Pulse Detail — Threat Intelligence

PULSE NAME

When Trusted Websites Turn Malicious: WordPress Compromises Advance Global Stealer Operation

WHITE PetrP.73 2026-03-11 Modified: 2026-04-10

166

IOCs

HIGH VOLUME

The following in-depth analysis of the most commonly-used CAPTCHA - the code used to secure the registration of a person using a password - has been published: (AS 202412).

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1583.001 T1584.006 T1587 T1588.001 T1608.001 T1608.004 T1189 T1059.001 T1140 T1027.002 T1055 T1497.001 T1497.003 T1555 T1539 T1552 T1071.001 T1132.002 T1573.001 T1104 T1095 T1571 T1102.001 T1041

Indicators of Compromise (166)

All URL domain hostname FileHash-MD5 FileHash-SHA1 FileHash-SHA256

TYPE	INDICATOR	DESCRIPTION	CREATED
URL	https://obf-io.deobfuscate.io/	—	2026-03-11
URL	http://94.154.35.115/user_profiles_photo/cptch.bin	—	2026-03-11
URL	http://alianzeg.shop/jsrepo?rnd='	—	2026-03-11
URL	http://beta-charts.org/	—	2026-03-11
URL	http://captiort.shop/	—	2026-03-11
URL	http://captiorweb.com/	—	2026-03-11
URL	http://captiorweb.com/captcha.html	—	2026-03-11
URL	http://captioto.com/?ref=addvera.eu	—	2026-03-11
URL	http://captioto.com/?ref=dakarailarriett.com	—	2026-03-11
URL	http://captioz.shop/?ref=shmuelcohen.com	—	2026-03-11
URL	http://captolls.com/captcha.html	—	2026-03-11
URL	http://captoolsz.com/?ref=www.taylorautoservices.com	—	2026-03-11
URL	http://captoolsz.com/captcha.html	—	2026-03-11
URL	http://capztoolz.com/?ref=www.bvd.co.il	—	2026-03-11
URL	http://capztoolz.com/?ref=www.de-eng.co.il	—	2026-03-11
URL	http://cptoptious.com/?ref=3plusa.net	—	2026-03-11
URL	http://cptoptious.com/?ref=agmagency.com	—	2026-03-11
URL	http://cptoptious.com/?ref=alchemistpeptides.com	—	2026-03-11
URL	http://cptoptious.com/?ref=bigenpakistan.com	—	2026-03-11
URL	http://cptoptious.com/?ref=blog.webrigo.com	—	2026-03-11
URL	http://cptoptious.com/?ref=engagenreap.com	—	2026-03-11
URL	http://cptoptious.com/?ref=fnbdubai.com	—	2026-03-11
URL	http://cptoptious.com/?ref=janadventures.com	—	2026-03-11
URL	http://cptoptious.com/?ref=latourfides.com	—	2026-03-11
URL	http://cptoptious.com/?ref=naturaltimberstone.com.au/	—	2026-03-11
URL	http://cptoptious.com/?ref=nzimmigration.info/	—	2026-03-11
URL	http://cptoptious.com/?ref=proactivwellnesscenters.com	—	2026-03-11
URL	http://cptoptious.com/?ref=topsoftwarecompanies.co	—	2026-03-11
URL	http://cptoptious.com/?ref=www.danneventhire.com.au	—	2026-03-11
URL	http://cptoptious.com/?ref=www.malam-payroll.com	—	2026-03-11
URL	http://cptoptious.com/?ref=www.michiganautolaw.com	—	2026-03-11
