ThreatFox IOC Database

You are viewing the ThreatFox database entry for domain thats.theywaytowin.site.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1780859
IOC: thats.theywaytowin.site
IOC Type :domain
Threat Type :payload_delivery
Malware: DollyWay
Confidence Level : Confidence level is elevated (75%)
Is compromised? : False
ASN:AS32475 SINGLEHOP-LLC
Country:- US
First seen:2026-04-04 07:08:51 UTC
Last seen:never
UUID:a3059b7d-2f98-11f1-9af6-42010aa4000a
Reporter craftknight
Reward 5 credits from ThreatFox
Tags:campaign-a casino dollyway gambling Keitaro TDS
Reference: https://www.rycerz.xyz/posts/wp-compromise-post-attack-analysis/

Avatar
craftknight
Keitaro TDS landing domains co-hosted on 216.104.36.158 (AS32475 Internap/SingleHop, Chicago) alongside DollyWay TDS ldunadvexor.shop. All serve casino/gambling affiliate redirects. Fingerprinted as cracked Keitaro TDS v7-9 via Star Wars easter egg header (Expires: Thu, 21 Jul 1977), cookie pattern 00831, PHP/7.0.33. server04.com-2.mobi is a long-running TDS platform (7+ years) with serverNN.com-2.mobi naming pattern suggesting multi-server deployment.