Home/ConnectWise/IOCs
IOCs

Indicators for ConnectWise

651 indicators · scoped to malware families · back to ConnectWise
Live IOCs from URLhaus, ThreatFox, MalwareBazaar, and abuse.ch SSLBL for malware families this tool uses. All indicators are defanged for safe handling.

Indicators

100 of 651
url
hxxps://femilessn.top/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest&c=&c=Move0to0othe
family connectwise source urlhaus first seen 2026-05-30T19:39:41Z
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://admirable-dolphin-7483f8.netlify.app/nancore.msi
family connectwise source urlhaus first seen 2026-05-30T19:39:41Z
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://admin.hbdhfijnsgjnds.top/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest
family connectwise source urlhaus first seen 2026-05-30T19:39:41Z
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://zoominviteeees.de/downloads/ZoomWorkspace.ClientSetup.msi
family connectwise source urlhaus first seen 2026-05-30T19:39:41Z
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://uss001web.com/Windows/download.php
family connectwise source urlhaus first seen 2026-05-30T19:39:41Z
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://zoom.web-interviews.live/download.php
family connectwise source urlhaus first seen 2026-05-30T19:39:41Z
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://zoom-in.pages.dev/ZoomWorkspace.msi
family connectwise source urlhaus first seen 2026-05-30T19:39:41Z
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://app.idanburuku.sbs/Bin/ScreenConnect.ClientSetup.msi
family connectwise source urlhaus first seen 2026-05-30T19:39:41Z
VirusTotalurlscanOTXURLhausPulsedive
url
hxxp://96.126.176.23/screen/panel1.vbs
family connectwise source urlhaus first seen 2026-05-30T19:39:41Z
VirusTotalurlscanOTXURLhausPulsedive
sslbl_sha1
1fe4d1c9b7106f25e606894cb6a64f69c4862b29
family ConnectWise source sslbl first seen 2026-05-28 09:13:19
VirusTotalOTX
sslbl_sha1
a9f5a1cdf5c8168262c2e6cf9351698e156eeebd
family ConnectWise source sslbl first seen 2026-05-28 07:21:32
VirusTotalOTX
sslbl_sha1
f3b02175ff6d2bbf0149b4a450acdf2a9f2897c8
family ConnectWise source sslbl first seen 2026-05-28 07:04:01
VirusTotalOTX
sslbl_sha1
dfa296408a06fbf413bbc9920a64f28bd7e87c2a
family ConnectWise source sslbl first seen 2026-05-26 09:02:11
VirusTotalOTX
sslbl_sha1
e0c5ff6a90a60b1d91c2abbdc0f119f2d4b44cc4
family ConnectWise source sslbl first seen 2026-05-26 06:54:04
VirusTotalOTX
sslbl_sha1
26aa04826a7152f90e6f9c8b4b18627a9a1178cc
family ConnectWise source sslbl first seen 2026-05-26 06:53:28
VirusTotalOTX
sslbl_sha1
0e2aecc13e16525451418dcd9c0d0b41f1adbc13
family ConnectWise source sslbl first seen 2026-05-24 14:02:41
VirusTotalOTX
sslbl_sha1
47dc97dd3c0001f90dfe09c8939dc226fec0629b
family ConnectWise source sslbl first seen 2026-05-21 07:42:46
VirusTotalOTX
sslbl_sha1
b35d55d93bbd105b4787eed854e5430ac0b4b901
family ConnectWise source sslbl first seen 2026-05-18 07:26:30
VirusTotalOTX
sslbl_sha1
646821885b9e966ba8bb62c511f6b90a0b8d58c8
family ConnectWise source sslbl first seen 2026-05-08 09:19:27
VirusTotalOTX
url
hxxps://bafybeibh6u74fuvyazqu2q7y6pginkxprjurxchgfshwigrs5y77qcbj6i.ipfs.dweb.link/?filena
family connectwise source urlhaus first seen 2026-05-06 21:23:18 UTC
VirusTotalurlscanOTXURLhausPulsedive
sslbl_sha1
47fd399c8f9f2074b6d16aaa853cd6eaacecd1ed
family ConnectWise source sslbl first seen 2026-05-05 13:38:34
VirusTotalOTX
sslbl_sha1
06e08670cd781e40cee3c93163c7d29ea73d4acb
family ConnectWise source sslbl first seen 2026-05-05 13:34:58
VirusTotalOTX
url
hxxps://darcymotors2.screenconnect.com/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest&
