Reconnecting to live updates…

Law Firm Sites Hijacked in Suspected Supply-Chain Attack

Severity: mediumType: malware

GrayCharlie, a threat actor active since mid-2023, compromises WordPress sites to inject links redirecting visitors to NetSupport RAT payloads via fake browser updates or ClickFix mechanisms. These infections often lead to Stealc and SectopRAT deployments. The group's infrastructure is primarily linked to MivoCloud and HZ Hosting Ltd. A cluster of US law firm sites was compromised around November 2025, possibly through a supply-chain attack. GrayCharlie uses two main attack chains: one involving fake browser updates and another using ClickFix-style lures. The group's objectives appear to focus on data theft and financial gain, with potential access selling to other threat actors.

AI Analysis

Technical Summary

GrayCharlie is a cybercriminal group active since mid-2023 that targets WordPress websites, with a focus on law firm sites, through suspected supply-chain attacks. The group compromises legitimate WordPress sites by injecting malicious links that redirect visitors to payloads of the NetSupport Remote Access Trojan (RAT). These payloads are delivered via social engineering lures such as fake browser update prompts or ClickFix-style notifications, which trick users into executing malware. Once infected, victims may also be compromised by additional malware including Stealc, a credential and data stealer, and SectopRAT, a remote access tool. The attack infrastructure is tied to hosting providers MivoCloud and HZ Hosting Ltd, indicating a possible use of cloud-based resources to host malicious payloads and command-and-control servers. The group employs multiple attack chains leveraging techniques such as exploitation of WordPress vulnerabilities (T1190), use of remote services (T1021), persistence mechanisms (T1547), and credential access (T1078). The primary objectives appear to be data theft and financial gain, with indications that access to compromised environments may be sold to other threat actors. The November 2025 compromise of a cluster of US law firm sites highlights the potential for supply-chain style attacks targeting trusted websites to distribute malware. Although no CVSS score is assigned, the threat’s complexity, use of social engineering, and targeting of sensitive legal sector data underscore its significance. The attack requires user interaction to execute the fake updates but does not require prior authentication, increasing the attack surface. The lack of known exploits in the wild suggests the threat is currently limited but evolving.

Potential Impact

For European organizations, particularly law firms and other professional services using WordPress, this threat poses significant risks including unauthorized access, data theft, and potential reputational damage. Compromise of legal sector websites can lead to exposure of sensitive client information, privileged communications, and intellectual property. The use of supply-chain attack vectors increases the risk of widespread infection across trusted websites, potentially impacting multiple clients and partners. Financially, organizations may face direct losses from theft or indirect costs from incident response, regulatory fines under GDPR for data breaches, and loss of client trust. The deployment of RATs like NetSupport and SectopRAT enables persistent remote access, allowing attackers to conduct prolonged espionage or lateral movement within networks. European firms with less mature cybersecurity defenses or outdated WordPress installations are particularly vulnerable. Additionally, the use of cloud hosting infrastructure by the attackers complicates attribution and takedown efforts, potentially prolonging exposure. The threat also raises concerns about the security of third-party service providers and the integrity of software supply chains in Europe’s legal and professional sectors.

Mitigation Recommendations

European organizations should implement a multi-layered defense strategy beyond generic advice. First, conduct thorough security audits of WordPress sites, ensuring all plugins, themes, and core installations are up to date and sourced from trusted repositories. Employ web application firewalls (WAFs) with specific rules to detect and block malicious payloads and suspicious redirects. Implement strict content security policies (CSP) to limit unauthorized script execution. Monitor DNS and network traffic for connections to known malicious infrastructure linked to MivoCloud and HZ Hosting Ltd. Deploy endpoint detection and response (EDR) solutions capable of identifying RAT behaviors such as NetSupport and SectopRAT. Conduct user awareness training focused on recognizing fake browser update prompts and social engineering lures like ClickFix notifications. Establish incident response plans that include supply-chain compromise scenarios and regularly test backups to ensure rapid recovery. Engage in threat intelligence sharing with industry peers and national cybersecurity centers to stay informed of emerging GrayCharlie tactics. Finally, consider implementing application allowlisting and multi-factor authentication on administrative WordPress accounts to reduce the risk of unauthorized access.

