ThreatFox IOC Database
You are viewing the ThreatFox database entry for domain dl.armour-inc-down.net.
Database Entry
| IOC ID: | 1792469 |
|---|---|
| IOC: | dl.armour-inc-down.net |
| IOC Type : | domain |
| Threat Type : | payload_delivery |
| Malware: | Vidar |
| Confidence Level : | Confidence level is elevated (75%) |
| Is compromised? : | True |
| ASN: | AS13335 CLOUDFLARENET |
| Country: |  US |
| First seen: | 2026-04-16 05:21:59 UTC |
| Last seen: | never |
| UUID: | b3dd3d4b-3913-11f1-8759-42010aa4000a |
| Reporter |  tcains1 |
| Reward | 5 credits from ThreatFox |
| Tags: | Vidar |
tcains1
It’s a fake download site used for malware distribution. You can add anything after the "?" and it will download a ZIP with that name. the contents are always the same and the ZIP password is always: 4DKCUJ4DDXS.Example: https://dl.armour-inc-down.net/in/?Example