Blurred Lines: AdTech Abuse Delivers Browser Hijackers Through the Microsoft Store
A newly uncovered campaign abuses the Trillion (formerly Trellian) AdTech network, mimicking the flow of a Traffic Direction System (TDS) to trick visitors of typo-squatted domains into downloading Microsoft Store apps that contain browser hijacking malware. While the abuse of AdTech networks to deliver malware isn’t new, this campaign highlights incredibly similar tactics to VexTrio and previous TDS networks; further blurring the line between AdTech and malicious TDS systems.
AI Analysis
Technical Summary
This threat involves a campaign that abuses the Trillion (formerly Trellian) AdTech network to deliver browser hijacking malware through Microsoft Store applications. The attackers exploit typo-squatted domains—domains that closely resemble legitimate ones but contain slight misspellings—to lure users into downloading malicious apps from the Microsoft Store. The campaign mimics the behavior of Traffic Direction Systems (TDS), which are commonly used in malicious advertising to redirect traffic through a chain of servers to evade detection and deliver payloads. By leveraging this pseudo-TDS approach, the attackers effectively blend malicious activity with legitimate AdTech traffic, complicating detection efforts. The malware delivered primarily hijacks browsers, potentially changing homepage settings, search engines, or injecting ads, thereby compromising user privacy and security. The campaign shares similarities with previous threats like VexTrio, indicating a continued evolution of AdTech abuse techniques. Although no known exploits in the wild have been reported, the campaign's use of legitimate Microsoft Store apps as a delivery vector is notable, as it bypasses some traditional security controls. The attack chain involves social engineering to convince users to install these apps, exploiting trust in the Microsoft Store ecosystem. The campaign is tagged with MITRE ATT&CK techniques such as T1036 (Masquerading), T1102 (Web Service), T1568 (Dynamic Resolution), and T1547 (Boot or Logon Autostart Execution), indicating sophisticated persistence and evasion tactics. Overall, this threat highlights the increasing convergence of advertising technology abuse and malware distribution through trusted platforms.
Potential Impact
The impact of this campaign can be significant for organizations and end-users worldwide. Browser hijackers can degrade user experience by redirecting traffic to malicious or advertising sites, potentially exposing users to further malware or phishing attacks. For organizations, compromised browsers can lead to data leakage, unauthorized access to internal resources if session cookies or credentials are stolen, and reduced productivity. The use of Microsoft Store apps as a delivery mechanism undermines trust in the platform and may lead to wider adoption of malicious apps if not mitigated. Additionally, the abuse of AdTech networks complicates detection and response, as malicious traffic blends with legitimate advertising flows. This can increase the risk of widespread infections, especially in environments where users have elevated privileges or where endpoint protections are insufficient. The campaign's reliance on typo-squatting also means that organizations with well-known brands or domains are at higher risk of being targeted or impersonated, potentially impacting brand reputation and customer trust.
Mitigation Recommendations
To mitigate this threat, organizations should implement a multi-layered approach: 1) Restrict or monitor Microsoft Store app installations, especially in enterprise environments, using application control policies or endpoint management solutions. 2) Employ DNS filtering and domain reputation services to block access to known typo-squatted domains and suspicious AdTech traffic sources. 3) Educate users about the risks of typo-squatting and encourage verification of URLs before downloading apps or clicking links. 4) Monitor network traffic for unusual redirection patterns or connections to known malicious AdTech infrastructure. 5) Use endpoint detection and response (EDR) tools to identify and remediate browser hijacking behaviors promptly. 6) Regularly audit installed applications for unauthorized or suspicious Microsoft Store apps. 7) Collaborate with Microsoft and AdTech providers to report and remove malicious apps and domains. 8) Implement browser security controls such as restricting changes to homepage and search engine settings. These targeted measures go beyond generic advice by focusing on the unique delivery vector and attack techniques used in this campaign.
