies Are Now Attack InfrastructureVect and TeamPCP Show Supply-Chain Credentials Are Ransomware FuelOusaban Shows Banking Trojans Are Learning to Hide From SandboxesNUT upsmon Command Injection Shows UPS Monitoring Belongs in the Patch Queue

Indicator of Compromise

www[.]aikido[.]dev

Domain Seen in 3 reports Watch this →

A domain observed in malicious infrastructure. Block or monitor it in DNS and web proxies. Shown defanged for safe viewing; use Copy live value for the functional form.

Included in the Domains feed (live, machine-readable).

Related indicators

Indicators that appear alongside this one in the same reporting, often shared infrastructure or the same campaign.

04ef48b104d6ebd05ad70f6685ade26c1905495456f52dfe0fb42f550bd43388 0c5077e51419868618aeaa5fe8019c62421857d6 178[.]16[.]54[.]253179[.]43[.]176[.]32 adbcdb613c04fd51936cb0863d2417604db0cd04792ab7cae02526d48944c77b bulletmailer[.]netchampionships-peoples-point-cassette[.]trycloudflare[.]comclawdbot[.]getintwopc[.]site d1e0c26774cb8beabaf64f119652719f673fb530368d5b2166178191ad5fcbea darkgptprivate[.]com de0fac2e4500dabe0009e67214ff5f5447ce83dd dl[.]k8s[.]iodropbox[.]com/scl/fi/tmwi4j86op04r9qo2xdgh/zoomupdate[.]msi?rlkey=ymr9yn5p3q2w2l3uz9cg71dvm&amp e20b920c7af988aa215c95bbaa365d005dd673544ab7e3577b60fecf11dcdea2 getintwopc[.]sitegetintwopc[.]site/config[.]jsongetintwopc[.]site/config[.]json&#x27hxxp://clawdbot[.]getintwopc[.]site/config[.]json&#x27hxxp://clawdbot[.]getintwopc[.]site/dl/Lightshot[.]dll&#x27hxxp://clawdbot[.]getintwopc[.]site/dl/Lightshot[.]exe&#x27hxxps://championships-peoples-point-cassette[.]trycloudflare[.]comhxxps://championships-peoples-point-cassette[.]trycloudflare[.]com/prop[.]pyhxxps://darkgptprivate[.]com/d111&quothxxps://dl[.]k8s[.]io/release/$(curlhxxps://dl[.]k8s[.]io/release/stable[.]txt)/bin/linux/${ARCH}/kubectl&quothxxps://investigation-launches-hearings-copying[.]trycloudflare[.]com/hxxps://souls-entire-defined-routes[.]trycloudflare[.]com/hxxps://souls-entire-defined-routes[.]trycloudflare[.]com/kamikaze[.]shhxxps://souls-entire-defined-routes[.]trycloudflare[.]com/kube[.]py&quothxxps://www[.]aikido[.]dev/blog/fake-clawdbot-vscode-extension-malwarehxxps://www[.]aikido[.]dev/blog/red-hat-npm-packages-compromised-credential-stealing-wormhxxps://www[.]aikido[.]dev/blog/teampcp-stage-payload-canisterworm-iranhxxps://www[.]dropbox[.]com/scl/fi/tmwi4j86op04r9qo2xdgh/zoomupdate[.]msi?rlkey=ymr9yn5p3q2w2l3uz9cg71dvm&st=q93av9p6&dl=1icp0[.]ioinvestigation-launches-hearings-copying[.]trycloudflare[.]commeeting[.]bulletmailer[.]netsouls-entire-defined-routes[.]trycloudflare[.]com tdtqy-oyaaa-aaaae-af2dq-cai[.]raw[.]icp0[.]io trycloudflare[.]comtrycloudflare[.]com/