URL	http://cptoptious.com/?ref=www.renardetcaramel.com	—	2026-03-11
URL	http://cptoptious.com/?ref=www.tamireland.ie	—	2026-03-11
URL	http://cptoptious.com/?ref=www.unigib.edu.gi	—	2026-03-11
URL	http://cptoptious.com/?ref=www.violaobrasileiro.com.br	—	2026-03-11
URL	http://cptoptious.com/captcha.htm	—	2026-03-11
URL	http://dakarailarriett.com/wp-admin/admin-ajax.php?action=ajjs_run'	—	2026-03-11
URL	http://getalib.org/jsrepo?rnd='	—	2026-03-11
URL	http://goveanrs.org/jsrepo?rnd='	—	2026-03-11
URL	http://govearali.org/jsrepo?rnd='	—	2026-03-11
URL	http://greecpt.shop/?ref=vifaexpo.com	—	2026-03-11
URL	http://ligovera.shop/jsrepo?rnd='	—	2026-03-11
URL	http://medsnsw.com/product/buy-xanax-alprazolam-australia/	—	2026-03-11
URL	http://namzcp.org/captcha.html	—	2026-03-11
URL	http://phatapunjab.pk/new-pta-tax-for-used-iphone-15-series/	—	2026-03-11
URL	http://surveygifts.org/	—	2026-03-11
URL	http://ztdaliweb.shop/jsrepo?rnd='	—	2026-03-11
domain	3plusa.net	—	2026-03-11
domain	addvera.eu	—	2026-03-11
domain	agmagency.com	—	2026-03-11
domain	alchemistpeptides.com	—	2026-03-11
domain	alianzeg.shop	—	2026-03-11
domain	amcommunity.com	—	2026-03-11
domain	beta-charts.org	—	2026-03-11
domain	bigenpakistan.com	—	2026-03-11
domain	captiort.shop	—	2026-03-11
domain	captiorweb.com	—	2026-03-11
domain	captioto.com	—	2026-03-11
domain	captioz.shop	—	2026-03-11
domain	captolls.com	—	2026-03-11
domain	captoolsz.com	—	2026-03-11
domain	capztoolz.com	—	2026-03-11
domain	cptoptious.com	—	2026-03-11
domain	dakarailarriett.com	—	2026-03-11
domain	engagenreap.com	—	2026-03-11
domain	fnbdubai.com	—	2026-03-11
domain	getalib.org	—	2026-03-11
domain	gieable.shop	—	2026-03-11
domain	goarnsds.shop	—	2026-03-11
domain	gorscts.shop	—	2026-03-11
domain	goveanrs.org	—	2026-03-11
domain	govearali.org	—	2026-03-11
domain	greecpt.shop	—	2026-03-11
domain	janadventures.com	—	2026-03-11
domain	latourfides.com	—	2026-03-11
domain	ligovera.shop	—	2026-03-11
domain	medsnsw.com	—	2026-03-11
domain	missionloans.com	—	2026-03-11
domain	namsioc.shop	—	2026-03-11
domain	namzcp.org	—	2026-03-11
domain	naturaltimberstone.com.au	—	2026-03-11
domain	nzimmigration.info	—	2026-03-11
domain	perfendpoints.map	—	2026-03-11
domain	performancexhr.open	—	2026-03-11
domain	phatapunjab.pk	—	2026-03-11
domain	proactivwellnesscenters.com	—	2026-03-11
domain	shmuelcohen.com	—	2026-03-11
domain	surveygifts.org	—	2026-03-11
domain	vifaexpo.com	—	2026-03-11
domain	wepro.ch	—	2026-03-11
domain	ztdaliweb.shop	—	2026-03-11
hostname	blog.webrigo.com	—	2026-03-11
hostname	obf-io.deobfuscate.io	—	2026-03-11
hostname	www.bvd.co.il	—	2026-03-11
