Pulse Detail — Threat Intelligence

PULSE NAME

Host Long and Prosper: Uncovering Crypto Exchange Phishing Infrastructure via Prospero Networks.

WHITE PetrP.73 2025-06-23 Modified: 2025-07-23

287

IOCs

HIGH VOLUME

A detailed threat hunting investigation into Prospero Networks (AS 200593) reveals a large-scale cryptocurrency exchange impersonation campaign. The analysis identifies over 200 malicious indicators across multiple ASNs, including fake crypto exchanges using names like "Yukitale" and "cryptavex." The research demonstrates advanced hunting techniques using DNS data and header analysis to uncover fresh, unreported infrastructure hosting phishing sites targeting crypto users, banking customers, and streaming services. The campaign spans multiple themes including cryptocurrency, Netflix/streaming, banking, and logistics phishing, with evidence suggesting coordination by Ukrainian threat actors.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1496

MALWARE FAMILIES

Prospero

Indicators of Compromise (287)

All CIDR FileHash-MD5 domain URL hostname FileHash-SHA256

TYPE	INDICATOR	DESCRIPTION	CREATED
CIDR	91.202.233.0/24	—	2025-06-23
CIDR	91.215.85.0/24	—	2025-06-23
FileHash-MD5	55e090957d46b51d03547dba1763cdf0	—	2025-06-23
domain	neifiixapp.com	—	2025-06-23
domain	sweedbank-help.com	—	2025-06-23
domain	transport-mondiairelay.com	—	2025-06-23
domain	trusted-fastbtc.top	—	2025-06-23
domain	afralleker.com	—	2025-06-23
domain	corgapredy.com	—	2025-06-23
domain	craumictok.com	—	2025-06-23
domain	custoposae.com	—	2025-06-23
domain	exticilleo.com	—	2025-06-23
domain	infos-lieferung.com	—	2025-06-23
domain	infos-lieferung.de	—	2025-06-23
domain	infos-versand.de	—	2025-06-23
domain	izolerieny.com	—	2025-06-23
domain	lieferung-infos.de	—	2025-06-23
domain	mardonlemy.com	—	2025-06-23
domain	melernelmo.com	—	2025-06-23
domain	ponasmanez.com	—	2025-06-23
domain	private-lieferung.de	—	2025-06-23
domain	rublerpath.com	—	2025-06-23
domain	solibiorti.com	—	2025-06-23
domain	sorerifiao.com	—	2025-06-23
domain	upsworldversand.com	—	2025-06-23
domain	vaitistipt.com	—	2025-06-23
domain	xenpuranal.com	—	2025-06-23
domain	yatraldiso.com	—	2025-06-23
URL	http://upsworldversand.com/	—	2025-06-23
URL	https://lieferung-infos.de/pages/	—	2025-06-23
URL	https://lieferung-infos.de/pages/index.php	—	2025-06-23
URL	https://upsworldversand.com/	—	2025-06-23
hostname	ad.vicdesmidt.com	—	2025-06-23
domain	amande-paiement.info	—	2025-06-23
domain	apuanetflx.com	—	2025-06-23
domain	b-pickup.com	—	2025-06-23
domain	clientflixapp-fr.com	—	2025-06-23
domain	contestation-operation.com	—	2025-06-23
domain	contestation-paiement.com	—	2025-06-23
domain	contestation-paiements.com	—	2025-06-23
domain	contester-une-operation.com	—	2025-06-23
domain	direction-opposition.com	—	2025-06-23
domain	disneypiusteam.com	—	2025-06-23
domain	disneyplusteam.info	—	2025-06-23
hostname	elastic-ganguly.91-202-233-132.plesk.page	—	2025-06-23
domain	espaceclientservices.com	—	2025-06-23
domain	fraude-dossier.com	—	2025-06-23
domain	helpmembership.com	—	2025-06-23
domain	int-ntflx.mobi	—	2025-06-23
domain	moncompte-securise.com	—	2025-06-23
hostname	ns1.angry-visvesvaraya.91-202-233-132.plesk.page	—	2025-06-23
domain	plesk.page	—	2025-06-23
domain	seguridad-asistencia.com	—	2025-06-23
domain	service-exodus.info	—	2025-06-23
