DomainMediumSignal 78/100

`modproz.run`

Location

United States

First Seen

Apr 11, 2025

Last Seen

Jun 6, 2026

Apr 11

First Seen

425d ago

Jun 6

Last Seen

4d ago

Reports

source reports

78%

Confidence

medium

Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

Domain Name

Malicious domain used for C2, phishing, or malware distribution.

MISP Category

Network Activity

Confidence

78%

Signal Score

78 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

25 techniques

Feed Intelligence Summary

8 reports78% confidence

Source reports

78%

Confidence score

Category tags

abusebad reputationbitsight tracebrute forcec2c2 communicationcommand & controlcredential harvestingcredential stuffingcredential theftcryptocurrencycryptocurrency theftdata exfiltrationdata store exposuredata theftexploitation activityidentity & access exploitationindicatorinfostealeringress tool transferinjection activityioclummalumma stealerlummac2lummac2 iocsmaasmalicious softwaremalvertisingmalwaremetadata analysismfa token theftnetworknorth americaoperating systempassword theftphishingphishing attackphishing campaignsprocess injectionransomwareredlineresearchedrussian threat actorserviceshamelsocial engineeringsocial media securitysteamsteam profilet1021.001t1027t1041t1055t1059t1059.005t1069.001t1071t1071.001t1078t1102t1105t1189t1204t1204.002t1486t1539t1555t1555.003t1555.004t1565t1566t1566.001t1566.002t1566.003threat actortor nodetrojan malwaretrojanized softwareunited states

Activity Timeline

1 total obs

Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

Minimal

30d

Minimal

3mo

Minimal

Intelligence SummaryAI Generated

The domain **modproz.run** has emerged as a significant indicator of compromise (IOC) associated with multiple cyber threats, including command and control (C

Threat ScoreHigh Risk

SIGNAL

Signal Score

78%

Confidence

Reports

First seenApr 11, 2025

Last seenJun 6, 2026

VirusTotal

Not checked

WHOIS

description: A coordinated international operation led by Microsoft’s Digital Crimes Unit (DCU), the U.S. Department of Justice (DOJ), Europol, and partners has dismantled the infrastructure of Lumma Stealer, a notorious Malware-as-a-Service (MaaS) platform linked to over 10 million infections and 1.7 million confirmed attacks globally. The action, announced in May 2025, resulted in the seizure of 2,300 malicious domains, sinkholing of traffic to Microsoft-controlled servers, and the suspension of Lumma’s Telegram-based affiliate marketplace, crippling its ability to steal sensitive data like passwords, cryptocurrency wallets, and MFA tokens 311. Lumma, developed by Russian threat actor "Shamel," operated under a subscription model ($250–$20,000) and was distributed via phishing campaigns, malvertising, and trojanized software. Its evasion tactics—such as abuse of legitimate cloud services, encrypted C2 communications, and geofenced payloads—made it a preferred tool for ransomware affiliates and credential harvesters.
domain rank: -1
subdomains count: 0

`modproz.run`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy