ThreatFox IOC Database

You are viewing the ThreatFox database entry for domain handed-mines-abc-intensity.trycloudflare.com.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1779724
IOC: handed-mines-abc-intensity.trycloudflare.com
IOC Type :domain
Threat Type :payload_delivery
Malware: Venom RAT
Confidence Level : Confidence level is high (100%)
Is compromised? : False
ASN:AS13335 CLOUDFLARENET
Country:- US
First seen:2026-03-31 18:14:22 UTC
Last seen:never
UUID:894256bb-2d2b-11f1-9af6-42010aa4000a
Reporter kirkderp
Reward 5 credits from ThreatFox
Tags:ClickFix Cloudflare-Tunnel SERPENTINE WebDav
Reference: https://www.derp.ca

Avatar
kirkderp
Ephemeral Cloudflare Tunnel domains used for ClickFix delivery chain. Tunnel 1: WSH lure hosting. Tunnel 2: WSF via WebDAV. Tunnel 3: batch files via WebDAV. Tunnel 4: payload zips + persistence via HTTPS. All tunnels created 2026-03-30. Delivers VenomRAT, AsyncRAT, XWorm, PureHVNC, and Brute Ratel C4. SERPENTINE#CLOUD operator.