Affected Countries

United Kingdom, Germany, France, Netherlands, Italy, Spain, Belgium

Indicators of Compromise

hash: 08390a5fb95dd1a63585e011885d01e4
hash: 1c19c2e97c5e6b30de69ee684e6e5589
hash: 2bbe998f987858af2756ad72a8df8e4f
hash: 352c6d868b5b01ae99d6a2006a1c6fcb
hash: 38ef725286d584e63c71d3fbab0eaf89
hash: 513d29bcb362c716370990e21c881843
hash: 53179cd9d135d5fa868d3c9c59f59351
hash: 5f024aa8bd4b5eec7abcb33a28c3b2e4
hash: 6186f34c1711a00dc417e47ceb97fb7f
hash: 64f1310f6300870f1c81792733e92e5e
hash: 6766583b498a5dd544548791a5b42da8
hash: 7046504772486b61ceb6cb14f42e8fa1
hash: 8579002d5f31cef7a8d2da0afae1ac29
hash: 87ef82757aba83e7eb63c7c35dbae97a
hash: 8c52e67eeec211199bc11eb330eb03a2
hash: 900f98976449ae4e122683de627c50b7
hash: af735f2b4700aa104f1288b778eeb086
hash: b5d7f8c33c625eb6cee0cfc8136a7ba1
hash: b5ee0be0cae6e5388c82cb1d0894fa4f
hash: b607ac51266ff01890fbd9a5f83f2ce5
hash: b8ae0fb4eebcf3c1d378ff84c97909d6
hash: c45d8f39cad32a206d43f835c4edbfb9
hash: c4f1b50e3111d29774f7525039ff7086
hash: d60980e6066c58706c487f77863a2008
hash: d9d597d1c2b5fb93c5e715aa7aaa3df4
hash: e634763e133b18656cf5cfeea7b11008
hash: ee75b57b9300aab96530503bfae8a2f2
hash: fce17b987f321dce852c8a52116e7eb6
hash: fff302d8d344d74d01904aff9b7ec75a
hash: 020679101727de55cee769375f4332784b788007
hash: 0448ec0d30fc0ee4fca250b81004198e49d8847d
hash: 0cd925d723a13f05f42564dea2e9d2f5ab58a7aa
hash: 0f93a9a00e3d4b36c554d9abfb42fddcc4ce344c
hash: 188fbca265e418831352e36d9a6af8a763428310
hash: 1ef1dac7a649b77758d61bad607d315b3c9a8439
hash: 22d1967c66fdc4155c2369654f32f29321ab8c2c
hash: 2329b477f5eca51bb73e332a11a5f69dfe71ab2f
hash: 3470d0f9dd75bc9b26dd9418af2d29b5bbf21d07
hash: 3498e5123f367ab41abe107887aecdf59393f286
hash: 39cd8e0ec8ce8c4505289323d832af733098351d
hash: 41c02f202b6d8bf745b7435eef44665c84f6ed60
hash: 4fbf867e3c691edc4cadaa7f637b37b727368911
hash: 5734ef7f9e4dba0639c98881e00f03eea35a62ee
hash: 57539c95cba0986ec8df0fcdea433e7c71b724c6
hash: 5bfb2961a5781834439ea1d5b92184729300f325
hash: 6cab7116f3c82193be4620c25934a9451f800ba2
hash: 705218791dc6d4eccd0823a66fcaf3f3c6f42881
hash: 7418c4ddeecba68e253e89622ad9ca45597d9350
hash: 7bfea7d0895c51d56f01b266c5b26c18c8b7678c
hash: 98dd757e1c1fa8b5605bda892aa0b82ebefa1f07
hash: 9be08b5a0844962900e123ddcf3b33c2c084cc91
hash: c672b7d57d6b07ddf0d759556079d6267749fdfd
hash: cd6b672a51a2bf78d89359a49b6a068475958209
hash: cf19189b18e1a9a2c3cbc350769779ba3752575f
hash: e0b62f7ebbcb2beb802082ef1409d27b3e2e0b77
hash: e41a92c8ffb8bdb0ec17c106482a311e03bb0dd4
hash: e9473d711a204a2febebcba79f9b7f0bfdde6871
hash: f059016354e9f48b0db9eac4751d4746e4134492
hash: 06a0a243811e9c4738a9d413597659ca8d07b00f640b74adc9cb351c179b3268
hash: 0e9df9294c36702eee970efcb4a70b6ddb433190ab661273e2e559185c55b6c1
hash: 112bf17e7c0d0695e9229d60f0d2734c6b96d7edfb41ea3e98e518f4fb1ae6e9
hash: 11370e108c8e7a53e52f01df0829c8addb5833145618a7701fbedbb1d837a43d
hash: 15dfe9d443027ba01b8f54f415fd74d373b3a06017db8ef110fb55b33357b190
hash: 16c8b5e10135d168d73a553a4bda51628e5b4fd419c0ecd47ca4cd7aa864ebd5
hash: 18df68d1581c11130c139fa52abb74dfd098a9af698a250645d6a4a65efcbf2d
hash: 1900ca9b482273df3127e221526023c025808d8fd65769a418fe1f346e7d41e2
hash: 1c389bf1859a00c58b6a97c02fc26c2fe9766c43e06242a94e92b6585b62398b
hash: 21a24922b29742977c4f7e25dd2be056dc02bc5e70c98e32ec3e0c6206f4d9ef
hash: 312a0e4db34a40cb95ba1fac8bf87deb45d0c5f048d38ac65eb060273b07df67
hash: 31804c48f9294c9fa7c165c89e487bfbebeda6daf3244ad30b93122bf933c79c
hash: 31f69d67eca6f3fc837e8d10dff4e2fb6643e33c118cff87df4fee2b183bf0e0
hash: 37e8b57ff4d724053b1917dc6edaca0708d44ceecd00cab7e4cabb336c2868d7
hash: 3ac57bea954ce68dc937f6954ae8a6a19a367a579aeeda7cc93ddd5968fae250
hash: 3ada20fbd80ec7f536db8303a5fa029af741a6914de61376ac8f81ac3ac728fd
hash: 3b5658532bc4058131689c5641def85d7ae25d5b837d3d1aff3af7bb25581f17
hash: 3c499faac4b973c237670f046973691a245ecd735ffebcca3e93337d94b71cde
hash: 3c4b87be8450e3120b7ad2b11ff59850950beb39906dc1636b3ee7b6390f2086
hash: 4732f025a2a69f6c40787854c5da122689702f00f4f423061bb30ab7fa1e98d3
hash: 5381b2a7a77448c4908f5c79d21631f56c88ead0365981cac1dcaafe493c313e
hash: 53e9511401000f61c9d910b92cd6d5a58e38ae541975135944885e53fa91ecb7
hash: 59e7e7698d77531bfbfea4739d29c14e188b5d3109f63881b9bcc87c72e9de78
hash: 5dfbd8cf98ebd4977d4f240dcabd5cd67b936c0095c2d5b9a77896daea877df6
hash: 5eebdb584a1acd6aacc36c59c22ec51bbd077d2dbbe0890b52e62fa6fb9cf784
hash: 5f1bd92ad6edea67762c7101cb810dc28fd861f7b8c62e6459226b7ea54e1428
hash: 5ff742e134e3d17ec7abea435f718e8f5603b95e7984e024b2310ac9ef862ddf
hash: 60ff43424c0ba9dc259ab32405345ef325a4cb4d0baf0c0b0c13f9d3672e99eb
hash: 68c6411cc9afa68047641932530cf7201f17029167d4811375f1458cae32c7bd
hash: 6b2c41b42f75e64d435ba56c2f2b6d79a11b862a2d994487dab3e51e298bc5c9
hash: 6b93b7372941a09f1ea69f8b71c5c4e211ea0f8a24061e702002ca84457bcddd
hash: 6d0857a9c77f9c5f2a5e6921e1cb9f7e1a5d6b947ad63b364d291157d3f840fb
hash: 70f3a6fdbbc5e2ae79c28b48b6478ee3c8ea6f2b705ca9dc9bf8e63a4f6e0c8d
hash: 72baf2ecb0a9df607e54b64c0925ffc6739ab5a8b18900bf5c1930bcc799395d
hash: 748d546c6db44f6aa4bbb8e586d79f56c63fa87580eb19a0f2d5079cbe0952b7
hash: 79040421b5a48dcc6e611dfe187b2f3e355791ad8511adb84f5c0948aa1d6c89
hash: 797ae2dbb2c538710fefe75dbe380b9f55b614cb03c4ae09bb3172e8234dd9d9
hash: 7a73ae8cca6ce6fa88f89d6154811cb453d6e6db9fa8ed5fbdaf8895aae601a5
hash: 7b19538dcf6d4bb84590c458f09c5707c8db53a42861fa56533c49c1a3acd953
hash: 7e3634bfd66e601d7585b237437f11f7d614b33705ba5f7bd75ab176c8250d38
hash: 858dfa529b960c6f6226b53beb55ba1900d3f498ba7be40724ed5c16d7d5a44b
hash: 871e5629d9c8898babf3ed579586e3f5f94a6c4623d3a0a7f9a99bf9d95ffc7b
hash: 8763749fd09245e7fa8c0ee2cc797d5520a9ef5d6846f044a0cd7c969c4bd7d4
hash: 89d839bbdc786c006304f3c6c6939150380aaa9e84d82bc31cdf0cf7609a6243
hash: 8b21fbd40c89763f51d5e06680c0971623500f4724c25958446bac794797057b
hash: 8baebd525324297faf86639266060172ded963767c832a609a991fa92c8463ab
hash: 8d1ed904d90e08048f42cdc9a25c2159f0f8dc4aa9dc01b0207645ea53abe189
hash: 957ab8417606ad41ad31f006d997af3f647dd5215af899551d08b3b472a4bc85
hash: a0332fe0baa316fe793e757f9cf5938b099e97dc4624ead6f3bad8555c8a419b
hash: a1482e62ecc89696a75adea7052c2e98a75c9d37304723abd110d60962bafdb7
hash: a28d0c82a2a37462c2975b5eda7f91e8fc3c2ed50abfe357948ec4faabbd4951
hash: a6637685091835826e62af279cc6c648188797f9edc05a2399a6686349102774
hash: a6f1f68827303e655488c8d54b3be3ce8b1097f3ff374a2e4bc82ff96812781c
hash: abc5b2118bc1d8c82f3726a5e30cf22ae3fa1c572dd3327b281ea6fd97ae9c06
hash: afc45cc0df7f7e481bff45c6f62a6418b6ae4c8b474ec36113e05ab7ca7e2743
hash: b1f91355a8472e364e07f05dc69bbd9c74dc1943e9c4475f46c2b448bb6d6e5d
hash: b2b7218c3f649b9077510aac309357e884c314e0f488abed391415defb249f4c
hash: b6b685fe020c481161060df9dbef0fc205cde479056c18aaeae184daa3f8a9c0
hash: b784301cb2edafea875f779cf24e018f06732561069f6c4c3d86548029671642
hash: ba557bd6b2c1d3297b2c9bd7294e47b9ad9ec6a937cddc879dd563c61a9abcbd
hash: bb451151e52f0868f98e32d26ffa7c2be412b47cd470bf90d3cfe777b4a19f85
hash: bd39f32177dc7a20f5087c5460ebf589035d9051336c69f07a26398f76aec40e
hash: bf37542e9eb7a3b2f51d107e56d7551e6248f06ce18918e3dda2ebe9da1b0e80
hash: bf97c4ff35b5e2c039aa1f1a9a164b7ec4d9339a631c84910b9a4d03b7927b8a
hash: c2ba0018de8dcf0abfb2669cce95ed09377e9a9da7ff8e74e95688c99a025634
hash: c3d797e67edf0dd435808f2f79ff4bfd0cf9177307f4a112b7da09f7dfdd8f2e