Affected Countries
United States, United Kingdom, Australia, Canada, Germany, France, Netherlands, Japan, South Korea, India
Indicators of Compromise
- hash: 02f66b321856ff6eb50ab6e2c62cdae9
- hash: 2bc64058874d2e93344513e658d220fc
- hash: 4e06809efc8eb93cd8f0456b25f75f11
- hash: 61e046145ee5cf45aeb033cd71e8b07c
- hash: 679e7c325d1170bb8855e390d6c5bd20
- hash: 9a4d7cd3a062dd610fc7f7ee0c8b5415
- hash: ac5138a0b84e4e83895d926b40642fcf
- hash: bcc8d26e4dec515d69d13f9cda6b5a1b
- hash: c5c80be9f8d609d5aba83570702b73cd
- hash: d59a17bd5a1e9202eb6c71cc3204996f
- hash: dbc36c50744206a08a912f35a383cae1
- hash: df650b8146bc1d483b85396fc7289c5c
- hash: e57b3d825807362b726ad73924014b37
- hash: e7e021be599fd55b7b716b8bd9157596
- hash: 0c2656df9b1ff72db8fbc28dd124d9d0a2399a46
- hash: 0eb5a3d11751546c5191436f64d31878c0debe59
- hash: 21ec674135a6fa43e3a1f9c1534d12ba20be3e39
- hash: 377d0faf3d0c84ad4f7c18f140b27e1ed5ae5df1
- hash: 46f7f2ff4571fd4ed9a55da8df6573b1cd4fc602
- hash: 550e291504e69dc81b22e97a5329518887372b7c
- hash: 5a0584b92da42bbcb9f86838f1a505eaa3c7c6c2
- hash: 7e9ee75e306c3108615b64728781a40e0e8920fb
- hash: 99ff25fed683b3520b3cf5bb699152ca6762be7e
- hash: ab00d1df57ff37d5faa5bdbf33d990077ffa0d17
- hash: ba5f2f79789725a117210a3d74bd2ffc782c0aaa
- hash: e47d0b219486e9056ecc4869149dbf0e54693478
- hash: e6341045848330cf73db141bb8bd98c12e9f06be
- hash: eec86e4079e55a77a22bd1a728bd46a42b0ad656
- hash: 06245bdbc4b8ea1c2ec57da25cee8e4f8617ee5b0769de570fab6433c7be579e
- hash: 06a044644b0b896c72800c9dfc1ec1770b46001a8f8a21fb3ba28949e52120ef
- hash: 08bac051af00724dd688a35ae4973a82c4d7157b34ddba935dab830c62ae54dd
- hash: 0a0b6d419aa7520ff29ac5cec8d1a4a89096319774cf481127a92048566eeb91
- hash: 14da6bdc694a5e9106afd8e3ac46855c8a87c521eb567e76bac2d87bf6c644b8
- hash: 1ee688c763ce39fce2c8e814ff18420529717d35eba6d16a73633786a134acf3
- hash: 228c316455d5ed69232adcbe9acd033092f200014cfa7ed40d6c382f07b19b82
- hash: 24ec63f3976d04f5e7a7f229ae76301bd1ca6099016d65a727d1c33459853847
- hash: 296c3bdc102ce337aeeec7382e0b759bed05dd935662a58ef4ed102e5caadd14
- hash: 2f025b7e289b87f6aebbc4b3264754408f11308fd6a849c0142ef4870b90990b
- hash: 31af13993756db91d90e3c0d8bc1904cb776eb47162000eaa0a85182b9485418
- hash: 3316a4a24270ec8b268ea07635c66de2dd0c24776b834f60529f2d9b1104479f
- hash: 4aefe15a6285587755fcae1dfb1af7b9eb8f81c512b625223fc21580115455d3
- hash: 58388c8efbee568b805a80078b789e9c39b4af6d97c1029da902897e77b5ec58
- hash: 59579af118faca431f7b464ad3a8592c467314274ccea7547153ed8d00667d40
- hash: 63f043de4e769f46838e4891e2fc96b247ebeee2806240874867ca5d343d5e33
- hash: 640088274eee03faab19c4296764a66a3c2efd9023fcf8be677a117d7725df00
- hash: 67e8f51957b39bb3193a211161f6332e5320f1c31754d903b8822e2c1061b1a4
- hash: 7a2076172068d44a699ccc0e597382a05cc3a0da9b5620c9fbb6eddd1e6faf5f
- hash: 84da4be52c1e1f6729b2dfcd05d84d9f9dc5fef3e906ef38dd88749f2dde9dec
- hash: 8625846616d0c21e4624e238f2919f17f5d435f98f13bd84ee72bdb61435aa2b
- hash: 8ed91cb0478f21a23bbf6ca23b9577c90fe9eedff6cb3fe4effbf90a52564b9c
- hash: 930f0039cbc94d9aa39311b4c2f533dc6de67f433ea3f07091b051fab145b3f9
- hash: 961b50c8419d220d479a7e029f0cf4aeb1233ed3b21ff9f8b3bca8f23adfd434
- hash: a6023a1eb13286242318383783cb09ca702e40d086403a1521f377aed088d927
- hash: abb9c26f58962a19ea1362c859dca5b7dd59216858e38ec6c15258d1489cda38
- hash: afa2250fb08d3c47b09ee5dca817fd686f4196e22d834993dc8a9ac36630c22e
- hash: b16f478f1469155707b7a899735d96e26be548acb5d863852533decbb4eba05f
