Infrastructure of Interest: High Confidence FastFlux

Aug. 8, 2025, 7:46 a.m.

Description

These indicators of compromise (IOCs) were identified through LevelBlue Labs' proprietary collection and threat hunting processes, leveraging AI-driven heuristics to detect anomalous DNS patterns, behavioral analysis of rapid IP rotation, and cross-referenced intelligence from global sinkhole data and network telemetry. The IOCs included in this pulse are associated with Fastflux networks, characterized by constantly changing IP addresses and DNS records to evade detection while maintaining resilient malicious infrastructure for phishing, malware delivery, or C2 operations. Use this data to enhance DNS-based detection rules, identify flux parent domains, and disrupt threat actor network resilience.

External References

https://otx.alienvault.com/pulse/68944fc710449ac8904aee33
Tags
2025-08-07

Date

  • Created: Aug. 7, 2025, 7:03 a.m.
  • Published: Aug. 7, 2025, 7:03 a.m.
  • Modified: Aug. 8, 2025, 7:46 a.m.

Indicators

  • www.ucdim.com
  • www.surprising-science.de
  • www.allmartsonline.com
  • www.utksps.org
  • www.tweetclash.com
  • www.tibetkitchen.ca
  • www.campus2020.fr
  • www.biopar.space
  • www.admtllandingpage.com
  • utksps.org
  • wiki.kotipizza.biz
  • mkto-sj090225.com
  • ihgorg.com
  • skonsa.net
  • doccdcsstage.ctdoc.org
  • argosonline.vip
  • williamsf1.com.sc.omtradc.net
  • rane-research.org
  • quickcloud.shop
  • proxy.hmxcn.com
  • osannp.com
  • lb.linapps.io
  • joekentiscia.com
  • go-ndt.cowley.edu
  • dp.meralco-imcs.com
  • account.hobsonsms.com
  • bookvrfsrv.com
  • baclofancfd.com
  • api2.platinumify.com
  • 1156zz.net
Download all indicators here!