Skip to content Dark Web Informer - Cyber Threat Intelligence
IOC

IOC Alert: Suspicious Crypto Wallet Domain Used for Payload Delivery – ashigaruwallet[.]rs

📖 Overview
A domain-based indicator has been identified tied to payload delivery activity. The site masquerades as a cryptocurrency wallet service but instead redirects users through CAPTCHA challenges, likely to conceal malicious payload distribution. This IOC is rated as a high-confidence threat.


📌 Key Details

FieldInformation
TypeDomain
Indicatorashigaruwallet[.]rs
Threat TypePayload Delivery
Malwareunknown
Confidence100%
Date02 Sep 2025 – 16:22:38 UTC
TagsClickFix
ReporterHuntYethHounds

🔎 URLScan Result
Page Title: Verify Your Request
Screenshot: https://urlscan.io/screenshots/01990b3c-0693-71de-aaad-5e27e03386ea.png
Result: https://urlscan.io/result/01990b3c-0693-71de-aaad-5e27e03386ea/


📡 Related Intelligence
WHOIS Record: https://who.is/whois/ashigaruwallet.rs
VirusTotal Report: https://www.virustotal.com/gui/domain/ashigaruwallet.rs


🛡️ Defensive Guidance

  • Block ashigaruwallet[.]rs at DNS, proxy, and endpoint layers.
  • Monitor for traffic involving cryptocurrency-themed phishing or payload delivery.
  • Hunt for artifacts linked to unknown stealer or RAT delivery from this domain.
  • Review logs for abnormal requests tied to CAPTCHA-protected payloads.

⚠️ This IOC appears to use CAPTCHA-gated delivery, which often indicates attempts to bypass automated analysis.

Latest