domain	sledenjepaket.com	—	2025-06-23
domain	tukinetflx.com	—	2025-06-23
domain	vicdesmidt.com	—	2025-06-23
domain	zed-af.com	—	2025-06-23
URL	http://ad.vicdesmidt.com	—	2025-06-23
URL	http://contestation-operation.com/	—	2025-06-23
URL	http://disneypiusteam.com	—	2025-06-23
URL	http://fraude-dossier.com/	—	2025-06-23
URL	http://int-ntflx.mobi/	—	2025-06-23
URL	http://ns1.angry-visvesvaraya.91-202-233-132.plesk.page/	—	2025-06-23
URL	http://tukinetflx.com/	—	2025-06-23
URL	https://ad.vicdesmidt.com	—	2025-06-23
URL	https://ad.vicdesmidt.com/	—	2025-06-23
URL	https://ad.vicdesmidt.com/captcha/	—	2025-06-23
URL	https://ad.vicdesmidt.com/captcha/calcul_captcha.php	—	2025-06-23
URL	https://apuanetflx.com/	—	2025-06-23
URL	https://b-pickup.com/	—	2025-06-23
URL	https://disneypiusteam.com	—	2025-06-23
URL	https://elastic-ganguly.91-202-233-132.plesk.page/login_up.php	—	2025-06-23
URL	https://int-ntflx.mobi/	—	2025-06-23
URL	https://sledenjepaket.com/	—	2025-06-23
URL	https://tukinetflx.com/	—	2025-06-23
domain	choisirmondialrelay-fr.com	—	2025-06-23
domain	trafftrakkersers24.com	—	2025-06-23
domain	trafftrakkersers24.online	—	2025-06-23
domain	xn--ecolb-0qa.com	—	2025-06-23
domain	dhlexpress-lieferung.net	—	2025-06-23
domain	konto-blokering.com	—	2025-06-23
domain	konto-zahlung.com	—	2025-06-23
domain	levering-ekspedition.network	—	2025-06-23
domain	meinkonto-hilfe.net	—	2025-06-23
domain	parcel-delivery.net	—	2025-06-23
domain	pochta-ru.com	—	2025-06-23
domain	regularisierung-konto.com	—	2025-06-23
domain	regularisierung-konto.net	—	2025-06-23
domain	swedbank-account.com	—	2025-06-23
domain	swedbank-help.com	—	2025-06-23
URL	http://dhlexpress-lieferung.net/	—	2025-06-23
URL	http://meinkonto-hilfe.net/	—	2025-06-23
URL	http://regularisierung-konto.net/	—	2025-06-23
URL	http://swedbank-help.com/	—	2025-06-23
URL	https://dhlexpress-lieferung.net/	—	2025-06-23
URL	https://swedbank-help.com/	—	2025-06-23
URL	https://sweedbank-help.com/	—	2025-06-23
FileHash-SHA256	d9c26aa6271c9922c06d1c88b8e2211dd25b0d398b92e899c312a0522bf44424	—	2025-06-23
domain	abonatzo.com	—	2025-06-23
domain	ai-lummen5.com	—	2025-06-23
domain	atsisiusti-cia.net	—	2025-06-23
domain	birsagomat.com	—	2025-06-23
domain	izoteros.com	—	2025-06-23
hostname	lv.p-a-s-t-s.com	—	2025-06-23
domain	malwarebytesvpn.biz	—	2025-06-23
hostname	mijn.vervolgups.com	—	2025-06-23
hostname	my.parcel-ups.net	—	2025-06-23
domain	mynetfiix-renewhu.com	—	2025-06-23
domain	nordvpn.world	—	2025-06-23
domain	p-a-s-t-s.com	—	2025-06-23
domain	parcel-ups.net	—	2025-06-23
domain	parcelara.com	—	2025-06-23
domain	salesforces.top	—	2025-06-23
domain	smalwarebytes.com	—	2025-06-23
domain	sncvizasqp.com	—	2025-06-23
domain	sptifysub.com	—	2025-06-23
domain	subscriptionapp.info	—	2025-06-23
domain	support-renewco.com	—	2025-06-23
domain	u-p-s.delivery	—	2025-06-23
domain	vervolgups.com	—	2025-06-23
domain	vicdemsal.com	—	2025-06-23
domain	vodsubscribe.info	—	2025-06-23
domain	winrarz.com	—	2025-06-23
URL	http://91.202.233.145/elite.sh	—	2025-06-23
URL	http://91.202.233.145/elitebotnet.arm	—	2025-06-23
URL	http://91.202.233.145/elitebotnet.arm5	—	2025-06-23
URL	http://91.202.233.145/elitebotnet.arm6	—	2025-06-23
URL	http://91.202.233.145/elitebotnet.arm7	—	2025-06-23
URL	http://91.202.233.145/elitebotnet.m68k	—	2025-06-23
URL	http://91.202.233.145/elitebotnet.mips	—	2025-06-23