- hash: bba03fe757280615ed3a1aee037ecefd3e4434ac17edc59838bb7b28e58c99b6
- hash: bdb67859951a4078187b8c9fdb6bd7f8e94c6ce5cf03a70c9ad96c8ef261355c
- hash: bebd647687d3f57b4f1077eba829ae0353546179f2d7170faab769fae7e61c15
- hash: c96fcb15d8fbcf555fa2f1e7502610348caa3220dd9c29fdab4d05625f0fa5e9
- hash: ce77601f50bc5a69110d01cf0c0b4f43be7a3df89e28f8617af8fe3a7df24ddc
- hash: d046ab9588433b8009fe2185088b081dd20e21952a999221809a525712af69f1
- hash: d0b0aaf3bf2a21c6b5b1a899da311f400bbc8fcaa9290e1d2811a5addd5941e9
- hash: d66895d8da6d5eb1d8658647c80f66dce40236c06bb600f1c62a44a657f923b3
- hash: de4980ee96d968420d3897d861a1a5cde7c3d27704a68d0067b398cbef86e6e7
- hash: e0b54f6586f85d2902fde5b052e6591f6f5a9fd70319d82483e6656bf3466124
- hash: e6b69a432c63b6268acffae22125cb0a1000cb83b080f75f6072537ac7b51d58
- hash: e9cfdcb18bb4c54802b7214a226d983c0015bb37e41a39a4d293d4e674fa94c8
- hash: ea2d72cb87c93f447be6502690328f441fdf2fa665d12938bb294bbd18855aeb
- hash: f71ea2a3edcd39983f7069e38bba42c13f4038607236ae73e923c841b381d1ec
- hash: f80e1bbc93d645c47ea53b44f6e9917a26f5d2eab3f22b030518092ab9b5ebc0
- hash: f961a74f27ccb4a300d37f3546a3e8833d63fd9a32ad8ccc2252fe3a2306d439
- hash: f9af137fc8c0232d7b52557f4276ded47f000566231617a0f6955bc28b7b1ebc
- hash: ff5b9aa8094e962b1803d011730c9278afbfb42aa3dac9f71ebe78449218728a
- url: http://safe-scan.info/
- url: http://securepass.info/
- url: http://www.pgaurdroute.me/
- domain: cuyuzu.com
- domain: fajuez.com
- domain: fyabyq.com
- domain: gifowy.com
- domain: hodeoc.com
- domain: hyakio.com
- domain: idysuk.com
- domain: iviqag.com
- domain: jyagit.com
- domain: jyroda.com
- domain: kiylox.com
- domain: lastpas.com
- domain: zutebo.com
- domain: cint.cablegaurdian.online
- domain: cint.privitosurfo.online
- domain: cint.prvtbrws.online
- domain: cint.sfml.online
- domain: cint.sfwtch.online
- domain: dislp.dropitsafe.online
- domain: each.collectitnow.net
- domain: eaed.collectitnow.net
- domain: eaff.collectitnow.net
- domain: ffres.streamio.site
- domain: results.streamio.site
- domain: sdcr.collectitnow.net
- domain: sder.collectitnow.net
- domain: sdfr.collectitnow.net
- domain: www.pgaurdroute.me
Blurred Lines: AdTech Abuse Delivers Browser Hijackers Through the Microsoft Store
Description
A newly uncovered campaign abuses the Trillion (formerly Trellian) AdTech network, mimicking the flow of a Traffic Direction System (TDS) to trick visitors of typo-squatted domains into downloading Microsoft Store apps that contain browser hijacking malware. While the abuse of AdTech networks to deliver malware isn’t new, this campaign highlights incredibly similar tactics to VexTrio and previous TDS networks; further blurring the line between AdTech and malicious TDS systems.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This threat involves a campaign that abuses the Trillion (formerly Trellian) AdTech network to deliver browser hijacking malware through Microsoft Store applications. The attackers exploit typo-squatted domains—domains that closely resemble legitimate ones but contain slight misspellings—to lure users into downloading malicious apps from the Microsoft Store. The campaign mimics the behavior of Traffic Direction Systems (TDS), which are commonly used in malicious advertising to redirect traffic through a chain of servers to evade detection and deliver payloads. By leveraging this pseudo-TDS approach, the attackers effectively blend malicious