ThreatFox IOC Database

You are viewing the ThreatFox database entry for domain sfr-webmail.com.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1778766
IOC: sfr-webmail.com
IOC Type :domain
Threat Type :botnet_cc
Malware: Evilginx
Confidence Level : Confidence level is high (90%)
Is compromised? : False
ASN:AS210558 services-1337-gmbh
Country:- DE
First seen:2026-03-30 06:21:14 UTC
Last seen:never
UUID:a5a99997-2bbc-11f1-9af6-42010aa4000a
Reporter Lenny_3BO
Reward 5 credits from ThreatFox

Avatar
Lenny_3BO
Evilginx AiTM phishing domains. Operator uses 194.26.192.248 and 2.58.56.98 (AS210558 1337 Services). Targets French SFR telecom users, MACIF insurance customers, and M365 enterprise accounts (Dot Foods, UL Group). Express/Node.js + nginx.