hostname	www.danneventhire.com.au	—	2026-03-11
hostname	www.de-eng.co.il	—	2026-03-11
hostname	www.malam-payroll.com	—	2026-03-11
hostname	www.michiganautolaw.com	—	2026-03-11
hostname	www.mrfpaint.com	—	2026-03-11
hostname	www.renardetcaramel.com	—	2026-03-11
hostname	www.tamireland.ie	—	2026-03-11
hostname	www.taylorautoservices.com	—	2026-03-11
hostname	www.unigib.edu.gi	—	2026-03-11
hostname	www.violaobrasileiro.com.br	—	2026-03-11
FileHash-MD5	0c214872afd60449a5a15876aecc6bf8	MD5 of 09d19e2b98e8eb530855fee8e19e9d5c68c70f558e024dcf82253209668a40ab	2026-03-11
FileHash-MD5	a84a2e52e706c5c88e09eb18801ace50	MD5 of 4a59ea08df0b002d5f9d28ebd778cdd854777ac9bf918469576e00e121586852	2026-03-11
FileHash-MD5	e3c9270e63a497b86255329a79946dcc	MD5 of c8dbd5335dc0828556e6abc2a804121bf65240719a8a3388a5af6b65065a2d5b	2026-03-11
FileHash-MD5	ee191f8bc4942595681ca9a9f2acdbca	—	2026-03-11
FileHash-MD5	fe4a3fb1a48bbdea986e05d1459f925e	MD5 of 50fc22b653a6436825658260c92c3750169622522aa0bf8147fb36a384e85245	2026-03-11
FileHash-SHA1	aebef5ac3363c6fd9527d11c1b95fefa4008a141	SHA1 of 09d19e2b98e8eb530855fee8e19e9d5c68c70f558e024dcf82253209668a40ab	2026-03-11
FileHash-SHA1	c4df65cee5750e705648114c76405336c77c1173	SHA1 of 50fc22b653a6436825658260c92c3750169622522aa0bf8147fb36a384e85245	2026-03-11
FileHash-SHA1	c68c399548ab4c93ebcec27976e23e8bb7308010	SHA1 of c8dbd5335dc0828556e6abc2a804121bf65240719a8a3388a5af6b65065a2d5b	2026-03-11
FileHash-SHA1	d4c57ff2ef1c8aa9a16791dc319b2c5e35f0693f	SHA1 of 4a59ea08df0b002d5f9d28ebd778cdd854777ac9bf918469576e00e121586852	2026-03-11
FileHash-SHA256	09d19e2b98e8eb530855fee8e19e9d5c68c70f558e024dcf82253209668a40ab	—	2026-03-11
FileHash-SHA256	14fc0065cc0b3ca215ffdf14824e41fb0a7840e8e771dbfdc3bbb06a9e042e9e	—	2026-03-11
FileHash-SHA256	16508e345ac1734a6bb661e87c96553fd7fd8a184296bd2aa3203b65efc1bae9	—	2026-03-11
FileHash-SHA256	1d9a023dacaf443ea6d4cf1d8f44027cb034883ecb732b5ac434b26b4b3f4320	—	2026-03-11
FileHash-SHA256	20c6c29f7daca909b1d89a39a2e4e0f6f93ad9c495a4153da305a9cac7157001	—	2026-03-11
FileHash-SHA256	334930b8096992d4c02aca57497818a0f3477ba773dd2c7c97efcc0b70c16b6d	—	2026-03-11
FileHash-SHA256	4a59ea08df0b002d5f9d28ebd778cdd854777ac9bf918469576e00e121586852	—	2026-03-11
FileHash-SHA256	4f6afc69c3151bbc71f86417dbf8cca0eed89b47c66d3e0d8712bfd4eba87a00	—	2026-03-11
FileHash-SHA256	50fc22b653a6436825658260c92c3750169622522aa0bf8147fb36a384e85245	—	2026-03-11
FileHash-SHA256	522faa41e7dc20bcacb1651ed1ea85a58c34b4a24411a7f75a00f4e795ac0d35	—	2026-03-11
FileHash-SHA256	57439ae4c63579d9995ed4a1e54ecb2b510c1afa5864f1188acebe6660da62c7	—	2026-03-11