activity with legitimate AdTech traffic, complicating detection efforts. The malware delivered primarily hijacks browsers, potentially changing homepage settings, search engines, or injecting ads, thereby compromising user privacy and security. The campaign shares similarities with previous threats like VexTrio, indicating a continued evolution of AdTech abuse techniques. Although no known exploits in the wild have been reported, the campaign's use of legitimate Microsoft Store apps as a delivery vector is notable, as it bypasses some traditional security controls. The attack chain involves social engineering to convince users to install these apps, exploiting trust in the Microsoft Store ecosystem. The campaign is tagged with MITRE ATT&CK techniques such as T1036 (Masquerading), T1102 (Web Service), T1568 (Dynamic Resolution), and T1547 (Boot or Logon Autostart Execution), indicating sophisticated persistence and evasion tactics. Overall, this threat highlights the increasing convergence of advertising technology abuse and malware distribution through trusted platforms.
Potential Impact
The impact of this campaign can be significant for organizations and end-users worldwide. Browser hijackers can degrade user experience by redirecting traffic to malicious or advertising sites, potentially exposing users to further malware or phishing attacks. For organizations, compromised browsers can lead to data leakage, unauthorized access to internal resources if session cookies or credentials are stolen, and reduced productivity. The use of Microsoft Store apps as a delivery mechanism undermines trust in the platform and may lead to wider adoption of malicious apps if not mitigated. Additionally, the abuse of AdTech networks complicates detection and response, as malicious traffic blends with legitimate advertising flows. This can increase the risk of widespread infections, especially in environments where users have elevated privileges or where endpoint protections are insufficient. The campaign's reliance on typo-squatting also means that organizations with well-known brands or domains are at higher risk of being targeted or impersonated, potentially impacting brand reputation and customer trust.
Mitigation Recommendations
To mitigate this threat, organizations should implement a multi-layered approach: 1) Restrict or monitor Microsoft Store app installations, especially in enterprise environments, using application control policies or endpoint management solutions. 2) Employ DNS filtering and domain reputation services to block access to known typo-squatted domains and suspicious AdTech traffic sources. 3) Educate users about the risks of typo-squatting and encourage verification of URLs before downloading apps or clicking links. 4) Monitor network traffic for unusual redirection patterns or connections to known malicious AdTech infrastructure. 5) Use endpoint detection and response (EDR) tools to identify and remediate browser hijacking behaviors promptly. 6) Regularly audit installed applications for unauthorized or suspicious Microsoft Store apps. 7) Collaborate with Microsoft and AdTech providers to report and remove malicious apps and domains. 8) Implement browser security controls such as restricting changes to homepage and search engine settings. These targeted measures go beyond generic advice by focusing on the unique delivery vector and attack techniques used in this campaign.
