This cluster centers on 645 connected domains tagged as NorthKorea, backdoor, pw-cyrex. 645 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus. Do not click links to any of the flagged domains. If you have visited one, check your accounts for unauthorized activity and consider changing your passwords. You can report suspicious contacts to the FTC at reportfraud.ftc.gov or to the FCC at consumercomplaints.fcc.gov. This campaign was identif...
Domain
mainly-trim-lizard.cloudpub.ru
First seen Mar 27, 2026
High Risk
- Flagged by Google Safe Browsing
- No SSL certificate
Campaign Intelligence
Details
Related Domains
domain
178.16.54.109
same campaigndomainmgtms.cc
same campaigndomain104.194.152.180
same campaigndomain130.12.181.60
same campaigndomain87.121.84.57
same campaigndomaincc-a89.pages.dev
same campaigndomain31.56.229.221
same campaigndomain61.160.213.179
same campaigndomain113.116.149.250
same campaigndomain31.57.216.121
same campaigndomain178.16.52.44
same campaigndomain158.94.211.102
same campaignCommunity Reports
No community reports yet. Be the first to share your experience.
Share Your Experience
What's Your Exposure?
Know your risk exposure to this message with a Thorough Analysis. It returns a detailed report covering the complaint history, your data breach exposure, related scam entities, and risk signals tied to this email message. Check the box and enter your email address now.
NordProtect — Identity theft monitoring and recovery
NordProtect watches for your personal info on the dark web, monitors your credit, and covers up to $1M in identity theft insurance.
Get NordProtectAffiliate link. We may earn a commission.