Skip to content
Latest
Jscrambler npm Compromise Shows Build Pipelines Need Runtime ControlsGhost Phishing Shows Why Email Security Must Follow the BrowserPakistani Police Intrusions Show Why Public-Sector Data Systems Are Strategic TargetsBad Epoll Shows Linux Kernel LPEs Belong in the Patch Priority QueueFake Payment SDKs Show Why Dependency Risk Is Credential RiskCritical UniFi Flaws Put Network Control Planes Back in the Patch QueueVidar Stealer Campaign Shows Why File Size and Fake Signatures Still Beat Weak ControlsADFS Signing Keys Show Why Federation Servers Are Tier-Zero Identity InfrastructureUAT-7810 Shows Edge Devices Are Becoming China-Nexus Relay InfrastructureFortiBleed Shows Firewall Credentials Are Ransomware FuelNetNut and Popa Takedown Shows Residential Proxies Are Now Attack InfrastructureVect and TeamPCP Show Supply-Chain Credentials Are Ransomware FuelOusaban Shows Banking Trojans Are Learning to Hide From SandboxesNUT upsmon Command Injection Shows UPS Monitoring Belongs in the Patch Queue

Indicator of Compromise

telecom[.]webredirect[.]org

Domain Seen in 2 reports Watch this →

A domain observed in malicious infrastructure. Block or monitor it in DNS and web proxies. Shown defanged for safe viewing; use Copy live value for the functional form.

Included in the Domains feed (live, machine-readable).

Related indicators

Indicators that appear alongside this one in the same reporting, often shared infrastructure or the same campaign.

webredirect[.]org101[.]36[.]105[.]222116[.]169[.]244[.]208139[.]84[.]227[.]139192[.]9[.]141[.]111194[.]135[.]25[.]132 2229e7f3cabbce4d67cd79c89fd5a100b20e8a99f4a2bf9aac77a978f49eb520 23[.]27[.]201[.]160 27df475626aafce2ea1548a9f35efb9ad951298c8b11a6adb3ccdfcd5170c677 64[.]176[.]43[.]209 A72427af3c046fd90999a6505b2372dc4ffde122227f30ed21621ecd4f2d3e8b assets[.]lumen[.]com CVE-2025-3248 CVE-2026-35273 CVE-2026-5027 E28a96f983b8605decd2ac1db16ebad5fa741a6aa4e585a38ade0e5ad7d6cec0 hxxps://assets[.]lumen[.]com/is/content/Lumen/Black_Lotus_Labs_Video-6341053041112hxxps://assets[.]lumen[.]com/is/image/Lumen/author-black-lotus-labs-logo-image-300x300?Creativeid=b08a9660-2840-4cf8-b2b4-aa45b9585632hxxps://assets[.]lumen[.]com/is/image/Lumen/img-blog-bll-malware-fig1?$PNG$&Creativeid=baae57fe-30cb-446d-9373-b5835ed6d74ahxxps://assets[.]lumen[.]com/is/image/Lumen/img-blog-bll-malware-fig2?$PNG$&Creativeid=679e321b-7df3-45e4-9292-c1c02c13732chxxps://assets[.]lumen[.]com/is/image/Lumen/img-blog-bll-malware-fig3?$PNG$&Creativeid=c742db12-86dc-4216-b182-07991ebadce5hxxps://assets[.]lumen[.]com/is/image/Lumen/img-blog-bll-malware-fig4?$PNG$&Creativeid=f104f1c6-3a1f-460b-b597-813b63e43e0dhxxps://assets[.]lumen[.]com/is/image/Lumen/img-blog-bll-malware-fig5?$PNG$&Creativeid=9f6a7f84-711d-4f83-b1b4-38b6129e1d23hxxps://assets[.]lumen[.]com/is/image/Lumen/img-blog-bll-malware-fig6?$PNG$&Creativeid=a9148deb-22b8-43c8-bb11-dc6feceb9714hxxps://assets[.]lumen[.]com/is/image/Lumen/img-blog-bll-malware-fig8?$PNG$&Creativeid=bdd1dcd8-5848-4020-b2e8-448ad48d9e98hxxps://assets[.]lumen[.]com/is/image/Lumen/img-blog-bll-malware-showboat-table?$JPG$&Creativeid=416e9156-1fd8-4382-b2a3-107f5062946ahxxps://assets[.]lumen[.]com/is/image/Lumen/img-blog-bll-newmalware-figure7?$PNG$&Creativeid=adbfea9c-c17b-4cbe-bb9d-c800b6b23a84hxxps://assets[.]lumen[.]com/is/image/Lumen/img-blog-featured-resource-card-bll?Creativeid=844b527d-b24a-4d66-928e-9d6964fc2220hxxps://assets[.]lumen[.]com/is/image/Lumen/img-blog-header-bll-malware-848x566?$PNG$&Creativeid=7832e142-117a-4b22-9ce4-cf575ba34f02hxxps://pastebin[.]com/raw/[actor_pagehxxps://www[.]lumen[.]com/en-us/security/black-lotus-labs[.]htmlkaztelecom[.]shopld[.]sopastebin[.]comsingtelcom[.]siteukpkmkk[.]sowww[.]lumen[.]com