ThreatFox IOC Database

You are viewing the ThreatFox database entry for domain sh.azurestaticprovider.net.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1814520
IOC: sh.azurestaticprovider.net
IOC Type :domain
Threat Type :botnet_cc
Malware: Shai-Hulud
Confidence Level : Confidence level is moderate (49%)
Is compromised? : False
ASN:AS43641 Sollutium-NL
Country:- PL
First seen:2026-05-15 13:46:28 UTC
Last seen:never
UUID:4463a544-5042-11f1-b930-42010aa4000a
Reporter johannes
Reward 5 credits from ThreatFox
Reference: https://www.stepsecurity.io/blog/node-ipc-npm-supply-chain-attack

Avatar
johannes
domain typosquatting Azure \-- NOT a Microsoft domain Mimics and in logs, from the Step Security report "Active Supply Chain Attack: Malicious node-ipc Versions Published to npm". See all IOC from that report at https://rosti.dev/reports/ddg4zGb8