URL	http://91.202.233.145/elitebotnet.mpsl	—	2025-06-23
URL	http://91.202.233.145/elitebotnet.sh4	—	2025-06-23
URL	http://91.202.233.145/elitebotnet.x86	—	2025-06-23
URL	http://abonatzo.com/	—	2025-06-23
URL	http://my.parcel-ups.net/	—	2025-06-23
URL	http://mynetfiix-renewhu.com/	—	2025-06-23
URL	http://support-renewco.com/	—	2025-06-23
URL	https://lv.p-a-s-t-s.com/	—	2025-06-23
URL	https://subscriptionapp.info/	—	2025-06-23
URL	http://cnv.icu	—	2025-06-23
URL	http://cvd.icu	—	2025-06-23
URL	http://cvd.icu/	—	2025-06-23
URL	http://cvn.icu	—	2025-06-23
URL	http://dcv.icu	—	2025-06-23
URL	http://ndn.icu	—	2025-06-23
URL	http://ndn.icu/	—	2025-06-23
URL	http://nnv.icu	—	2025-06-23
URL	http://vcn.icu	—	2025-06-23
URL	https://cnv.icu	—	2025-06-23
URL	https://cvd.icu	—	2025-06-23
URL	https://cvn.icu	—	2025-06-23
URL	https://dcv.icu	—	2025-06-23
URL	https://ndn.icu	—	2025-06-23
URL	https://ndn.icu/	—	2025-06-23
URL	https://nnv.icu	—	2025-06-23
URL	https://vcn.icu	—	2025-06-23
domain	0x000-claimables.xyz	—	2025-06-23
domain	authentification-particuliers-cryptocurrencies.xyz	—	2025-06-23
domain	claimables-eligible.com	—	2025-06-23
domain	claimables-redirect.info	—	2025-06-23
domain	compass-gal.com	—	2025-06-23
domain	compass-gal.xyz	—	2025-06-23
domain	povyoudevwithgptlol.com	—	2025-06-23
domain	toronto-cityinfraction.info	—	2025-06-23
domain	toronto-cityinfractions.info	—	2025-06-23
domain	toronto-parkinginfractions.info	—	2025-06-23
domain	zen-redirection-001.com	—	2025-06-23
URL	https://authentification-particuliers-cryptocurrencies.xyz/	—	2025-06-23
domain	active-bnp.com	—	2025-06-23
domain	assistances-bnp.com	—	2025-06-23
hostname	awesome-lamarr.91-202-233-155.plesk.page	—	2025-06-23
domain	cles-bnp.com	—	2025-06-23
domain	formulaire-bnp.com	—	2025-06-23
domain	notifs-bnp.com	—	2025-06-23
domain	cloudcdnslack.com	—	2025-06-23
domain	disineypinnacle.net	—	2025-06-23
domain	offers-marketplace.net	—	2025-06-23
domain	wiresapplication.com	—	2025-06-23
domain	2fa-royalbank.com	—	2025-06-23
domain	auth-rbc.com	—	2025-06-23
domain	controlfinsecur.top	—	2025-06-23
domain	distrib-iivraison.com	—	2025-06-23
domain	fast-pay-btc.top	—	2025-06-23
domain	getproject-bit-mine.top	—	2025-06-23
domain	gytapoebuo.top	—	2025-06-23
domain	info-mondiairelay.com	—	2025-06-23
domain	mondiairelay-distribution.com	—	2025-06-23
domain	mondiairelay-france.com	—	2025-06-23
domain	mondiairelay-transport.com	—	2025-06-23
domain	online-btcpro.top	—	2025-06-23
domain	payment-profminer.top	—	2025-06-23
domain	pays-mbit-fast.top	—	2025-06-23
domain	tdauthenticate.com	—	2025-06-23
domain	varilusa-info.com	—	2025-06-23
URL	http://controlfinsecur.top/pay.php	—	2025-06-23
URL	http://gytapoebuo.top/pay.php	—	2025-06-23
URL	https://getproject-bit-mine.top/pay.php	—	2025-06-23
URL	https://info-mondiairelay.com/pac/calcul.php	—	2025-06-23
URL	https://mondiairelay-france.com/	—	2025-06-23
URL	https://mondiairelay-france.com/pac/calcul.php	—	2025-06-23
URL	https://pays-mbit-fast.top/payfrom/a413a4/c4x2/844354/	—	2025-06-23
domain	feegocox.com	—	2025-06-23
domain	audius.media	—	2025-06-23
domain	galxecompass.com	—	2025-06-23
domain	mymergeactportal.online	—	2025-06-23
domain	adeudos-jalisco.com	—	2025-06-23
domain	deliverypro-eu.com	—	2025-06-23
domain	facturacion-es.com	—	2025-06-23
domain	myflix-infos.com	—	2025-06-23
