ThreatFox IOC Database

You are viewing the ThreatFox database entry for domain educationcaster.monster.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1815423
IOC: educationcaster.monster
IOC Type :domain
Threat Type :payload_delivery
Malware: Lumar
Malware alias:PovertyStealer
Confidence Level : Confidence level is high (100%)
Is compromised? : False
First seen:2026-05-17 05:51:49 UTC
Last seen:never
UUID:d84c9afe-516e-11f1-b930-42010aa4000a
Reporter elemi
Reward 5 credits from ThreatFox
Tags:ClickFix Fake-Captcha infostealer powershell stealer

Avatar
elemi
ClickFix / Fake reCAPTCHA campaign distributing Lumma Stealer.
Compromised WordPress site redirects to fake CAPTCHA page
(opaqueshellsoftsmoke.click). User is prompted to run a PowerShell
command that downloads a PE payload from dudadelira.monster/api/index.php.
C2 hosted on AS214927 (PSB HOSTING LTD, Spamhaus ASN-DROP).
TLS cert issued 2026-05-15. Token: feb6e64f1a170eb20e14ed74fce647c217dc8cbd495eab005422b442a1b49fb1