FileHash-SHA256	69bc8caf4b5da7ae33c5568b1c90212627728540e1a5b79412ae68d0abfda2f4	—	2026-03-11
FileHash-SHA256	867d7859c1a8b0d8b83ec2b5b712b9430c53ef7cbca80ebba03da7ca31b3793d	—	2026-03-11
FileHash-SHA256	8c83b46a7ca674bf717765b734a919c78556c193d1942de94be409c4ed663d1a	—	2026-03-11
FileHash-SHA256	b73d9535dea3d153abedae031b0f4534d68bf881b72554eeb5a48f4752ee4f7d	—	2026-03-11
FileHash-SHA256	bdd8e61402a0683a5e15c06628a6adf2f222e9b14f06f2952d633f68b5e801f6	—	2026-03-11
FileHash-SHA256	c8dbd5335dc0828556e6abc2a804121bf65240719a8a3388a5af6b65065a2d5b	—	2026-03-11
FileHash-SHA256	ca9e370c4676fe94a275647831769fe83fd151bfe8a2c8bbe9660fe10d9b4f0c	—	2026-03-11
FileHash-SHA256	d8f3ee9dd462c7745db488bc4a8e77ea11b79048ce952b66e55665c530de2ddc	—	2026-03-11
FileHash-SHA256	de5d188dae7206097f4615a07fb0a1c53903936f8d71abe69b494c24af79b27d	—	2026-03-11
FileHash-SHA256	f302654cd962076c6ca566e96ad95c9f4663ae422ed3b24a1a96d6d33a39f3da	—	2026-03-11
FileHash-SHA256	f9eb41e9989ac7ce9c1ece15a7e7c4a0adef1434444598f28c6ba5d20daf1352	—	2026-03-11
URL	http://158.94.209.33/	—	2026-03-11
URL	http://158.94.210.166:5555	—	2026-03-11
URL	http://158.94.210.166:9993	—	2026-03-11
URL	http://172.94.9.187/9cca20c6df659f72/chromelevator.bin	—	2026-03-11
URL	http://172.94.9.187/9cca20c6df659f72/cptch2.bin	—	2026-03-11
URL	http://172.94.9.187/9cca20c6df659f72/cptchbuild.bin	—	2026-03-11
URL	http://172.94.9.187/9cca20c6df659f72/mycptpl.bin	—	2026-03-11
URL	http://178.16.53.70/	—	2026-03-11
URL	http://178.16.55.40:5555	—	2026-03-11
URL	http://198.251.89.239:27767	—	2026-03-11
URL	http://45.61.148.118/	—	2026-03-11
URL	http://91.92.240.219/	—	2026-03-11
URL	http://94.154.35.115/user_profiles_photo/chromelevator.bin	—	2026-03-11
URL	http://94.154.35.115/user_profiles_photo/cptch2.bin	—	2026-03-11
URL	http://94.154.35.115/user_profiles_photo/cptchbuild.bin	—	2026-03-11
URL	http://cptoptious.com/captcha.html	—	2026-03-11
URL	http://gorscts.shop/captcha.html	—	2026-03-11
URL	http://greecpt.shop/captcha.html	—	2026-03-11
domain	getalia.org	—	2026-03-11
domain	getfix.win	—	2026-03-11
domain	newtdsone.shop	—	2026-03-11
hostname	bek.cloudvaly.com	—	2026-03-11
hostname	csp.cloudvaly.com	—	2026-03-11
hostname	gty.cloudvaly.com	—	2026-03-11
hostname	kec.cloudvaly.com	—	2026-03-11
hostname	lts.cloudvaly.com	—	2026-03-11
hostname	pov.cloudvaly.com	—	2026-03-11
hostname	rrg.cdcmn.edu.bd	—	2026-03-11
hostname	spf.cloudvaly.com	—	2026-03-11
hostname	tor.cloudvaly.com	—	2026-03-11
hostname	trx.cdcmn.edu.bd	—	2026-03-11

References (1)

↗ https://www.rapid7.com/blog/post/tr-malicious-websites-wordpress-compromise-advances-global-stealer-operation/