hash: c441afb337c4803eed20ae255fbad3cdfac2800475c51e00a55369909efb4c89
hash: cc6ad344d30178e04e49ab16cd43744925676562aded051835fb3f73401f31fa
hash: ceab18331f785d0bf215f551b90f00567e36d339ba8e3ed8e45c0ad410b25808
hash: d02a1eb597c66b602ac7d55095f771345ff5e90905ea12e523df2095030752b6
hash: d6142f48664208710bab9fcab8dfcda66ad75ad756d2ce9c3aa243dcbc29bf4a
hash: d665a8547baf067f2216821ecd4145eab1c75868f024d09140fb265b819d5194
hash: d8d2092e174240d7bac63a9e1c199b442e1cb0f39d7fa32510b1aa7717c3ae38
hash: e24de02415946133176b66017d54a5dcd7270c83f5ef01d79faff4e64d13c63b
hash: e5502722c2bb84876903549445534c47cdaa586a0bb1e5b3a53162d75cc6cb28
hash: e66ae0ac443b5140a1b35b5aaa6899eea296d9d633988eb044a395a34a887431
hash: e92e01977d85f6834f57bd09e29e654b10da798844e4a64470cb22dac78bef93
hash: e9723a2a9ca45787c35b864605a6be71ccf12b2d96dad8e7fc39117f7ba29abb
hash: f28bb7bc5c801d5444ba6816e3a91d5bfaf0307578b7a1529415fc220fd9e9e8
hash: f86b6aa11a276c24dd80db48f43c8a2f0c8df6e5426a7a0fee322c0427421ebb
ip: 185.163.45.130
ip: 185.163.45.16
ip: 185.163.45.30
ip: 185.163.45.41
ip: 185.163.45.61
ip: 185.163.45.73
ip: 185.163.45.87
ip: 185.163.45.97
ip: 185.225.17.74
ip: 185.231.245.158
ip: 194.180.191.121
ip: 194.180.191.168
ip: 194.180.191.17
ip: 194.180.191.171
ip: 194.180.191.18
ip: 194.180.191.189
ip: 194.180.191.209
ip: 194.180.191.51
ip: 217.114.15.253
ip: 23.140.40.66
ip: 45.153.191.245
ip: 46.29.163.28
ip: 5.181.156.234
ip: 5.181.156.244
ip: 5.181.159.112
ip: 5.181.159.139
ip: 5.181.159.140
ip: 5.181.159.142
ip: 5.181.159.143
ip: 5.181.159.29
ip: 5.181.159.38
ip: 5.181.159.60
ip: 5.181.159.62
ip: 5.181.159.9
ip: 5.252.177.120
ip: 5.252.177.15
ip: 5.252.178.123
ip: 5.252.178.23
ip: 5.252.178.35
ip: 89.169.12.48
ip: 89.253.222.156
ip: 89.253.222.25
ip: 94.158.245.104
ip: 94.158.245.111
ip: 94.158.245.115
ip: 94.158.245.118
ip: 94.158.245.13
ip: 94.158.245.131
ip: 94.158.245.135
ip: 94.158.245.137
ip: 94.158.245.140
ip: 94.158.245.153
ip: 94.158.245.170
ip: 94.158.245.174
ip: 94.158.245.56
ip: 94.158.245.63
ip: 94.158.245.66
ip: 94.158.245.81
ip: 95.182.123.86
url: https://joiner.best/work/original.js
url: https://persistancejs.store/work/original.js
url: https://signaturepl.com/work/index.php?abje2LAw
domain: 108zhao.shop
domain: 1sou.top
domain: 6hms.top
domain: 789pettoys.shop
domain: 7serv.top
domain: 99wc.top
domain: abocamuseum.icu
domain: actionmovies.top
domain: alcmz.top
domain: alhasba.com
domain: anoteryo.top
domain: arearugs.top
domain: as5yo.top
domain: ashesplayer.top
domain: avodaride.top
domain: azyaamode.shop
domain: baihao.shop
domain: baihuah.top
domain: bedoueroom.top
domain: bestproductreviews.xyz
domain: bestrollerballpen.top
domain: bianchilawgroup.com
domain: blogdojhow.com
domain: bnpparibas.top
domain: bokra.top
domain: bond007.xyz
domain: boxworld.top
domain: brattonlawgroup.com
domain: brighterdaylaw.com
domain: bstionline.com
domain: buildingjobs.xyz
domain: buscavuelosbaratos.top
domain: buyedmeds.top
domain: buylisinopril.top
domain: celebrex.top
domain: chaojiwang.top
domain: chenyiwen.top
domain: chinapark.top
domain: christianlouboutin2017.top
domain: cialissale.top
domain: cinselurunler.xyz
domain: coinseasygenerator.top
domain: couterfv.top
domain: couturella.shop
domain: covaticonstructioncorp.shop
domain: cozartan.top
domain: cryptohardware.shop
domain: dcdh4.shop
domain: dealermobil.top
domain: defensegroup.com
domain: depechemode.shop
domain: directoryframework.top
domain: discountmontblanc.top
domain: discoveronline.top
domain: doodstream.shop
domain: downloadfreak.top
domain: dwicriminallawcenter.com
domain: erectilehelp.top
domain: filmezz.top
domain: filmlerzltyazilimsx.shop
domain: fisherstonelaw.com
domain: fjs95.shop
domain: fmovies123.top
domain: foolowme.com
domain: forging.top
domain: fragzone.top
domain: franquicias.top
domain: fuckhdmov.top
domain: gededewe.shop
domain: getin.top
domain: glitterygadgets.shop
domain: gmartph.shop
domain: gmt-a.shop
domain: grandzxc.bet
domain: guosong.top
domain: haidao10.top
domain: headtechnologies.xyz
domain: healthcareplans.top
domain: heim-k.shop
domain: helperection.top
domain: hilfe-ed.top
domain: hirek.top
domain: howtogetaloan.top
domain: ida-ci.com
domain: islighting.top
domain: iwine.top
domain: izone.digital
domain: jarrettfirm.com
domain: jerseysus.top
domain: jiezishijie.top
domain: jkse.shop
domain: joiner.best
domain: jsmakert.shop
domain: k2bsc.top
domain: kaestner.top
domain: kanshuwang.top
domain: kazumaka.top
domain: kfzversicherungskosten.top
domain: khusinhthaidanphuong.top
domain: kingdomholding.top
domain: krediteonlinevergleichen.top
domain: lang3666.top
domain: langwonet.top
domain: layardrama21.top
domain: lebensversicherungvergleich.top
domain: levciavia.top
domain: linhua97.top
domain: linksoflondononsale.top
domain: linksoflondonsale.top
domain: liruo.top
domain: liveskortv.shop
domain: loanonline.top
domain: loispaigesimenson.com
domain: losartan.top
domain: lovedou.top
domain: lowi1.com
domain: lqsword.top
domain: lx7v9.top
domain: lycosex.top
domain: machine-a-plastifier.com
domain: manwithedhelp.top
domain: marmocer.top
domain: mbpen163.top
domain: medicamentsbonmarche.top
domain: meimei68.top
domain: menjimmychooonline.top
domain: milebox.shop
domain: mindsetgrowth.shop
domain: mm37.icu
domain: monclerjackets.top
domain: morniksell.com
domain: moruk.xyz
domain: motocyclenews.top
domain: moviefone.top
domain: moviesone.top
domain: movtime76.shop
domain: movtime78.shop
domain: musicdownloader.top
domain: my-privatebanker.top
domain: mybeststream.xyz
domain: nackt-bilder.top
domain: nana44.shop
domain: newbalancesport.top
domain: palcomp3.top
domain: parisforrent.top
domain: pasangiklan.top
domain: patekphillipwatches.top
domain: persistancejs.store
domain: pielsteel.top
domain: pomofight.com
domain: port4loms.com
domain: pravaix.top
domain: rag382.top
domain: raineyandrainey.com
domain: rasin.shop
domain: rbbfirm.com
domain: refanprediction.shop
domain: regopramide.top
domain: rmvlawyer.com
domain: rnsddse.top
domain: sales2016.top
domain: sdnews.top
domain: searchgo.shop
domain: searchweb.top
domain: semikeren.icu
domain: signaturepl.com
domain: simvascor.icu
domain: simvascor.top
domain: snapcans.top
domain: sneakermall.top
domain: soap2dayfree.top
domain: socialsignals.shop
domain: socksforrocks.shop
domain: streaming-films.xyz
domain: syavsp5.top
domain: tdsc.top
domain: tiffanyearringforwomen.top
domain: todoarmarios.top
domain: todocalefactores.top
domain: todocarritos.top
domain: travelplace.top
domain: trendings.top
domain: universaltechnology.top
domain: uochut.shop
domain: via345.top
domain: villahome.top
domain: viloriterso.icu
domain: vimsltd.com
domain: viptravelcentres.com
domain: vog168.top
domain: wandan.top
domain: wap9.top
domain: warpdrive.top
domain: watchesbest.top
domain: wavob.top
domain: wdwnp.top
domain: xelesex.top
domain: ydh7.shop
domain: yntz6.shop
domain: youtubevideo.top
domain: yungask.com
domain: yxta.top
domain: yybvf.top
domain: zaheirx.shop
domain: zakachka.top
domain: zerolendnow.top
domain: zt45gg.top
domain: mailum.com
domain: www.brentadams.com
domain: www.cfblaw.com
domain: www.gerlinglaw.com
domain: www.immigration-defense.com
domain: www.schwartzandschwartz.com

