← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
HelloTDS: The Infrastructure Behind FakeCaptcha
WHITE PetrP.73 2025-06-11 Modified: 2025-07-11
897
IOCs
HIGH VOLUME
The analysis of the HelloTDS infrastructure reveals a complex Traffic Direction System (TDS) that facilitates various malware campaigns, including FakeCaptcha, by exploiting vulnerable websites and malvertising techniques. HelloTDS operates through a robust network that utilizes geolocation, IP address, and browser fingerprinting to determine the nature of content delivered to users. It particularly targets users through compromised streaming sites and file-sharing services that have been manipulated to load malicious scripts. The effectiveness of these campaigns lies in their ability to mimic legitimate software platforms, enhancing their stealth and complicating detection efforts.
fakecaptchakey takeawaysnortonavastaviraurlscompromiseiocshellotdshellotds jsonhellotds scriptapatewebblogspot site
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (95 / 897 total)
All CIDR URL domain hostname FileHash-SHA256 FileHash-MD5 FileHash-SHA1
TYPEINDICATORDESCRIPTIONCREATED
URL http://actednow.com/675cb495c39bc481ddf8edd6 2025-06-11
URL http://adelaidavizcaino.com/cpw 2025-06-11
URL http://arcadeclassic.org/?sub1=681978&sub2=0.00037565. 2025-06-11
URL http://avs4u.net/ 2025-06-11
URL http://avs4u.net/?sub1=39388&sub2=...&sub3=id&sub4=677886&sub5=0.0004752 2025-06-11
URL http://buzzflying.shop/6767af2ee2aa535e92d62a64 2025-06-11
URL http://finding-from-internet.fly.storage.tigris.dev/seacrh-result.html 2025-06-11
URL http://finding-from-internet.fly.storage.tigris.dev/seacrh-result.html. 2025-06-11
URL http://goldtera.live/6758b1d6467532a801fa06c4 2025-06-11
URL http://orbito.online/677120fb2cca41d88a7392a2 2025-06-11
URL http://orbito.online/677120fb2cca41d88a7392a2. 2025-06-11
URL http://partage-de-medias.fly.storage.tigris.dev/affiliate-link.html 2025-06-11
URL http://accesso-ai-media.fly.storage.tigris.dev/part/affiliate-link.html 2025-06-11
URL http://accesso-ai-media.fly.storage.tigris.dev/part/referral-links.html 2025-06-11
URL http://accesso-ai-media.fly.storage.tigris.dev/referral-link.html 2025-06-11
URL http://affiliate-tokens.fly.storage.tigris.dev/sub/latest-offers.html 2025-06-11
URL http://best-free-4u.fly.storage.tigris.dev/aff-pro-link.html 2025-06-11
URL http://betcampeao.com/g2 2025-06-11
URL http://betcampeao.com/tsw2 2025-06-11
URL http://better-web-server.fly.storage.tigris.dev/result-found.html 2025-06-11
URL http://buc34.fly.storage.tigris.dev/You-have-to-verify-google-recaptcha-v3-advanced-v3.html 2025-06-11
URL http://buckloadphase.fly.storage.tigris.dev/passstepnextload.html 2025-06-11
URL http://cholridasbkt.fly.storage.tigris.dev/proceed-loading-omplak.html 2025-06-11
URL http://combuktlom.fly.storage.tigris.dev/proceed-to-nextobj.html 2025-06-11
URL http://compatibility-mode.fly.storage.tigris.dev/brings-referral.html 2025-06-11
URL http://exclusive-offers-foryou.fly.storage.tigris.dev/global-discount.html 2025-06-11
URL http://finding-best-of-internet.fly.storage.tigris.dev/found-for-you.html 2025-06-11
URL http://finding-best-of-internet.fly.storage.tigris.dev/from-search-feeds.html 2025-06-11
URL http://finding-result.fly.storage.tigris.dev/response-obtained.html 2025-06-11
URL http://justforyou-discount.fly.storage.tigris.dev/latest.html 2025-06-11
URL http://khaanabkt.fly.storage.tigris.dev/chaayeproceednext.html 2025-06-11
URL http://khaanabkt.fly.storage.tigris.dev/ray-next-page-forward.html 2025-06-11
URL http://lilusha.com/g22 2025-06-11
URL http://marketcapaffiliate.fly.storage.tigris.dev/nigaafall-affiliate-pass.html 2025-06-11
URL http://medi-sharee.fly.storage.tigris.dev/part/affiliate-link.html 2025-06-11
URL http://media-aandeel.fly.storage.tigris.dev/affiliate-link.html 2025-06-11
URL http://media-capability.fly.storage.tigris.dev/You-have-to-verify-google-recaptcha-v3-advanced-v3.html 2025-06-11
