ThreatFox IOC Database
You are viewing the ThreatFox database entry for url https://rentuas.icu/.
Database Entry
| IOC ID: | 1805468 |
|---|---|
| IOC: | https://rentuas.icu/ |
| IOC Type : | url |
| Threat Type : | payload_delivery |
| Malware: | Lumma Stealer |
| Malware alias: | LummaC2 Stealer |
| Confidence Level : | Confidence level is high (100%) |
| Is compromised? : | True |
| ASN: | AS13335 CLOUDFLARENET |
| Country: |  US |
| First seen: | 2026-05-04 06:20:43 UTC |
| Last seen: | never |
| UUID: | 774c2d77-472f-11f1-8759-42010aa4000a |
| Reporter | Anonymous |
| Reward | 5 credits from ThreatFox |
| Tags: | c2 DLL-sideloading infostealer Lumma LummaC2 renengine |
| Reference: | https://tria.ge/260503-ydlz9abv8r/behavioral1 |
Anonymous
Threat: LummaC2 (Infostealer) C2 GateEvidence:
Analysis (Triage ID: 260503-ydlz9abv8r) identifies this domain as active Command & Control infrastructure. The malware loader (N9tx1dcqw.exe) uses this host for data exfiltration.
Indicator: HTTP POST exfiltration of credentials/cookies.
https://tria.ge/260503-ydlz9abv8r/behavioral1