Law Firm Sites Hijacked in Suspected Supply-Chain Attack

Severity: medium

Type: malware

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

United Kingdom, Germany, France, Netherlands, Italy, Spain, Belgium

Indicators of Compromise

hash: 08390a5fb95dd1a63585e011885d01e4
hash: 1c19c2e97c5e6b30de69ee684e6e5589
hash: 2bbe998f987858af2756ad72a8df8e4f
hash: 352c6d868b5b01ae99d6a2006a1c6fcb
hash: 38ef725286d584e63c71d3fbab0eaf89
hash: 513d29bcb362c716370990e21c881843
hash: 53179cd9d135d5fa868d3c9c59f59351
hash: 5f024aa8bd4b5eec7abcb33a28c3b2e4
hash: 6186f34c1711a00dc417e47ceb97fb7f
hash: 64f1310f6300870f1c81792733e92e5e
hash: 6766583b498a5dd544548791a5b42da8
hash: 7046504772486b61ceb6cb14f42e8fa1
hash: 8579002d5f31cef7a8d2da0afae1ac29
hash: 87ef82757aba83e7eb63c7c35dbae97a
hash: 8c52e67eeec211199bc11eb330eb03a2
hash: 900f98976449ae4e122683de627c50b7
hash: af735f2b4700aa104f1288b778eeb086
hash: b5d7f8c33c625eb6cee0cfc8136a7ba1
hash: b5ee0be0cae6e5388c82cb1d0894fa4f
hash: b607ac51266ff01890fbd9a5f83f2ce5
hash: b8ae0fb4eebcf3c1d378ff84c97909d6
hash: c45d8f39cad32a206d43f835c4edbfb9
hash: c4f1b50e3111d29774f7525039ff7086
hash: d60980e6066c58706c487f77863a2008
hash: d9d597d1c2b5fb93c5e715aa7aaa3df4
hash: e634763e133b18656cf5cfeea7b11008
hash: ee75b57b9300aab96530503bfae8a2f2
hash: fce17b987f321dce852c8a52116e7eb6
hash: fff302d8d344d74d01904aff9b7ec75a
hash: 020679101727de55cee769375f4332784b788007
hash: 0448ec0d30fc0ee4fca250b81004198e49d8847d
hash: 0cd925d723a13f05f42564dea2e9d2f5ab58a7aa
hash: 0f93a9a00e3d4b36c554d9abfb42fddcc4ce344c
hash: 188fbca265e418831352e36d9a6af8a763428310
hash: 1ef1dac7a649b77758d61bad607d315b3c9a8439
hash: 22d1967c66fdc4155c2369654f32f29321ab8c2c
hash: 2329b477f5eca51bb73e332a11a5f69dfe71ab2f
hash: 3470d0f9dd75bc9b26dd9418af2d29b5bbf21d07
hash: 3498e5123f367ab41abe107887aecdf59393f286
hash: 39cd8e0ec8ce8c4505289323d832af733098351d
hash: 41c02f202b6d8bf745b7435eef44665c84f6ed60
hash: 4fbf867e3c691edc4cadaa7f637b37b727368911
hash: 5734ef7f9e4dba0639c98881e00f03eea35a62ee
hash: 57539c95cba0986ec8df0fcdea433e7c71b724c6
hash: 5bfb2961a5781834439ea1d5b92184729300f325
hash: 6cab7116f3c82193be4620c25934a9451f800ba2
hash: 705218791dc6d4eccd0823a66fcaf3f3c6f42881
hash: 7418c4ddeecba68e253e89622ad9ca45597d9350
hash: 7bfea7d0895c51d56f01b266c5b26c18c8b7678c
hash: 98dd757e1c1fa8b5605bda892aa0b82ebefa1f07
hash: 9be08b5a0844962900e123ddcf3b33c2c084cc91
hash: c672b7d57d6b07ddf0d759556079d6267749fdfd
hash: cd6b672a51a2bf78d89359a49b6a068475958209
hash: cf19189b18e1a9a2c3cbc350769779ba3752575f
hash: e0b62f7ebbcb2beb802082ef1409d27b3e2e0b77
hash: e41a92c8ffb8bdb0ec17c106482a311e03bb0dd4
hash: e9473d711a204a2febebcba79f9b7f0bfdde6871
hash: f059016354e9f48b0db9eac4751d4746e4134492
hash: 06a0a243811e9c4738a9d413597659ca8d07b00f640b74adc9cb351c179b3268
hash: 0e9df9294c36702eee970efcb4a70b6ddb433190ab661273e2e559185c55b6c1
hash: 112bf17e7c0d0695e9229d60f0d2734c6b96d7edfb41ea3e98e518f4fb1ae6e9
hash: 11370e108c8e7a53e52f01df0829c8addb5833145618a7701fbedbb1d837a43d
hash: 15dfe9d443027ba01b8f54f415fd74d373b3a06017db8ef110fb55b33357b190
hash: 16c8b5e10135d168d73a553a4bda51628e5b4fd419c0ecd47ca4cd7aa864ebd5
hash: 18df68d1581c11130c139fa52abb74dfd098a9af698a250645d6a4a65efcbf2d
hash: 1900ca9b482273df3127e221526023c025808d8fd65769a418fe1f346e7d41e2
hash: 1c389bf1859a00c58b6a97c02fc26c2fe9766c43e06242a94e92b6585b62398b
hash: 21a24922b29742977c4f7e25dd2be056dc02bc5e70c98e32ec3e0c6206f4d9ef
hash: 312a0e4db34a40cb95ba1fac8bf87deb45d0c5f048d38ac65eb060273b07df67
hash: 31804c48f9294c9fa7c165c89e487bfbebeda6daf3244ad30b93122bf933c79c
hash: 31f69d67eca6f3fc837e8d10dff4e2fb6643e33c118cff87df4fee2b183bf0e0
hash: 37e8b57ff4d724053b1917dc6edaca0708d44ceecd00cab7e4cabb336c2868d7
hash: 3ac57bea954ce68dc937f6954ae8a6a19a367a579aeeda7cc93ddd5968fae250
hash: 3ada20fbd80ec7f536db8303a5fa029af741a6914de61376ac8f81ac3ac728fd
hash: 3b5658532bc4058131689c5641def85d7ae25d5b837d3d1aff3af7bb25581f17
hash: 3c499faac4b973c237670f046973691a245ecd735ffebcca3e93337d94b71cde
hash: 3c4b87be8450e3120b7ad2b11ff59850950beb39906dc1636b3ee7b6390f2086
hash: 4732f025a2a69f6c40787854c5da122689702f00f4f423061bb30ab7fa1e98d3
hash: 5381b2a7a77448c4908f5c79d21631f56c88ead0365981cac1dcaafe493c313e
hash: 53e9511401000f61c9d910b92cd6d5a58e38ae541975135944885e53fa91ecb7
hash: 59e7e7698d77531bfbfea4739d29c14e188b5d3109f63881b9bcc87c72e9de78
hash: 5dfbd8cf98ebd4977d4f240dcabd5cd67b936c0095c2d5b9a77896daea877df6
hash: 5eebdb584a1acd6aacc36c59c22ec51bbd077d2dbbe0890b52e62fa6fb9cf784
hash: 5f1bd92ad6edea67762c7101cb810dc28fd861f7b8c62e6459226b7ea54e1428
hash: 5ff742e134e3d17ec7abea435f718e8f5603b95e7984e024b2310ac9ef862ddf
hash: 60ff43424c0ba9dc259ab32405345ef325a4cb4d0baf0c0b0c13f9d3672e99eb
hash: 68c6411cc9afa68047641932530cf7201f17029167d4811375f1458cae32c7bd
hash: 6b2c41b42f75e64d435ba56c2f2b6d79a11b862a2d994487dab3e51e298bc5c9
hash: 6b93b7372941a09f1ea69f8b71c5c4e211ea0f8a24061e702002ca84457bcddd
hash: 6d0857a9c77f9c5f2a5e6921e1cb9f7e1a5d6b947ad63b364d291157d3f840fb
hash: 70f3a6fdbbc5e2ae79c28b48b6478ee3c8ea6f2b705ca9dc9bf8e63a4f6e0c8d
hash: 72baf2ecb0a9df607e54b64c0925ffc6739ab5a8b18900bf5c1930bcc799395d
hash: 748d546c6db44f6aa4bbb8e586d79f56c63fa87580eb19a0f2d5079cbe0952b7
hash: 79040421b5a48dcc6e611dfe187b2f3e355791ad8511adb84f5c0948aa1d6c89
hash: 797ae2dbb2c538710fefe75dbe380b9f55b614cb03c4ae09bb3172e8234dd9d9
hash: 7a73ae8cca6ce6fa88f89d6154811cb453d6e6db9fa8ed5fbdaf8895aae601a5
hash: 7b19538dcf6d4bb84590c458f09c5707c8db53a42861fa56533c49c1a3acd953
hash: 7e3634bfd66e601d7585b237437f11f7d614b33705ba5f7bd75ab176c8250d38
hash: 858dfa529b960c6f6226b53beb55ba1900d3f498ba7be40724ed5c16d7d5a44b
hash: 871e5629d9c8898babf3ed579586e3f5f94a6c4623d3a0a7f9a99bf9d95ffc7b
hash: 8763749fd09245e7fa8c0ee2cc797d5520a9ef5d6846f044a0cd7c969c4bd7d4
hash: 89d839bbdc786c006304f3c6c6939150380aaa9e84d82bc31cdf0cf7609a6243
hash: 8b21fbd40c89763f51d5e06680c0971623500f4724c25958446bac794797057b
hash: 8baebd525324297faf86639266060172ded963767c832a609a991fa92c8463ab
hash: 8d1ed904d90e08048f42cdc9a25c2159f0f8dc4aa9dc01b0207645ea53abe189
hash: 957ab8417606ad41ad31f006d997af3f647dd5215af899551d08b3b472a4bc85
hash: a0332fe0baa316fe793e757f9cf5938b099e97dc4624ead6f3bad8555c8a419b
hash: a1482e62ecc89696a75adea7052c2e98a75c9d37304723abd110d60962bafdb7
hash: a28d0c82a2a37462c2975b5eda7f91e8fc3c2ed50abfe357948ec4faabbd4951
hash: a6637685091835826e62af279cc6c648188797f9edc05a2399a6686349102774
hash: a6f1f68827303e655488c8d54b3be3ce8b1097f3ff374a2e4bc82ff96812781c
hash: abc5b2118bc1d8c82f3726a5e30cf22ae3fa1c572dd3327b281ea6fd97ae9c06
hash: afc45cc0df7f7e481bff45c6f62a6418b6ae4c8b474ec36113e05ab7ca7e2743
hash: b1f91355a8472e364e07f05dc69bbd9c74dc1943e9c4475f46c2b448bb6d6e5d
hash: b2b7218c3f649b9077510aac309357e884c314e0f488abed391415defb249f4c
hash: b6b685fe020c481161060df9dbef0fc205cde479056c18aaeae184daa3f8a9c0
hash: b784301cb2edafea875f779cf24e018f06732561069f6c4c3d86548029671642
hash: ba557bd6b2c1d3297b2c9bd7294e47b9ad9ec6a937cddc879dd563c61a9abcbd
hash: bb451151e52f0868f98e32d26ffa7c2be412b47cd470bf90d3cfe777b4a19f85
hash: bd39f32177dc7a20f5087c5460ebf589035d9051336c69f07a26398f76aec40e
hash: bf37542e9eb7a3b2f51d107e56d7551e6248f06ce18918e3dda2ebe9da1b0e80
hash: bf97c4ff35b5e2c039aa1f1a9a164b7ec4d9339a631c84910b9a4d03b7927b8a
hash: c2ba0018de8dcf0abfb2669cce95ed09377e9a9da7ff8e74e95688c99a025634
