mirror of
https://github.com/JGoyd/ShadowShells.git
synced 2026-02-12 13:22:45 +00:00
1.3 KiB
1.3 KiB
| 1 | type | value | first_seen | confidence | action | notes |
|---|---|---|---|---|---|---|
| 2 | domain | github.stormbreaker.pro | 2025-12-07 | High | monitor_block | Primary suspected C2 (observed repeatedly) |
| 3 | domain | stormbreaker.pro | 2025-12-07 | High | monitor_block | C2 variant |
| 4 | domain | kaylees.site | 2025-12-09 | High | monitor_block | Secondary C2 / proxy |
| 5 | domain | pir.kaylees.site | 2025-12-09 | High | monitor_block | Relay/variant |
| 6 | domain | spple.cf | 2025-12-09 | Medium | monitor | Typosquat / possible phishing |
| 7 | domain | apple.cf | 2025-12-09 | Medium | monitor | Typosquat / impersonation risk |
| 8 | domain | pstack.cf | 2025-12-09 | High | monitor_block | DNS queries observed in telemetry |
| 9 | domain | e.zip | 2025-12-09 | High | monitor_block | Download/payload host observed |
| 10 | domain | com.apple.pro | 2025-12-09 | Medium | monitor | Impersonation-like domain |
| 11 | domain | com.apple.online | 2025-12-09 | Medium | monitor | Impersonation-like domain |
| 12 | domain | modes.ga | 2025-12-09 | Medium | monitor | Observed in related telemetry |
| 13 | domain | quikit.ru | 2025-12-09 | Medium | monitor | Possible typosquat |
| 14 | domain | cs.cf | 2025-12-09 | Medium | monitor | Suspicious free-TLD domain |
| 15 | domain | authoriz.gq | 2025-12-09 | Medium | monitor | Suspect domain |
| 16 | domain | photod.cn | 2025-12-09 | Medium | monitor | Suspect domain |
| 17 | domain | nthropic.cn | 2025-12-09 | Medium | monitor | Suspect domain |
| 18 | domain | caller-id.ru | 2025-12-09 | Medium | monitor | Suspect domain |
| 19 | domain | family.cn | 2025-12-09 | Medium | monitor | Suspect domain |
| 20 | domain | ios.ml | 2025-12-09 | Medium | monitor | Suspect domain |