IOC Alert: Suspicious Crypto Wallet Domain Used for Payload Delivery – ashigaruwallet[.]rs

📖 Overview
A domain-based indicator has been identified tied to payload delivery activity. The site masquerades as a cryptocurrency wallet service but instead redirects users through CAPTCHA challenges, likely to conceal malicious payload distribution. This IOC is rated as a high-confidence threat.

📌 Key Details

🔎 URLScan Result
Page Title: Verify Your Request
Screenshot: https://urlscan.io/screenshots/01990b3c-0693-71de-aaad-5e27e03386ea.png
Result: https://urlscan.io/result/01990b3c-0693-71de-aaad-5e27e03386ea/

📡 Related Intelligence
WHOIS Record: https://who.is/whois/ashigaruwallet.rs
VirusTotal Report: https://www.virustotal.com/gui/domain/ashigaruwallet.rs

🛡️ Defensive Guidance

• Block ashigaruwallet[.]rs at DNS, proxy, and endpoint layers.
• Monitor for traffic involving cryptocurrency-themed phishing or payload delivery.
• Hunt for artifacts linked to unknown stealer or RAT delivery from this domain.
• Review logs for abnormal requests tied to CAPTCHA-protected payloads.

⚠️ This IOC appears to use CAPTCHA-gated delivery, which often indicates attempts to bypass automated analysis.