📖 Overview
A domain-based indicator has been identified tied to payload delivery activity. The site masquerades as a cryptocurrency wallet service but instead redirects users through CAPTCHA challenges, likely to conceal malicious payload distribution. This IOC is rated as a high-confidence threat.
📌 Key Details
Field | Information |
---|---|
Type | Domain |
Indicator | ashigaruwallet[.]rs |
Threat Type | Payload Delivery |
Malware | unknown |
Confidence | 100% |
Date | 02 Sep 2025 – 16:22:38 UTC |
Tags | ClickFix |
Reporter | HuntYethHounds |
🔎 URLScan Result
Page Title: Verify Your Request
Screenshot: https://urlscan.io/screenshots/01990b3c-0693-71de-aaad-5e27e03386ea.png
Result: https://urlscan.io/result/01990b3c-0693-71de-aaad-5e27e03386ea/

📡 Related Intelligence
WHOIS Record: https://who.is/whois/ashigaruwallet.rs
VirusTotal Report: https://www.virustotal.com/gui/domain/ashigaruwallet.rs
🛡️ Defensive Guidance
- Block
ashigaruwallet[.]rs
at DNS, proxy, and endpoint layers. - Monitor for traffic involving cryptocurrency-themed phishing or payload delivery.
- Hunt for artifacts linked to unknown stealer or RAT delivery from this domain.
- Review logs for abnormal requests tied to CAPTCHA-protected payloads.
⚠️ This IOC appears to use CAPTCHA-gated delivery, which often indicates attempts to bypass automated analysis.