Technical Details
- Author
- AlienVault
- Tlp
- white
- References
- ["https://www.trinitycyber.com/blog/blurred-lines-adtech-abuse-delivers-browser-hijackers-through-the-microsoft-store#:~:text=The%20attackers%20prompt%20users%20who,link%20various%20PhantomJack%20samples%20together:"]
- Adversary
- null
- Pulse Id
- 69cea64baa48265a8127fe22
- Threat Score
- null
Indicators of Compromise
Hash
| Value | Description | Copy |
|---|---|---|
hash02f66b321856ff6eb50ab6e2c62cdae9 | MD5 of afa2250fb08d3c47b09ee5dca817fd686f4196e22d834993dc8a9ac36630c22e | |
hash2bc64058874d2e93344513e658d220fc | MD5 of a6023a1eb13286242318383783cb09ca702e40d086403a1521f377aed088d927 | |
hash4e06809efc8eb93cd8f0456b25f75f11 | MD5 of 930f0039cbc94d9aa39311b4c2f533dc6de67f433ea3f07091b051fab145b3f9 | |
hash61e046145ee5cf45aeb033cd71e8b07c | MD5 of 228c316455d5ed69232adcbe9acd033092f200014cfa7ed40d6c382f07b19b82 | |
hash679e7c325d1170bb8855e390d6c5bd20 | MD5 of 640088274eee03faab19c4296764a66a3c2efd9023fcf8be677a117d7725df00 | |
hash9a4d7cd3a062dd610fc7f7ee0c8b5415 | MD5 of 06245bdbc4b8ea1c2ec57da25cee8e4f8617ee5b0769de570fab6433c7be579e | |
hashac5138a0b84e4e83895d926b40642fcf | MD5 of 59579af118faca431f7b464ad3a8592c467314274ccea7547153ed8d00667d40 | |
hashbcc8d26e4dec515d69d13f9cda6b5a1b | MD5 of e6b69a432c63b6268acffae22125cb0a1000cb83b080f75f6072537ac7b51d58 | |
hashc5c80be9f8d609d5aba83570702b73cd | MD5 of 84da4be52c1e1f6729b2dfcd05d84d9f9dc5fef3e906ef38dd88749f2dde9dec | |
hashd59a17bd5a1e9202eb6c71cc3204996f | MD5 of 58388c8efbee568b805a80078b789e9c39b4af6d97c1029da902897e77b5ec58 | |
hashdbc36c50744206a08a912f35a383cae1 | MD5 of f9af137fc8c0232d7b52557f4276ded47f000566231617a0f6955bc28b7b1ebc | |
hashdf650b8146bc1d483b85396fc7289c5c | MD5 of 24ec63f3976d04f5e7a7f229ae76301bd1ca6099016d65a727d1c33459853847 | |
hashe57b3d825807362b726ad73924014b37 | MD5 of d0b0aaf3bf2a21c6b5b1a899da311f400bbc8fcaa9290e1d2811a5addd5941e9 | |
hashe7e021be599fd55b7b716b8bd9157596 | MD5 of e0b54f6586f85d2902fde5b052e6591f6f5a9fd70319d82483e6656bf3466124 | |
hash0c2656df9b1ff72db8fbc28dd124d9d0a2399a46 | SHA1 of d0b0aaf3bf2a21c6b5b1a899da311f400bbc8fcaa9290e1d2811a5addd5941e9 | |
hash0eb5a3d11751546c5191436f64d31878c0debe59 | SHA1 of a6023a1eb13286242318383783cb09ca702e40d086403a1521f377aed088d927 | |
hash21ec674135a6fa43e3a1f9c1534d12ba20be3e39 | SHA1 of 24ec63f3976d04f5e7a7f229ae76301bd1ca6099016d65a727d1c33459853847 | |
hash377d0faf3d0c84ad4f7c18f140b27e1ed5ae5df1 | SHA1 of 58388c8efbee568b805a80078b789e9c39b4af6d97c1029da902897e77b5ec58 | |
hash46f7f2ff4571fd4ed9a55da8df6573b1cd4fc602 | SHA1 of 84da4be52c1e1f6729b2dfcd05d84d9f9dc5fef3e906ef38dd88749f2dde9dec | |
hash550e291504e69dc81b22e97a5329518887372b7c | SHA1 of 930f0039cbc94d9aa39311b4c2f533dc6de67f433ea3f07091b051fab145b3f9 | |
hash5a0584b92da42bbcb9f86838f1a505eaa3c7c6c2 | SHA1 of e0b54f6586f85d2902fde5b052e6591f6f5a9fd70319d82483e6656bf3466124 | |
