ThreatFox IOC Database

You are viewing the ThreatFox database entry for domain camel-milk.eu.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1780890
IOC: camel-milk.eu
IOC Type :domain
Threat Type :payload_delivery
Malware: DollyWay
Confidence Level : Confidence level is elevated (70%)
Is compromised? : False
ASN:AS216071 VDSINA
Country:- AE
First seen:2026-04-04 07:08:32 UTC
Last seen:never
UUID:bfa67439-2fa3-11f1-9af6-42010aa4000a
Reporter craftknight
Reward 5 credits from ThreatFox
Tags:campaign-a co-hosted dollyway payload-staging
Reference: https://www.rycerz.xyz/posts/wp-compromise-post-attack-analysis/

Avatar
craftknight
Domain co-hosted on DollyWay payload staging server 195.2.93.44 (AS216071 SERVERS TECH FZCO, Amsterdam, vdsina.ru). SSL cert CN for this IP — Let's Encrypt cert renewing every ~60 days since 2025-07-02 (8 months continuous presence). march03252.com (/readme PHP dropper) shares same server. /readme returns 404 on this domain — separate nginx vhost. May be compromised legitimate site or attacker cover domain.