hash: c3d797e67edf0dd435808f2f79ff4bfd0cf9177307f4a112b7da09f7dfdd8f2e
hash: c441afb337c4803eed20ae255fbad3cdfac2800475c51e00a55369909efb4c89
hash: cc6ad344d30178e04e49ab16cd43744925676562aded051835fb3f73401f31fa
hash: ceab18331f785d0bf215f551b90f00567e36d339ba8e3ed8e45c0ad410b25808
hash: d02a1eb597c66b602ac7d55095f771345ff5e90905ea12e523df2095030752b6
hash: d6142f48664208710bab9fcab8dfcda66ad75ad756d2ce9c3aa243dcbc29bf4a
hash: d665a8547baf067f2216821ecd4145eab1c75868f024d09140fb265b819d5194
hash: d8d2092e174240d7bac63a9e1c199b442e1cb0f39d7fa32510b1aa7717c3ae38
hash: e24de02415946133176b66017d54a5dcd7270c83f5ef01d79faff4e64d13c63b
hash: e5502722c2bb84876903549445534c47cdaa586a0bb1e5b3a53162d75cc6cb28
hash: e66ae0ac443b5140a1b35b5aaa6899eea296d9d633988eb044a395a34a887431
hash: e92e01977d85f6834f57bd09e29e654b10da798844e4a64470cb22dac78bef93
hash: e9723a2a9ca45787c35b864605a6be71ccf12b2d96dad8e7fc39117f7ba29abb
hash: f28bb7bc5c801d5444ba6816e3a91d5bfaf0307578b7a1529415fc220fd9e9e8
hash: f86b6aa11a276c24dd80db48f43c8a2f0c8df6e5426a7a0fee322c0427421ebb
ip: 185.163.45.130
ip: 185.163.45.16
ip: 185.163.45.30
ip: 185.163.45.41
ip: 185.163.45.61
ip: 185.163.45.73
ip: 185.163.45.87
ip: 185.163.45.97
ip: 185.225.17.74
ip: 185.231.245.158
ip: 194.180.191.121
ip: 194.180.191.168
ip: 194.180.191.17
ip: 194.180.191.171
ip: 194.180.191.18
ip: 194.180.191.189
ip: 194.180.191.209
ip: 194.180.191.51
ip: 217.114.15.253
ip: 23.140.40.66
ip: 45.153.191.245
ip: 46.29.163.28
ip: 5.181.156.234
ip: 5.181.156.244
ip: 5.181.159.112
ip: 5.181.159.139
ip: 5.181.159.140
ip: 5.181.159.142
ip: 5.181.159.143
ip: 5.181.159.29
ip: 5.181.159.38
ip: 5.181.159.60
ip: 5.181.159.62
ip: 5.181.159.9
ip: 5.252.177.120
ip: 5.252.177.15
ip: 5.252.178.123
ip: 5.252.178.23
ip: 5.252.178.35
ip: 89.169.12.48
ip: 89.253.222.156
ip: 89.253.222.25
ip: 94.158.245.104
ip: 94.158.245.111
ip: 94.158.245.115
ip: 94.158.245.118
ip: 94.158.245.13
ip: 94.158.245.131
ip: 94.158.245.135
ip: 94.158.245.137
ip: 94.158.245.140
ip: 94.158.245.153
ip: 94.158.245.170
ip: 94.158.245.174
ip: 94.158.245.56
ip: 94.158.245.63
ip: 94.158.245.66
ip: 94.158.245.81
ip: 95.182.123.86
url: https://joiner.best/work/original.js
url: https://persistancejs.store/work/original.js
url: https://signaturepl.com/work/index.php?abje2LAw
domain: 108zhao.shop
domain: 1sou.top
domain: 6hms.top
domain: 789pettoys.shop
domain: 7serv.top
domain: 99wc.top
domain: abocamuseum.icu
domain: actionmovies.top
domain: alcmz.top
domain: alhasba.com
domain: anoteryo.top
domain: arearugs.top
domain: as5yo.top
domain: ashesplayer.top
domain: avodaride.top
domain: azyaamode.shop
domain: baihao.shop
domain: baihuah.top
domain: bedoueroom.top
domain: bestproductreviews.xyz
domain: bestrollerballpen.top
domain: bianchilawgroup.com
domain: blogdojhow.com
domain: bnpparibas.top
domain: bokra.top
domain: bond007.xyz
domain: boxworld.top
domain: brattonlawgroup.com
domain: brighterdaylaw.com
domain: bstionline.com
domain: buildingjobs.xyz
domain: buscavuelosbaratos.top
domain: buyedmeds.top
domain: buylisinopril.top
domain: celebrex.top
domain: chaojiwang.top
domain: chenyiwen.top
domain: chinapark.top
domain: christianlouboutin2017.top
domain: cialissale.top
domain: cinselurunler.xyz
domain: coinseasygenerator.top
domain: couterfv.top
domain: couturella.shop
domain: covaticonstructioncorp.shop
domain: cozartan.top
domain: cryptohardware.shop
domain: dcdh4.shop
domain: dealermobil.top
domain: defensegroup.com
domain: depechemode.shop
domain: directoryframework.top
domain: discountmontblanc.top
domain: discoveronline.top
domain: doodstream.shop
domain: downloadfreak.top
domain: dwicriminallawcenter.com
domain: erectilehelp.top
domain: filmezz.top
domain: filmlerzltyazilimsx.shop
domain: fisherstonelaw.com
domain: fjs95.shop
domain: fmovies123.top
domain: foolowme.com
domain: forging.top
domain: fragzone.top
domain: franquicias.top
domain: fuckhdmov.top
domain: gededewe.shop
domain: getin.top
domain: glitterygadgets.shop
domain: gmartph.shop
domain: gmt-a.shop
domain: grandzxc.bet
domain: guosong.top
domain: haidao10.top
domain: headtechnologies.xyz
domain: healthcareplans.top
domain: heim-k.shop
domain: helperection.top
domain: hilfe-ed.top
domain: hirek.top
domain: howtogetaloan.top
domain: ida-ci.com
domain: islighting.top
domain: iwine.top
domain: izone.digital
domain: jarrettfirm.com
domain: jerseysus.top
domain: jiezishijie.top
domain: jkse.shop
domain: joiner.best
domain: jsmakert.shop
domain: k2bsc.top
domain: kaestner.top
domain: kanshuwang.top
domain: kazumaka.top
domain: kfzversicherungskosten.top
domain: khusinhthaidanphuong.top
domain: kingdomholding.top
domain: krediteonlinevergleichen.top
domain: lang3666.top
domain: langwonet.top
domain: layardrama21.top
domain: lebensversicherungvergleich.top
domain: levciavia.top
domain: linhua97.top
domain: linksoflondononsale.top
domain: linksoflondonsale.top
domain: liruo.top
domain: liveskortv.shop
domain: loanonline.top
domain: loispaigesimenson.com
domain: losartan.top
domain: lovedou.top
domain: lowi1.com
domain: lqsword.top
domain: lx7v9.top
domain: lycosex.top
domain: machine-a-plastifier.com
domain: manwithedhelp.top
domain: marmocer.top
domain: mbpen163.top
domain: medicamentsbonmarche.top
domain: meimei68.top
domain: menjimmychooonline.top
domain: milebox.shop
domain: mindsetgrowth.shop
domain: mm37.icu
domain: monclerjackets.top
domain: morniksell.com
domain: moruk.xyz
domain: motocyclenews.top
domain: moviefone.top
domain: moviesone.top
domain: movtime76.shop
domain: movtime78.shop
domain: musicdownloader.top
domain: my-privatebanker.top
domain: mybeststream.xyz
domain: nackt-bilder.top
domain: nana44.shop
domain: newbalancesport.top
domain: palcomp3.top
domain: parisforrent.top
domain: pasangiklan.top
domain: patekphillipwatches.top
domain: persistancejs.store
domain: pielsteel.top
domain: pomofight.com
domain: port4loms.com
domain: pravaix.top
domain: rag382.top
domain: raineyandrainey.com
domain: rasin.shop
domain: rbbfirm.com
domain: refanprediction.shop
domain: regopramide.top
domain: rmvlawyer.com
domain: rnsddse.top
domain: sales2016.top
domain: sdnews.top
domain: searchgo.shop
domain: searchweb.top
domain: semikeren.icu
domain: signaturepl.com
domain: simvascor.icu
domain: simvascor.top
domain: snapcans.top
domain: sneakermall.top
domain: soap2dayfree.top
domain: socialsignals.shop
domain: socksforrocks.shop
domain: streaming-films.xyz
domain: syavsp5.top
domain: tdsc.top
domain: tiffanyearringforwomen.top
domain: todoarmarios.top
domain: todocalefactores.top
domain: todocarritos.top
domain: travelplace.top
domain: trendings.top
domain: universaltechnology.top
domain: uochut.shop
domain: via345.top
domain: villahome.top
domain: viloriterso.icu
domain: vimsltd.com
domain: viptravelcentres.com
domain: vog168.top
domain: wandan.top
domain: wap9.top
domain: warpdrive.top
domain: watchesbest.top
domain: wavob.top
domain: wdwnp.top
domain: xelesex.top
domain: ydh7.shop
domain: yntz6.shop
domain: youtubevideo.top
domain: yungask.com
domain: yxta.top
domain: yybvf.top
domain: zaheirx.shop
domain: zakachka.top
domain: zerolendnow.top
domain: zt45gg.top
domain: mailum.com
domain: www.brentadams.com
domain: www.cfblaw.com
domain: www.gerlinglaw.com
domain: www.immigration-defense.com
domain: www.schwartzandschwartz.com

