ThreatFox IOC Database

You are viewing the ThreatFox database entry for domain merluis.pages.dev.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1785156
IOC: merluis.pages.dev
IOC Type :domain
Threat Type :payload_delivery
Malware: Unknown RAT
Confidence Level : Confidence level is elevated (75%)
Is compromised? : False
ASN:AS13335 CLOUDFLARENET
Country:- US
First seen:2026-04-13 12:58:16 UTC
Last seen:never
UUID:014576cf-3730-11f1-8759-42010aa4000a
Reporter Omaha
Reward 5 credits from ThreatFox
Tags:cloudflare-pages fake-game infostealer RAT taken-down ZKM-Stealer
Reference: https://tria.ge/260407-s8dpgahs5l/behavioral1

Avatar
Omaha
Original malware distribution site for ZKM Stealer 26.0.0.
Taken down by Cloudflare following abuse report April 2026.
Replaced by merluis-beta.pages.dev which remains active.
Same campaign, same payload, new domain.