URL http://media-capability.fly.storage.tigris.dev/affiliate-link.html 2025-06-11
URL http://media-capability.fly.storage.tigris.dev/garmin-ministoa.html 2025-06-11
URL http://media-serviti.fly.storage.tigris.dev/affiliate-link.html 2025-06-11
URL http://media-share.fly.storage.tigris.dev/affiliate-link.html 2025-06-11
URL http://mediafoxo.fly.storage.tigris.dev/patent/affiliate-link.html 2025-06-11
URL http://mediafoxo.fly.storage.tigris.dev/patent/referral-link.html 2025-06-11
URL http://medium-service.fly.storage.tigris.dev/affiliate-link.html 2025-06-11
URL http://meilleur-partage-media.fly.storage.tigris.dev/affiliate-links.html 2025-06-11
URL http://porkoloa.fly.storage.tigris.dev/porkonla-portak.html 2025-06-11
URL http://porkoloa.fly.storage.tigris.dev/toprok-lamano.html 2025-06-11
URL http://rasalbkt.fly.storage.tigris.dev/surfaceload-proceeding.html 2025-06-11
URL http://readability.fly.storage.tigris.dev/patent/garmin-ministoa.html 2025-06-11
URL http://readability.fly.storage.tigris.dev/patent/referral-link.html 2025-06-11
URL http://reference-links.fly.storage.tigris.dev/global-discount.html 2025-06-11
URL http://roaminghere.fly.storage.tigris.dev/passinggateforward.html 2025-06-11
URL http://searching-internet.fly.storage.tigris.dev/result-found.html 2025-06-11
URL http://secloakbkt.fly.storage.tigris.dev/chadri-salkovam.html 2025-06-11
URL http://secloakbkt.fly.storage.tigris.dev/coco-haxrokana.html 2025-06-11
URL http://secloakbkt.fly.storage.tigris.dev/ranjhanr-portak.html 2025-06-11
URL http://secloakbkt.fly.storage.tigris.dev/soplaportak.html 2025-06-11
URL http://served-to-you.fly.storage.tigris.dev/result-found.html 2025-06-11
URL http://serving-the-best.fly.storage.tigris.dev/result-found.html 2025-06-11
URL http://slicingaffiliate.fly.storage.tigris.dev/linkaffiliate-proceedingnext.html 2025-06-11
URL http://surfing-internet.fly.storage.tigris.dev/result-found.html 2025-06-11
URL http://web-surfing.fly.storage.tigris.dev/from-search-feeds.html 2025-06-11
URL http://web-surfing.fly.storage.tigris.dev/from-searches.html 2025-06-11
URL http://adatics.com/67e9d695bb90d3488d4417e6 2025-06-11
URL http://adruvia.com/6759f49e6272fabc9f5b5929 2025-06-11
URL http://allfree4u.org/ 2025-06-11
URL http://allshareware.com/67ec4f6ea2054cc6763cf0b9 2025-06-11
URL http://bestfree4u.com/ 2025-06-11
URL http://boostcoves.com/675a035d9dc953769e737b04 2025-06-11
URL http://clicksechoes.com/6776c95e864f24c40b4133b0 2025-06-11
URL http://crimsondew.com/67d3a5346dd49aa6ee1b7ec8 2025-06-11
URL http://fantasiazoon.com/6756cf0c4d0f7f006f4d2766 2025-06-11
URL http://ferrypier.online/ 2025-06-11
URL http://festfive.online/6756cf0c4d0f7f006f4d2766 2025-06-11
URL http://flexingpowe.info/67c47e18eeca6cb22409848f 2025-06-11
URL http://getsofyt.info/67b43436d3fe1f4e1c5fb806 2025-06-11
URL http://kavivio.com/67786e924040fb237df1dd77 2025-06-11
URL http://kryonova.com/67d7eea8a5d5cd7993a15f38 2025-06-11
URL http://litteracywing.pro/677e9bbe85a073d97bc8d9fd 2025-06-11
URL http://mishticalstudio.xyz/ 2025-06-11
URL http://mixedverticland.shop/ 2025-06-11
URL http://nestveda.live/67e4ce6b4695699d123f9520 2025-06-11
URL http://newestgames.net/ 2025-06-11
URL http://playinfinite.org/ 2025-06-11
URL http://promoforge360.com/677338831a75f0bbdd7730cd 2025-06-11
URL http://rockyrock.live/6769dc747dc30547c31795d9 2025-06-11
URL http://rodenovist.shop/67ac789ebbf666b3a62a7d69 2025-06-11
URL http://studiospoke.shop/ 2025-06-11
URL http://suzaux.shop/67af85b14eda11b40e68bb8d 2025-06-11
URL http://tremista.com/6769cc47e2aa535e92039842 2025-06-11
URL http://tremista.com/6769cd80e2aa535e9203b065 2025-06-11
URL http://voxen.online/677120fb2cca41d88a7392a2 2025-06-11
URL http://whimsicalfig.com/677872e4864f24c40b7212c2 2025-06-11
URL http://winepinelo.shop/6767af2ee2aa535e92d62a64 2025-06-11
URL http://worldforapps.com/67ec4f6ea2054cc6763cf0b9 2025-06-11
References (2)
↗ https://www.gendigital.com/blog/insights/research/inside-hellotds-malware-network ↗ https://github.com/avast/ioc/tree/master/HelloTDS