Source: AlienVault OTX General

Published: Wed Feb 18 2026

Law Firm Sites Hijacked in Suspected Supply-Chain Attack

Medium

Published: Wed Feb 18 2026 (02/18/2026, 16:28:06 UTC)

Source: AlienVault OTX General

Description

AI-Powered Analysis

AILast updated: 02/18/2026, 19:40:35 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Upgrade to Pro Console

Technical Details

Author: AlienVault
Tlp: white
References: ["https://www.recordedfuture.com/research/graycharlie-hijacks-law-firm-sites-suspected-supply-chain-attack","https://www.recordedfuture.com/research/media_187b8e348054a7063fd37aec148dfc3337efc5d14.gif?width=1200&format=pjpg&optimize=medium"]
Adversary: GrayCharlie
Pulse Id: 6995e8969f9d1c390db3fa4e
Threat Score: null

Indicators of Compromise

Hash

Value	Description	Copy
hash08390a5fb95dd1a63585e011885d01e4	—
hash1c19c2e97c5e6b30de69ee684e6e5589	—
hash2bbe998f987858af2756ad72a8df8e4f	—
hash352c6d868b5b01ae99d6a2006a1c6fcb	—
hash38ef725286d584e63c71d3fbab0eaf89	—
hash513d29bcb362c716370990e21c881843	—
hash53179cd9d135d5fa868d3c9c59f59351	—
hash5f024aa8bd4b5eec7abcb33a28c3b2e4	—
hash6186f34c1711a00dc417e47ceb97fb7f	—
hash64f1310f6300870f1c81792733e92e5e	—
hash6766583b498a5dd544548791a5b42da8	—
hash7046504772486b61ceb6cb14f42e8fa1	—
hash8579002d5f31cef7a8d2da0afae1ac29	—
hash87ef82757aba83e7eb63c7c35dbae97a	—
hash8c52e67eeec211199bc11eb330eb03a2	—
hash900f98976449ae4e122683de627c50b7	—
hashaf735f2b4700aa104f1288b778eeb086	—
hashb5d7f8c33c625eb6cee0cfc8136a7ba1	—
hashb5ee0be0cae6e5388c82cb1d0894fa4f	—
hashb607ac51266ff01890fbd9a5f83f2ce5	—
hashb8ae0fb4eebcf3c1d378ff84c97909d6	—
hashc45d8f39cad32a206d43f835c4edbfb9	—
hashc4f1b50e3111d29774f7525039ff7086	—
hashd60980e6066c58706c487f77863a2008	—
hashd9d597d1c2b5fb93c5e715aa7aaa3df4	—
hashe634763e133b18656cf5cfeea7b11008	—
hashee75b57b9300aab96530503bfae8a2f2	—
hashfce17b987f321dce852c8a52116e7eb6	—
hashfff302d8d344d74d01904aff9b7ec75a	—
hash020679101727de55cee769375f4332784b788007	—
hash0448ec0d30fc0ee4fca250b81004198e49d8847d	—
hash0cd925d723a13f05f42564dea2e9d2f5ab58a7aa	—
hash0f93a9a00e3d4b36c554d9abfb42fddcc4ce344c	—
hash188fbca265e418831352e36d9a6af8a763428310	—
hash1ef1dac7a649b77758d61bad607d315b3c9a8439	—
hash22d1967c66fdc4155c2369654f32f29321ab8c2c	—
hash2329b477f5eca51bb73e332a11a5f69dfe71ab2f	—
hash3470d0f9dd75bc9b26dd9418af2d29b5bbf21d07	—
hash3498e5123f367ab41abe107887aecdf59393f286	—
hash39cd8e0ec8ce8c4505289323d832af733098351d	—
hash41c02f202b6d8bf745b7435eef44665c84f6ed60	—
hash4fbf867e3c691edc4cadaa7f637b37b727368911	—
hash5734ef7f9e4dba0639c98881e00f03eea35a62ee	—
hash57539c95cba0986ec8df0fcdea433e7c71b724c6	—
hash5bfb2961a5781834439ea1d5b92184729300f325	—
hash6cab7116f3c82193be4620c25934a9451f800ba2	—
hash705218791dc6d4eccd0823a66fcaf3f3c6f42881	—
hash7418c4ddeecba68e253e89622ad9ca45597d9350	—
hash7bfea7d0895c51d56f01b266c5b26c18c8b7678c	—
hash98dd757e1c1fa8b5605bda892aa0b82ebefa1f07	—
hash9be08b5a0844962900e123ddcf3b33c2c084cc91	—
hashc672b7d57d6b07ddf0d759556079d6267749fdfd	—
hashcd6b672a51a2bf78d89359a49b6a068475958209	—
hashcf19189b18e1a9a2c3cbc350769779ba3752575f	—
hashe0b62f7ebbcb2beb802082ef1409d27b3e2e0b77	—
hashe41a92c8ffb8bdb0ec17c106482a311e03bb0dd4	—
hashe9473d711a204a2febebcba79f9b7f0bfdde6871	—
hashf059016354e9f48b0db9eac4751d4746e4134492	—
hash06a0a243811e9c4738a9d413597659ca8d07b00f640b74adc9cb351c179b3268	—
hash0e9df9294c36702eee970efcb4a70b6ddb433190ab661273e2e559185c55b6c1	—
hash112bf17e7c0d0695e9229d60f0d2734c6b96d7edfb41ea3e98e518f4fb1ae6e9	—
hash11370e108c8e7a53e52f01df0829c8addb5833145618a7701fbedbb1d837a43d	—
hash15dfe9d443027ba01b8f54f415fd74d373b3a06017db8ef110fb55b33357b190	—
hash16c8b5e10135d168d73a553a4bda51628e5b4fd419c0ecd47ca4cd7aa864ebd5	—
hash18df68d1581c11130c139fa52abb74dfd098a9af698a250645d6a4a65efcbf2d	—
hash1900ca9b482273df3127e221526023c025808d8fd65769a418fe1f346e7d41e2	—
hash1c389bf1859a00c58b6a97c02fc26c2fe9766c43e06242a94e92b6585b62398b	—
hash21a24922b29742977c4f7e25dd2be056dc02bc5e70c98e32ec3e0c6206f4d9ef	—
hash312a0e4db34a40cb95ba1fac8bf87deb45d0c5f048d38ac65eb060273b07df67	—
hash31804c48f9294c9fa7c165c89e487bfbebeda6daf3244ad30b93122bf933c79c	—
hash31f69d67eca6f3fc837e8d10dff4e2fb6643e33c118cff87df4fee2b183bf0e0	—
hash37e8b57ff4d724053b1917dc6edaca0708d44ceecd00cab7e4cabb336c2868d7	—
hash3ac57bea954ce68dc937f6954ae8a6a19a367a579aeeda7cc93ddd5968fae250	—
hash3ada20fbd80ec7f536db8303a5fa029af741a6914de61376ac8f81ac3ac728fd	—
hash3b5658532bc4058131689c5641def85d7ae25d5b837d3d1aff3af7bb25581f17	—
hash3c499faac4b973c237670f046973691a245ecd735ffebcca3e93337d94b71cde	—
hash3c4b87be8450e3120b7ad2b11ff59850950beb39906dc1636b3ee7b6390f2086	—
hash4732f025a2a69f6c40787854c5da122689702f00f4f423061bb30ab7fa1e98d3	—
hash5381b2a7a77448c4908f5c79d21631f56c88ead0365981cac1dcaafe493c313e	—
hash53e9511401000f61c9d910b92cd6d5a58e38ae541975135944885e53fa91ecb7	—
hash59e7e7698d77531bfbfea4739d29c14e188b5d3109f63881b9bcc87c72e9de78	—
hash5dfbd8cf98ebd4977d4f240dcabd5cd67b936c0095c2d5b9a77896daea877df6	—
hash5eebdb584a1acd6aacc36c59c22ec51bbd077d2dbbe0890b52e62fa6fb9cf784	—
