This cluster centers on 645 connected domains tagged as NorthKorea, backdoor, pw-cyrex. 645 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus. Do not click links to any of the flagged domains. If you have visited one, check your accounts for unauthorized activity and consider changing your passwords. You can report suspicious contacts to the FTC at reportfraud.ftc.gov or to the FCC at consumercomplaints.fcc.gov. This campaign was identif...
Domain
166.1.89.46
First seen Mar 27, 2026
High Risk
- Flagged by Google Safe Browsing
- No SSL certificate
Campaign Intelligence
Details
Related Domains
domain
74.0.32.141
same campaigndomain188.137.229.136
same campaigndomain130.12.180.43
same campaigndomain150.251.145.178
same campaigndomain150.251.145.201
same campaigndomainid8654.cfd
same campaigndomain193.17.95.79
same campaigndomain192.177.26.196
same campaigndomain80.89.224.210
same campaigndomain188.137.230.45
same campaigndomainapi.touchskins.io
same campaigndomainvisuals.trueblog.sbs
same campaignCommunity Reports
No community reports yet. Be the first to share your experience.
Share Your Experience
What's Your Exposure?
Know your risk exposure to this message with a Thorough Analysis. It returns a detailed report covering the complaint history, your data breach exposure, related scam entities, and risk signals tied to this email message. Check the box and enter your email address now.
NordVPN — Block threats and hide your IP from trackers
NordVPN encrypts your internet traffic and blocks malicious websites, ads, and trackers before they reach your device.
Get NordVPNAffiliate link. We may earn a commission.