Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

imygqwowcuaycyua.xyz #73579

Open
g0d33p3rsec opened this issue Feb 2, 2025 · 0 comments
Open

imygqwowcuaycyua.xyz #73579

g0d33p3rsec opened this issue Feb 2, 2025 · 0 comments
Labels
Malicious Domains used for Malicious software

Comments

@g0d33p3rsec
Copy link
Collaborator

g0d33p3rsec commented Feb 2, 2025

Comments

MetaStealer C2 domain. For more information see: Phishing-Database/phishing#739

Wildcard domain records

imygqwowcuaycyua.xyz|malicious

Sub-Domain records


Hosts (RFC:952) specific records, not used by DNS RPZ firewalls


Safe Search records


Screenshots

Screenshot, click to expand

image
image
image
image
image
image
image

Links to external sources

http://documents.hq-office.us:8080/scan/Scan_copy_1101256.lnk
https://hq-office.us/fork/setup.msi
https://hq-office.us/scan/Scan_copy_1101256.lnk

https://app.any.run/tasks/47626d52-3dda-4eae-aa05-01601d865bfc
https://urlscan.io/ip/193.233.72.58
https://www.virustotal.com/gui/file/6984a8e300e9a3aee123a340299b813134c89bd7e4c91793321643e6ecdef9ae/details
https://www.virustotal.com/gui/file/a960dcc42ff2b360b3e95f86ffc9106d7a1fa10fc59e51666de0b46460c38627

Name servers

dns1.registrar-servers.com.
dns2.registrar-servers.com.

logs from uBlock Origin

N/A

@g0d33p3rsec g0d33p3rsec added the Malicious Domains used for Malicious software label Feb 2, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Malicious Domains used for Malicious software
Projects
None yet
Development

No branches or pull requests

1 participant