domain	mynetflx-infos.com	—	2025-06-23
domain	myposta-service.com	—	2025-06-23
domain	myposta-sk.com	—	2025-06-23
domain	posta-pe.com	—	2025-06-23
domain	posta-service.com	—	2025-06-23
domain	posta-services.com	—	2025-06-23
domain	postabg-fast.com	—	2025-06-23
domain	postask-serv.com	—	2025-06-23
domain	postask-service.com	—	2025-06-23
domain	raiffeisen-register.com	—	2025-06-23
domain	register-flix.com	—	2025-06-23
domain	registers-flix.com	—	2025-06-23
domain	registrenflix-info.com	—	2025-06-23
domain	skposta-fast.com	—	2025-06-23
domain	subscription-flix.com	—	2025-06-23
domain	subscriptions-eu.com	—	2025-06-23
domain	subscriptions-sa.com	—	2025-06-23
domain	subscriptions-service.com	—	2025-06-23
domain	thailandpostfast.com	—	2025-06-23
domain	upservice-eu.com	—	2025-06-23
domain	upservice-pro.com	—	2025-06-23
domain	upservice-sav.com	—	2025-06-23
URL	http://deliverypro-eu.com	—	2025-06-23
URL	http://deliverypro-eu.com/	—	2025-06-23
URL	http://postask-service.com/	—	2025-06-23
URL	http://subscriptions-eu.com/	—	2025-06-23
URL	http://upservice-eu.com	—	2025-06-23
URL	http://upservice-pro.com	—	2025-06-23
URL	http://upservice-pro.com/	—	2025-06-23
URL	http://upservice-sav.com/	—	2025-06-23
URL	http://www.subscriptions-eu.com/	—	2025-06-23
URL	https://deliverypro-eu.com	—	2025-06-23
URL	https://facturacion-es.com/	—	2025-06-23
URL	https://mynetflx-infos.com	—	2025-06-23
URL	https://myposta-service.com/	—	2025-06-23
URL	https://postask-service.com/	—	2025-06-23
URL	https://registrenflix-info.com/	—	2025-06-23
URL	https://subscriptions-sa.com/	—	2025-06-23
URL	https://thailandpostfast.com/	—	2025-06-23
URL	https://upservice-pro.com	—	2025-06-23
domain	app-soniclabs.xyz	—	2025-06-23
domain	axon-reward.org	—	2025-06-23
domain	consigneservices.com	—	2025-06-23
domain	event-sonicslabs.com	—	2025-06-23
domain	events-aave.org	—	2025-06-23
domain	events-pinlink.com	—	2025-06-23
domain	faucet-story.foundation	—	2025-06-23
domain	finance-sonicslabs.org	—	2025-06-23
domain	l2allocate.xyz	—	2025-06-23
domain	l2allocates.xyz	—	2025-06-23
domain	morphwares-events.com	—	2025-06-23
domain	morphwares-events.net	—	2025-06-23
domain	morphwares-events.org	—	2025-06-23
domain	morphwares-votes.net	—	2025-06-23
domain	morphwares-votes.org	—	2025-06-23
domain	proposals-sekoia.org	—	2025-06-23
domain	register-blst.cfd	—	2025-06-23
domain	reward-chainpal.net	—	2025-06-23
domain	reward-strawberry.net	—	2025-06-23
domain	rewards-strawberry.net	—	2025-06-23
domain	rewards-strawberry.xyz	—	2025-06-23
domain	rewards-strawberrys.org	—	2025-06-23
domain	rewards-treasuredao.net	—	2025-06-23
domain	rewards-treasuredao.xyz	—	2025-06-23
domain	vote-paal.com	—	2025-06-23
domain	votes-enq.com	—	2025-06-23
domain	xmw-votes.xyz	—	2025-06-23
URL	http://event-sonicslabs.com/	—	2025-06-23
URL	http://events-aave.org/	—	2025-06-23
URL	http://events-pinlink.com/	—	2025-06-23
URL	http://finance-sonicslabs.org/	—	2025-06-23
URL	http://morphwares-events.com	—	2025-06-23
URL	http://morphwares-votes.org	—	2025-06-23
URL	http://rewards-strawberry.net	—	2025-06-23
URL	https://consigneservices.com/suivi/26550	—	2025-06-23
hostname	ww25.infos-lieferung.de	—	2025-06-23
URL	https://ww25.infos-lieferung.de/	—	2025-06-23

References (1)

↗ https://open.substack.com/pub/intelinsights/p/host-long-and-prosper?utm_source=share&utm_medium=android&r=5l6xoe