hash7e9ee75e306c3108615b64728781a40e0e8920fb | SHA1 of 228c316455d5ed69232adcbe9acd033092f200014cfa7ed40d6c382f07b19b82 | |
hash99ff25fed683b3520b3cf5bb699152ca6762be7e | SHA1 of afa2250fb08d3c47b09ee5dca817fd686f4196e22d834993dc8a9ac36630c22e | |
hashab00d1df57ff37d5faa5bdbf33d990077ffa0d17 | SHA1 of e6b69a432c63b6268acffae22125cb0a1000cb83b080f75f6072537ac7b51d58 | |
hashba5f2f79789725a117210a3d74bd2ffc782c0aaa | SHA1 of 06245bdbc4b8ea1c2ec57da25cee8e4f8617ee5b0769de570fab6433c7be579e | |
hashe47d0b219486e9056ecc4869149dbf0e54693478 | SHA1 of f9af137fc8c0232d7b52557f4276ded47f000566231617a0f6955bc28b7b1ebc | |
hashe6341045848330cf73db141bb8bd98c12e9f06be | SHA1 of 640088274eee03faab19c4296764a66a3c2efd9023fcf8be677a117d7725df00 | |
hasheec86e4079e55a77a22bd1a728bd46a42b0ad656 | SHA1 of 59579af118faca431f7b464ad3a8592c467314274ccea7547153ed8d00667d40 | |
hash06245bdbc4b8ea1c2ec57da25cee8e4f8617ee5b0769de570fab6433c7be579e | — | |
hash06a044644b0b896c72800c9dfc1ec1770b46001a8f8a21fb3ba28949e52120ef | — | |
hash08bac051af00724dd688a35ae4973a82c4d7157b34ddba935dab830c62ae54dd | — | |
hash0a0b6d419aa7520ff29ac5cec8d1a4a89096319774cf481127a92048566eeb91 | — | |
hash14da6bdc694a5e9106afd8e3ac46855c8a87c521eb567e76bac2d87bf6c644b8 | — | |
hash1ee688c763ce39fce2c8e814ff18420529717d35eba6d16a73633786a134acf3 | — | |
hash228c316455d5ed69232adcbe9acd033092f200014cfa7ed40d6c382f07b19b82 | — | |
hash24ec63f3976d04f5e7a7f229ae76301bd1ca6099016d65a727d1c33459853847 | — | |
hash296c3bdc102ce337aeeec7382e0b759bed05dd935662a58ef4ed102e5caadd14 | — | |
hash2f025b7e289b87f6aebbc4b3264754408f11308fd6a849c0142ef4870b90990b | — | |
hash31af13993756db91d90e3c0d8bc1904cb776eb47162000eaa0a85182b9485418 | — | |
hash3316a4a24270ec8b268ea07635c66de2dd0c24776b834f60529f2d9b1104479f | — | |
hash4aefe15a6285587755fcae1dfb1af7b9eb8f81c512b625223fc21580115455d3 | — | |
hash58388c8efbee568b805a80078b789e9c39b4af6d97c1029da902897e77b5ec58 | — | |
hash59579af118faca431f7b464ad3a8592c467314274ccea7547153ed8d00667d40 | — | |
hash63f043de4e769f46838e4891e2fc96b247ebeee2806240874867ca5d343d5e33 | — | |
hash640088274eee03faab19c4296764a66a3c2efd9023fcf8be677a117d7725df00 | — | |
hash67e8f51957b39bb3193a211161f6332e5320f1c31754d903b8822e2c1061b1a4 | — | |
hash7a2076172068d44a699ccc0e597382a05cc3a0da9b5620c9fbb6eddd1e6faf5f | — | |
hash84da4be52c1e1f6729b2dfcd05d84d9f9dc5fef3e906ef38dd88749f2dde9dec | — | |
hash8625846616d0c21e4624e238f2919f17f5d435f98f13bd84ee72bdb61435aa2b | — | |
hash8ed91cb0478f21a23bbf6ca23b9577c90fe9eedff6cb3fe4effbf90a52564b9c | — | |
hash930f0039cbc94d9aa39311b4c2f533dc6de67f433ea3f07091b051fab145b3f9 | — | |
hash961b50c8419d220d479a7e029f0cf4aeb1233ed3b21ff9f8b3bca8f23adfd434 | — | |
hasha6023a1eb13286242318383783cb09ca702e40d086403a1521f377aed088d927 | — | |
