ThreatFox IOC Database

You are viewing the ThreatFox database entry for domain momsdodigital.com.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1834914
IOC: momsdodigital.com
IOC Type :domain
Threat Type :payload_delivery
Malware: NetSupportManager RAT
Malware alias:NetSupport
Confidence Level : Confidence level is high (100%)
Is compromised? : False
ASN:AS53755 IOFLOOD
Country:- US
First seen:2026-06-21 18:27:30 UTC
Last seen:never
UUID:1efa20fa-6d95-11f1-9258-42010aa4000a
Reporter Justice_Hammer
Reward 5 credits from ThreatFox
Tags:central-hub ClickFix clickfix-hub evalusion merry-florist NetSupport unc2190 wordpress-compromise

Avatar
Justice_Hammer
Central ClickFix hub for ~300-site EVALUSION/UNC2190 MerryFlorist delivery network. Compromised WP site repurposed as relay (192.110.160.67). Honeypot URL present; 391 telemetry callbacks from compromised delivery sites. Builder demo tokens GOO-FAB / 61Z-PAB. EVALUSION/UNC2190 cluster attribution (medium confidence). Shared RADIUSSecret + cracked licensee DCVTTTUUEEW23 + infra co-location. Caveat: cracked-toolkit artifacts; cluster-level selectivity only. No country attributed.