Skip to content
Latest
Jscrambler npm Compromise Shows Build Pipelines Need Runtime ControlsGhost Phishing Shows Why Email Security Must Follow the BrowserPakistani Police Intrusions Show Why Public-Sector Data Systems Are Strategic TargetsBad Epoll Shows Linux Kernel LPEs Belong in the Patch Priority QueueFake Payment SDKs Show Why Dependency Risk Is Credential RiskCritical UniFi Flaws Put Network Control Planes Back in the Patch QueueVidar Stealer Campaign Shows Why File Size and Fake Signatures Still Beat Weak ControlsADFS Signing Keys Show Why Federation Servers Are Tier-Zero Identity InfrastructureUAT-7810 Shows Edge Devices Are Becoming China-Nexus Relay InfrastructureFortiBleed Shows Firewall Credentials Are Ransomware FuelNetNut and Popa Takedown Shows Residential Proxies Are Now Attack InfrastructureVect and TeamPCP Show Supply-Chain Credentials Are Ransomware FuelOusaban Shows Banking Trojans Are Learning to Hide From SandboxesNUT upsmon Command Injection Shows UPS Monitoring Belongs in the Patch Queue

Indicator of Compromise

sharepoint[.]com

Domain Seen in 2 reports Watch this →

A domain observed in malicious infrastructure. Block or monitor it in DNS and web proxies. Shown defanged for safe viewing; use Copy live value for the functional form.

Included in the Domains feed (live, machine-readable).

Related indicators

Indicators that appear alongside this one in the same reporting, often shared infrastructure or the same campaign.

06b4aebbc3cd62e0aadd1852102645f9a00cc7eea492c0939675efba7566a6de 11b71429869f29122236a44a292fde3f0269cde8eb76a52c89139f79f4b97e63 1204knos[.]ru1204networks[.]ru 2ba527fb8e31cb209df8d1890a63cda9cd4433aa0b841ed8b86fa801aff4ccbd 2ed5660c7b768b4c2a7899d00773af60cd4396f24a2f7d643ccc1bf74a403970 44cac5bf0bab56b0840bd1c7b95f9c7f5078ff417705eeaaf5ea5a2167a81dd5 48aa2393ef590bab4ff2fd1e7d95af36e5b6911348d7674347626c9aaafa255e 7e646dfe7b7f330cb21db07b94f611eb39f604fab36e347fb884f797ba462402 abobe[.]ithr[.]orgaka[.]msamgreetings[.]techamgreetings[.]tech-department[.]usamydeks[.]ithr[.]orgapi[.]store b79633917e51da2a4401473d08719f493d61fd64a1b10fe482c12d984d791ccb cabotcorpsupport-my[.]sharepoint[.]comcbre[.]techcbre[.]tech-department[.]usclear90489058903-document[.]workers[.]dev CVE-2021-43890 CVE-2025-20333 CVE-2025-20362 CVE-2026-20182 dashboard-bl[.]pamconj[.]com ffb45dc14ea908b21e01e87ec18725dff560c093884005c2b71277e2de354866 formeld[.]techformeld[.]tech-department[.]usgertefin[.]comhxxps://aka[.]ms/threatintelbloghxxps://mononapfp[.]sharepoint[.]com/:f:/document/INV-IgCx1X50pgUjR7iAjZL2fuQaAW4GfKVs6wHT3BYv9sgwW7g”hxxps://mononapfpcom[.]sharepoint[.]com/:f:/g/IgAdH_aaBPMcQbtINZzC1TsLARj3dHj63MnKjvnY-QJrKEchxxps://scheta[.]site/api[.]store/Setup[.]msixhxxps://scheta[.]site/api[.]store/ZoomInstaller[.]msixhxxps://thecyberwire[.]com/podcasts/microsoft-threat-intelligencehubergroup[.]techhubergroup[.]tech-department[.]usinfo-zoomapp[.]comithr[.]orgkellyhrservices-my[.]sharepoint[.]com