Indicator of Compromise
sharepoint[.]com
A domain observed in malicious infrastructure. Block or monitor it in DNS and web proxies. Shown defanged for safe viewing; use Copy live value for the functional form.
Included in the Domains feed (live, machine-readable).
Related indicators
Indicators that appear alongside this one in the same reporting, often shared infrastructure or the same campaign.
06b4aebbc3cd62e0aadd1852102645f9a00cc7eea492c0939675efba7566a6de 11b71429869f29122236a44a292fde3f0269cde8eb76a52c89139f79f4b97e63 1204knos[.]ru1204networks[.]ru 2ba527fb8e31cb209df8d1890a63cda9cd4433aa0b841ed8b86fa801aff4ccbd 2ed5660c7b768b4c2a7899d00773af60cd4396f24a2f7d643ccc1bf74a403970 44cac5bf0bab56b0840bd1c7b95f9c7f5078ff417705eeaaf5ea5a2167a81dd5 48aa2393ef590bab4ff2fd1e7d95af36e5b6911348d7674347626c9aaafa255e 7e646dfe7b7f330cb21db07b94f611eb39f604fab36e347fb884f797ba462402 abobe[.]ithr[.]orgaka[.]msamgreetings[.]techamgreetings[.]tech-department[.]usamydeks[.]ithr[.]orgapi[.]store b79633917e51da2a4401473d08719f493d61fd64a1b10fe482c12d984d791ccb cabotcorpsupport-my[.]sharepoint[.]comcbre[.]techcbre[.]tech-department[.]usclear90489058903-document[.]workers[.]dev CVE-2021-43890 CVE-2025-20333 CVE-2025-20362 CVE-2026-20182 dashboard-bl[.]pamconj[.]com ffb45dc14ea908b21e01e87ec18725dff560c093884005c2b71277e2de354866 formeld[.]techformeld[.]tech-department[.]usgertefin[.]comhxxps://aka[.]ms/threatintelbloghxxps://mononapfp[.]sharepoint[.]com/:f:/document/INV-IgCx1X50pgUjR7iAjZL2fuQaAW4GfKVs6wHT3BYv9sgwW7g”hxxps://mononapfpcom[.]sharepoint[.]com/:f:/g/IgAdH_aaBPMcQbtINZzC1TsLARj3dHj63MnKjvnY-QJrKEchxxps://scheta[.]site/api[.]store/Setup[.]msixhxxps://scheta[.]site/api[.]store/ZoomInstaller[.]msixhxxps://thecyberwire[.]com/podcasts/microsoft-threat-intelligencehubergroup[.]techhubergroup[.]tech-department[.]usinfo-zoomapp[.]comithr[.]orgkellyhrservices-my[.]sharepoint[.]com