Closed g0d33p3rsec closed 3 months ago
45.9.74.36 http://45.9.74.36:8888/ http://cloudslimit.com:8888/15582296527056.dll http://dailywebstats.com:8888/28208068589.dll http://hertrud.shop:8888/235713873942.dll http://hexcrippler.shop:8888/234647089425.dll http://hiltrunde.shop:8888/1905070293923.dll http://iankian.shop:8888/235132567015030.dll http://ironturner.shop:8888/721256141486.dll http://kloisa.shop:8888/247102099110965.dll http://leopolfa.shop:8888/219162541119066.dll http://liferacer.shop:8888/16407240006521.dll http://commodityprocess.top:8888/25028894717122.dll http://insights.today-time.sitefind.top:8888/126951871630094.dll
This IP and the related domains are being used to distribute StrellaStealer. This is a sibling of #453
https://urlscan.io/search/#page.domain%3A45.9.74.36 https://search.censys.io/hosts/45.9.74.36/data/table#80-TCP-HTTP https://www.virustotal.com/gui/file/0a075ad634639f5b99b2764f05f364884115ebf4ffeaff54342a25d04befaaef https://urlscan.io/search/#page.domain%3Acloudslimit.com https://urlscan.io/search/#page.domain%3Adailywebstats.com https://urlscan.io/search/#page.domain%3Ahexcrippler.shop https://urlscan.io/search/#page.domain%3Ahiltrunde.shop https://urlscan.io/search/#page.domain%3Aiankian.shop https://urlscan.io/search/#page.domain%3Aironturner.shop https://urlscan.io/search/#page.domain%3Akloisa.shop https://urlscan.io/search/#page.domain%3Aleopolfa.shop https://urlscan.io/search/#page.domain%3Aliferacer.shop https://urlscan.io/search/#page.domain%3Acommodityprocess.top https://urlscan.io/search/#sitefind.top
Phishing Domain/URL/IP(s):
Impersonated domain
Describe the issue
This IP and the related domains are being used to distribute StrellaStealer. This is a sibling of #453
Related external source
Screenshot
Click to expand