hash5f1bd92ad6edea67762c7101cb810dc28fd861f7b8c62e6459226b7ea54e1428	—
hash5ff742e134e3d17ec7abea435f718e8f5603b95e7984e024b2310ac9ef862ddf	—
hash60ff43424c0ba9dc259ab32405345ef325a4cb4d0baf0c0b0c13f9d3672e99eb	—
hash68c6411cc9afa68047641932530cf7201f17029167d4811375f1458cae32c7bd	—
hash6b2c41b42f75e64d435ba56c2f2b6d79a11b862a2d994487dab3e51e298bc5c9	—
hash6b93b7372941a09f1ea69f8b71c5c4e211ea0f8a24061e702002ca84457bcddd	—
hash6d0857a9c77f9c5f2a5e6921e1cb9f7e1a5d6b947ad63b364d291157d3f840fb	—
hash70f3a6fdbbc5e2ae79c28b48b6478ee3c8ea6f2b705ca9dc9bf8e63a4f6e0c8d	—
hash72baf2ecb0a9df607e54b64c0925ffc6739ab5a8b18900bf5c1930bcc799395d	—
hash748d546c6db44f6aa4bbb8e586d79f56c63fa87580eb19a0f2d5079cbe0952b7	—
hash79040421b5a48dcc6e611dfe187b2f3e355791ad8511adb84f5c0948aa1d6c89	—
hash797ae2dbb2c538710fefe75dbe380b9f55b614cb03c4ae09bb3172e8234dd9d9	—
hash7a73ae8cca6ce6fa88f89d6154811cb453d6e6db9fa8ed5fbdaf8895aae601a5	—
hash7b19538dcf6d4bb84590c458f09c5707c8db53a42861fa56533c49c1a3acd953	—
hash7e3634bfd66e601d7585b237437f11f7d614b33705ba5f7bd75ab176c8250d38	—
hash858dfa529b960c6f6226b53beb55ba1900d3f498ba7be40724ed5c16d7d5a44b	—
hash871e5629d9c8898babf3ed579586e3f5f94a6c4623d3a0a7f9a99bf9d95ffc7b	—
hash8763749fd09245e7fa8c0ee2cc797d5520a9ef5d6846f044a0cd7c969c4bd7d4	—
hash89d839bbdc786c006304f3c6c6939150380aaa9e84d82bc31cdf0cf7609a6243	—
hash8b21fbd40c89763f51d5e06680c0971623500f4724c25958446bac794797057b	—
hash8baebd525324297faf86639266060172ded963767c832a609a991fa92c8463ab	—
hash8d1ed904d90e08048f42cdc9a25c2159f0f8dc4aa9dc01b0207645ea53abe189	—
hash957ab8417606ad41ad31f006d997af3f647dd5215af899551d08b3b472a4bc85	—
hasha0332fe0baa316fe793e757f9cf5938b099e97dc4624ead6f3bad8555c8a419b	—
hasha1482e62ecc89696a75adea7052c2e98a75c9d37304723abd110d60962bafdb7	—
hasha28d0c82a2a37462c2975b5eda7f91e8fc3c2ed50abfe357948ec4faabbd4951	—
hasha6637685091835826e62af279cc6c648188797f9edc05a2399a6686349102774	—
hasha6f1f68827303e655488c8d54b3be3ce8b1097f3ff374a2e4bc82ff96812781c	—
hashabc5b2118bc1d8c82f3726a5e30cf22ae3fa1c572dd3327b281ea6fd97ae9c06	—
hashafc45cc0df7f7e481bff45c6f62a6418b6ae4c8b474ec36113e05ab7ca7e2743	—
hashb1f91355a8472e364e07f05dc69bbd9c74dc1943e9c4475f46c2b448bb6d6e5d	—
hashb2b7218c3f649b9077510aac309357e884c314e0f488abed391415defb249f4c	—
hashb6b685fe020c481161060df9dbef0fc205cde479056c18aaeae184daa3f8a9c0	—
hashb784301cb2edafea875f779cf24e018f06732561069f6c4c3d86548029671642	—
hashba557bd6b2c1d3297b2c9bd7294e47b9ad9ec6a937cddc879dd563c61a9abcbd	—
hashbb451151e52f0868f98e32d26ffa7c2be412b47cd470bf90d3cfe777b4a19f85	—
hashbd39f32177dc7a20f5087c5460ebf589035d9051336c69f07a26398f76aec40e	—
hashbf37542e9eb7a3b2f51d107e56d7551e6248f06ce18918e3dda2ebe9da1b0e80	—
hashbf97c4ff35b5e2c039aa1f1a9a164b7ec4d9339a631c84910b9a4d03b7927b8a	—
hashc2ba0018de8dcf0abfb2669cce95ed09377e9a9da7ff8e74e95688c99a025634	—
hashc3d797e67edf0dd435808f2f79ff4bfd0cf9177307f4a112b7da09f7dfdd8f2e	—
hashc441afb337c4803eed20ae255fbad3cdfac2800475c51e00a55369909efb4c89	—
hashcc6ad344d30178e04e49ab16cd43744925676562aded051835fb3f73401f31fa	—
hashceab18331f785d0bf215f551b90f00567e36d339ba8e3ed8e45c0ad410b25808	—
hashd02a1eb597c66b602ac7d55095f771345ff5e90905ea12e523df2095030752b6	—
hashd6142f48664208710bab9fcab8dfcda66ad75ad756d2ce9c3aa243dcbc29bf4a	—
hashd665a8547baf067f2216821ecd4145eab1c75868f024d09140fb265b819d5194	—
hashd8d2092e174240d7bac63a9e1c199b442e1cb0f39d7fa32510b1aa7717c3ae38	—
hashe24de02415946133176b66017d54a5dcd7270c83f5ef01d79faff4e64d13c63b	—
hashe5502722c2bb84876903549445534c47cdaa586a0bb1e5b3a53162d75cc6cb28	—
hashe66ae0ac443b5140a1b35b5aaa6899eea296d9d633988eb044a395a34a887431	—
hashe92e01977d85f6834f57bd09e29e654b10da798844e4a64470cb22dac78bef93	—
hashe9723a2a9ca45787c35b864605a6be71ccf12b2d96dad8e7fc39117f7ba29abb	—
hashf28bb7bc5c801d5444ba6816e3a91d5bfaf0307578b7a1529415fc220fd9e9e8	—
hashf86b6aa11a276c24dd80db48f43c8a2f0c8df6e5426a7a0fee322c0427421ebb	—

Ip

Value	Description	Copy
ip185.163.45.130	—
ip185.163.45.16	—
ip185.163.45.30	—
ip185.163.45.41	—
ip185.163.45.61	—
ip185.163.45.73	—
ip185.163.45.87	—
ip185.163.45.97	—
ip185.225.17.74	—
ip185.231.245.158	—
ip194.180.191.121	—
ip194.180.191.168	—
ip194.180.191.17	—
ip194.180.191.171	—
ip194.180.191.18	—
ip194.180.191.189	—
ip194.180.191.209	—
ip194.180.191.51	—
ip217.114.15.253	—
ip23.140.40.66	—
ip45.153.191.245	—
ip46.29.163.28	—
ip5.181.156.234	—
ip5.181.156.244	—
ip5.181.159.112	—
ip5.181.159.139	—
ip5.181.159.140	—
ip5.181.159.142	—
ip5.181.159.143	—
ip5.181.159.29	—
ip5.181.159.38	—
ip5.181.159.60	—
ip5.181.159.62	—
ip5.181.159.9	—
ip5.252.177.120	—
ip5.252.177.15	—
ip5.252.178.123	—
ip5.252.178.23	—
ip5.252.178.35	—
ip89.169.12.48	—
ip89.253.222.156	—
ip89.253.222.25	—
ip94.158.245.104	—
ip94.158.245.111	—
ip94.158.245.115	—
ip94.158.245.118	—
ip94.158.245.13	—
ip94.158.245.131	—
ip94.158.245.135	—
ip94.158.245.137	—
ip94.158.245.140	—
ip94.158.245.153	—
ip94.158.245.170	—
ip94.158.245.174	—
ip94.158.245.56	—
ip94.158.245.63	—
ip94.158.245.66	—
ip94.158.245.81	—
ip95.182.123.86	—