hashabb9c26f58962a19ea1362c859dca5b7dd59216858e38ec6c15258d1489cda38 | — | |
hashafa2250fb08d3c47b09ee5dca817fd686f4196e22d834993dc8a9ac36630c22e | — | |
hashb16f478f1469155707b7a899735d96e26be548acb5d863852533decbb4eba05f | — | |
hashbba03fe757280615ed3a1aee037ecefd3e4434ac17edc59838bb7b28e58c99b6 | — | |
hashbdb67859951a4078187b8c9fdb6bd7f8e94c6ce5cf03a70c9ad96c8ef261355c | — | |
hashbebd647687d3f57b4f1077eba829ae0353546179f2d7170faab769fae7e61c15 | — | |
hashc96fcb15d8fbcf555fa2f1e7502610348caa3220dd9c29fdab4d05625f0fa5e9 | — | |
hashce77601f50bc5a69110d01cf0c0b4f43be7a3df89e28f8617af8fe3a7df24ddc | — | |
hashd046ab9588433b8009fe2185088b081dd20e21952a999221809a525712af69f1 | — | |
hashd0b0aaf3bf2a21c6b5b1a899da311f400bbc8fcaa9290e1d2811a5addd5941e9 | — | |
hashd66895d8da6d5eb1d8658647c80f66dce40236c06bb600f1c62a44a657f923b3 | — | |
hashde4980ee96d968420d3897d861a1a5cde7c3d27704a68d0067b398cbef86e6e7 | — | |
hashe0b54f6586f85d2902fde5b052e6591f6f5a9fd70319d82483e6656bf3466124 | — | |
hashe6b69a432c63b6268acffae22125cb0a1000cb83b080f75f6072537ac7b51d58 | — | |
hashe9cfdcb18bb4c54802b7214a226d983c0015bb37e41a39a4d293d4e674fa94c8 | — | |
hashea2d72cb87c93f447be6502690328f441fdf2fa665d12938bb294bbd18855aeb | — | |
hashf71ea2a3edcd39983f7069e38bba42c13f4038607236ae73e923c841b381d1ec | — | |
hashf80e1bbc93d645c47ea53b44f6e9917a26f5d2eab3f22b030518092ab9b5ebc0 | — | |
hashf961a74f27ccb4a300d37f3546a3e8833d63fd9a32ad8ccc2252fe3a2306d439 | — | |
hashf9af137fc8c0232d7b52557f4276ded47f000566231617a0f6955bc28b7b1ebc | — | |
hashff5b9aa8094e962b1803d011730c9278afbfb42aa3dac9f71ebe78449218728a | — |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://safe-scan.info/ | — | |
urlhttp://securepass.info/ | — | |
urlhttp://www.pgaurdroute.me/ | — |
Domain
| Value | Description | Copy |
|---|---|---|
domaincuyuzu.com | — | |
domainfajuez.com | — | |
domainfyabyq.com | — | |
domaingifowy.com | — | |
domainhodeoc.com | — | |
domainhyakio.com | — | |
domainidysuk.com | — | |
domainiviqag.com | — | |
domainjyagit.com | — | |
domainjyroda.com | — | |
domainkiylox.com | — | |
domainlastpas.com | — | |
domainzutebo.com | — | |
domaincint.cablegaurdian.online | — | |
domaincint.privitosurfo.online | — | |
domaincint.prvtbrws.online | — | |
domaincint.sfml.online | — | |
domaincint.sfwtch.online | — | |
domaindislp.dropitsafe.online | — | |
domaineach.collectitnow.net | — | |
domaineaed.collectitnow.net | — | |
domaineaff.collectitnow.net | — | |
domainffres.streamio.site | — | |
domainresults.streamio.site | — | |
domainsdcr.collectitnow.net | — | |
domainsder.collectitnow.net | — | |
domainsdfr.collectitnow.net | — | |
domainwww.pgaurdroute.me | — |
Threat ID: 69cea988e6bfc5ba1defd25c
Added to database: 4/2/2026, 5:38:16 PM
Last enriched: 4/2/2026, 5:56:16 PM
Last updated: 4/3/2026, 5:32:32 AM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.