ThreatFox IOC Database

You are viewing the ThreatFox database entry for domain ua-chrome.net.

Database Entry


IOC ID:1851226
IOC: ua-chrome.net
IOC Type :domain
Threat Type :payload_delivery
Malware: Unknown malware
Confidence Level : Confidence level is moderate (60%)
Is compromised? : True
First seen:2026-07-15 17:22:50 UTC
Last seen:never
UUID:47ea3fd5-8071-11f1-97fa-42010aa4000a
Reporter DENNISAROSS
Reward 5 credits from ThreatFox
Tags:aitm bulletproof-hosting chrome-themed fiord-networks kali365 operator-history phishing

Avatar
DENNISAROSS
Chrome-impersonating phishing/malware distribution domain. Earliest phase of the same operator's infrastructure chain that later hosted teamslinkintegrate.com/tlinkintegrations.eu and now lite.privatetoken.app (Kali365 panel). Timeline: 2024-07 to 2025-01 on 46.8.238.149 (AS28917 Fiord Networks, Moscow RU -- bulletproof/abuse-tolerant hosting); 2025-01-29 to 2025-07-05 on 72.5.43.195 (AS399629 BL Networks, Bucharest RO); 2025-07-05 onward on 75.2.18.233 (AWS Global Accelerator). Full subdomain topology: api. / admin. / app. / dev. / assets. plus randomised per-victim UUID subdomains (e.g. 7382de34-c15b-4bbc-9a8d-01020327c3cd.ua-chrome.net) consistent with per-target AiTM campaign link generation. Nameservers ns1/ns2.dyna-ns.net throughout. Attribution via shared origin infrastructure with current Kali365 panel.