Url

Value	Description	Copy
urlhttps://joiner.best/work/original.js	—
urlhttps://persistancejs.store/work/original.js	—
urlhttps://signaturepl.com/work/index.php?abje2LAw	—

Domain

Value	Description	Copy
domain108zhao.shop	—
domain1sou.top	—
domain6hms.top	—
domain789pettoys.shop	—
domain7serv.top	—
domain99wc.top	—
domainabocamuseum.icu	—
domainactionmovies.top	—
domainalcmz.top	—
domainalhasba.com	—
domainanoteryo.top	—
domainarearugs.top	—
domainas5yo.top	—
domainashesplayer.top	—
domainavodaride.top	—
domainazyaamode.shop	—
domainbaihao.shop	—
domainbaihuah.top	—
domainbedoueroom.top	—
domainbestproductreviews.xyz	—
domainbestrollerballpen.top	—
domainbianchilawgroup.com	—
domainblogdojhow.com	—
domainbnpparibas.top	—
domainbokra.top	—
domainbond007.xyz	—
domainboxworld.top	—
domainbrattonlawgroup.com	—
domainbrighterdaylaw.com	—
domainbstionline.com	—
domainbuildingjobs.xyz	—
domainbuscavuelosbaratos.top	—
domainbuyedmeds.top	—
domainbuylisinopril.top	—
domaincelebrex.top	—
domainchaojiwang.top	—
domainchenyiwen.top	—
domainchinapark.top	—
domainchristianlouboutin2017.top	—
domaincialissale.top	—
domaincinselurunler.xyz	—
domaincoinseasygenerator.top	—
domaincouterfv.top	—
domaincouturella.shop	—
domaincovaticonstructioncorp.shop	—
domaincozartan.top	—
domaincryptohardware.shop	—
domaindcdh4.shop	—
domaindealermobil.top	—
domaindefensegroup.com	—
domaindepechemode.shop	—
domaindirectoryframework.top	—
domaindiscountmontblanc.top	—
domaindiscoveronline.top	—
domaindoodstream.shop	—
domaindownloadfreak.top	—
domaindwicriminallawcenter.com	—
domainerectilehelp.top	—
domainfilmezz.top	—
domainfilmlerzltyazilimsx.shop	—
domainfisherstonelaw.com	—
domainfjs95.shop	—
domainfmovies123.top	—
domainfoolowme.com	—
domainforging.top	—
domainfragzone.top	—
domainfranquicias.top	—
domainfuckhdmov.top	—
domaingededewe.shop	—
domaingetin.top	—
domainglitterygadgets.shop	—
domaingmartph.shop	—
domaingmt-a.shop	—
domaingrandzxc.bet	—
domainguosong.top	—
domainhaidao10.top	—
domainheadtechnologies.xyz	—
domainhealthcareplans.top	—
domainheim-k.shop	—
domainhelperection.top	—
domainhilfe-ed.top	—
domainhirek.top	—
domainhowtogetaloan.top	—
domainida-ci.com	—
domainislighting.top	—
domainiwine.top	—
domainizone.digital	—
domainjarrettfirm.com	—
domainjerseysus.top	—
domainjiezishijie.top	—
domainjkse.shop	—
domainjoiner.best	—
domainjsmakert.shop	—
domaink2bsc.top	—
domainkaestner.top	—
domainkanshuwang.top	—
domainkazumaka.top	—
domainkfzversicherungskosten.top	—
domainkhusinhthaidanphuong.top	—
domainkingdomholding.top	—
domainkrediteonlinevergleichen.top	—
domainlang3666.top	—
domainlangwonet.top	—
domainlayardrama21.top	—
domainlebensversicherungvergleich.top	—
domainlevciavia.top	—
domainlinhua97.top	—
domainlinksoflondononsale.top	—
domainlinksoflondonsale.top	—
domainliruo.top	—
domainliveskortv.shop	—
domainloanonline.top	—
domainloispaigesimenson.com	—
domainlosartan.top	—
domainlovedou.top	—
domainlowi1.com	—
domainlqsword.top	—
domainlx7v9.top	—
domainlycosex.top	—
domainmachine-a-plastifier.com	—
domainmanwithedhelp.top	—
domainmarmocer.top	—
domainmbpen163.top	—
domainmedicamentsbonmarche.top	—
domainmeimei68.top	—
domainmenjimmychooonline.top	—
domainmilebox.shop	—
domainmindsetgrowth.shop	—
domainmm37.icu	—
domainmonclerjackets.top	—
domainmorniksell.com	—
domainmoruk.xyz	—
domainmotocyclenews.top	—
domainmoviefone.top	—
domainmoviesone.top	—
domainmovtime76.shop	—
domainmovtime78.shop	—
domainmusicdownloader.top	—
domainmy-privatebanker.top	—
domainmybeststream.xyz	—
domainnackt-bilder.top	—
domainnana44.shop	—
domainnewbalancesport.top	—
domainpalcomp3.top	—
domainparisforrent.top	—
domainpasangiklan.top	—
domainpatekphillipwatches.top	—
domainpersistancejs.store	—
domainpielsteel.top	—
domainpomofight.com	—
domainport4loms.com	—
domainpravaix.top	—
domainrag382.top	—
domainraineyandrainey.com	—
domainrasin.shop	—
domainrbbfirm.com	—
domainrefanprediction.shop	—
domainregopramide.top	—
domainrmvlawyer.com	—
domainrnsddse.top	—
domainsales2016.top	—
domainsdnews.top	—
domainsearchgo.shop	—
domainsearchweb.top	—
domainsemikeren.icu	—
domainsignaturepl.com	—
domainsimvascor.icu	—
domainsimvascor.top	—
domainsnapcans.top	—
domainsneakermall.top	—
domainsoap2dayfree.top	—
domainsocialsignals.shop	—
domainsocksforrocks.shop	—
domainstreaming-films.xyz	—
domainsyavsp5.top	—
domaintdsc.top	—
domaintiffanyearringforwomen.top	—
domaintodoarmarios.top	—
domaintodocalefactores.top	—
domaintodocarritos.top	—
domaintravelplace.top	—
domaintrendings.top	—
domainuniversaltechnology.top	—
domainuochut.shop	—
domainvia345.top	—
domainvillahome.top	—
domainviloriterso.icu	—
domainvimsltd.com	—
domainviptravelcentres.com	—
domainvog168.top	—
domainwandan.top	—
domainwap9.top	—
domainwarpdrive.top	—
domainwatchesbest.top	—
domainwavob.top	—
domainwdwnp.top	—
domainxelesex.top	—
domainydh7.shop	—
domainyntz6.shop	—
domainyoutubevideo.top	—
domainyungask.com	—
domainyxta.top	—
domainyybvf.top	—
domainzaheirx.shop	—
domainzakachka.top	—
domainzerolendnow.top	—
domainzt45gg.top	—
domainmailum.com	—
domainwww.brentadams.com	—
domainwww.cfblaw.com	—
domainwww.gerlinglaw.com	—
domainwww.immigration-defense.com	—
domainwww.schwartzandschwartz.com	—

Threat ID: 699612556aea4a407acc7417

Added to database: 2/18/2026, 7:26:13 PM

Last enriched: 2/18/2026, 7:40:35 PM

Last updated: 2/20/2026, 10:59:54 PM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Related Threats

MIMICRAT: ClickFix Campaign Delivers Custom RAT via Compromised Legitimate Websites

Medium

CampaignFri Feb 20 2026

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need more coverage?

Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Law Firm Sites Hijacked in Suspected Supply-Chain Attack

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

Law Firm Sites Hijacked in Suspected Supply-Chain Attack

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

Hash

Ip

Url

Domain

Community Reviews

Related Threats

MIMICRAT: ClickFix Campaign Delivers Custom RAT via Compromised Legitimate Websites

Android threats using GenAI usher in a new era

Maltrail IOC for 2026-02-20

FBI: $20 Million Losses Caused by 700 ATM Jackpotting Attacks in 2025

PromptSpy Android Malware Abuses Gemini AI at Runtime for Persistence

Actions

External Links

Need more coverage?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility