TF-1833745
medium
📛 Threat Title
Unknown Stealer: URL that delivers a malware payload https://domokitw.lol/downloads
Description
Indicator that identifies a malware distribution server (payload delivery). IOC type: URL that delivers a malware payload. Attributed malware: Unknown Stealer. Confidence: 50. First seen: 2026-06-18 09:57:23 UTC. Reporter: epol.
Remediations (10)
-
web:cybersecuritynews.com
A sophisticated DNS-based malware campaign has emerged, utilizing thousands of compromised websites worldwide to deliver the Strela Stealer information-stealing malware through an unprecedented technique involving DNS TXT records. The threat, tracked as Detour Dog by security researchers, represents a significant evolution in malware distribution methods that leverages the Domain Name System ...
-
web:easydmarc.com
Phishing and scams are getting harder to spot, so copy and paste a URL in our link tester to get real-time information on any website. Try it for free!
-
web:nordvpn.com
Use a free link checker tool if you want to check the URL you want to click is safe. Avoid phishing, malware , and joining a botnet easily with Link Checker.
-
web:tcm-sec.com
Malicious URLs remain a common attack vector for attackers to deliver weaponized phishing campaigns and malware . Techniques such as subdomain spoofing, lookalike domains, URL shortening, open redirects, and abuse of legitimate services are just some of the many ways that adversaries manipulate trust and attempt to bypass traditional security ...
-
web:urlhaus.abuse.ch
URLhaus URLhaus is a platform from abuse.ch and Spamhaus dedicated to sharing malicious URLs that are being used for malware distribution. Report URLs and explore the database for valuable intelligence. Use the APIs, to seamlessly push and pull signals, and automate bulk queries. With this intelligence, gain insights into malware behavior, to help identify, track, and mitigate against malware ...
-
web:urlhaus.abuse.ch
Here you can propose new malware urls or just browse the URLhaus database. If you are looking for a parsable list of the dataset, you might want to check out the URLhaus API.
-
web:www.microsoft.com
Stage 4: Redirect Abuse and Malware Delivery Among the threat actors and campaigns abusing OAuth redirection techniques with various landing pages, we identified a specific campaign that attempted to deliver a malicious payload . That activity is described in more detail below.
-
web:www.security.org
Is This Link Safe? Paste a URL before visiting to check for phishing attempts, fake websites, and malware . Is This Link Safe?
-
web:www.urlvoid.com
Free website reputation checker tool lets you scan a website with multiple website reputation/blocklist services to check if the website is safe and legit or malicious. Check the online reputation of a website to better detect potentially malicious and scam websites.
-
web:www.virustotal.com
VirusTotal Assistant Bot offers a platform for users to interact with VirusTotal's threat intelligence suite and explore artifact-related information effectively.
Indicators of Compromise (1)
Each indicator is enriched from the IOC database, threat-intel feed corroboration (Threat Hunt) and VirusTotal. Click one to expand.
url
https://domokitw.lol/downloads
IOC database
- Type
- url
- Value
https://domokitw.lol/downloads- First seen
- Last seen
- Attached to this threat
- Appears in
- 1 threat
- Description
- URL that delivers a malware payload attributed to Unknown Stealer
Threat Hunt — feed corroboration
Not present in any configured threat-intel feed.
Details From VirusTotal
No VirusTotal details cached for this IOC. Open the IOC page to query VirusTotal.
References (2)
- Malpedia profile Threatfox IOCs/Threats
-
ThreatFox IOC page
Threatfox IOCs/Threats
Indicator that identifies a malware distribution server (payload delivery). IOC type: URL that delivers a malware payload. Attributed malware: Unknown Stealer. Confidence: 50. First seen: 2026-06-18 09:57:23 UTC. Reporter: epol.
AI Forensic Analysis
Only Available for Registered Users. Sign in to view.