family connectwise source urlhaus first seen 2026-04-26 18:40:16 UTC
VirusTotalurlscanOTXURLhausPulsedive
sslbl_sha1
9f7fd5816e0bf900bc5142ef5f6f1e9c0fb2cfdf
family ConnectWise source sslbl first seen 2026-04-20 14:42:49
VirusTotalOTX
url
hxxps://pub-f629f9eff5c742ab9493f73c421a617a.r2.dev/Installer.msi
family connectwise source urlhaus first seen 2026-04-17 19:45:08 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://pub-9c47b1bd45604a82bb27d7c7000ef589.r2.dev/preeuy.msi
family connectwise source urlhaus first seen 2026-04-17 19:01:15 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://connect.kexlore.cfd/ScreenConnect.ClientSetup.exe
family connectwise source urlhaus first seen 2026-04-17 06:15:14 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://github.com/kemo828/test/raw/refs/heads/main/ConnectWiseControl.ClientSetup%20(6).m
family connectwise source urlhaus first seen 2026-04-15 13:05:18 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://github.com/kemo828/screen/raw/refs/heads/main/ragap.vbs
family connectwise source urlhaus first seen 2026-04-15 13:05:18 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://github.com/kemo828/test/raw/refs/heads/main/ClientSetup.msi
family connectwise source urlhaus first seen 2026-04-15 13:05:18 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://github.com/kemo828/screen/raw/refs/heads/main/ConnectWiseControl.ClientSetup.msi
family connectwise source urlhaus first seen 2026-04-15 13:05:18 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://github.com/kemo828/screen/raw/refs/heads/main/ragap.msi
family connectwise source urlhaus first seen 2026-04-15 13:05:18 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://github.com/kemo828/screen/raw/refs/heads/main/setup.msi
family connectwise source urlhaus first seen 2026-04-15 13:05:17 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://github.com/kemo828/screen/raw/refs/heads/main/panel82.vbs
family connectwise source urlhaus first seen 2026-04-15 13:05:16 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://github.com/kemo828/test/raw/refs/heads/main/setup.msi
family connectwise source urlhaus first seen 2026-04-15 13:05:12 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://github.com/kemo828/kr/raw/refs/heads/main/ClientSetup.msi
family connectwise source urlhaus first seen 2026-04-15 13:05:11 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://github.com/kemo828/test/raw/refs/heads/main/ssa.vbs
family connectwise source urlhaus first seen 2026-04-15 13:05:10 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://github.com/kemo828/test/raw/refs/heads/main/TruckController.ClientSetup.msi
family connectwise source urlhaus first seen 2026-04-15 13:05:10 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://pub-fc10525f25d247e4a38787b5b64673ec.r2.dev/AdobeInstaller.msi
family connectwise source urlhaus first seen 2026-04-15 08:52:16 UTC
VirusTotalurlscanOTXURLhausPulsedive
sslbl_sha1
4d303a7858b8d0411d6f171866329cdcb69e81d3
family ConnectWise source sslbl first seen 2026-04-15 07:45:29
VirusTotalOTX
url
hxxps://nenkines-attachments.top/download
family connectwise source urlhaus first seen 2026-04-14 19:52:07 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxp://legitserver.theworkpc.com:5443/OneDriveServer.zip
family connectwise source urlhaus first seen 2026-04-14 19:37:10 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxp://184.174.20.150:8040/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest&c=bat&c=&c=&
family connectwise source urlhaus first seen 2026-04-14 19:28:18 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://doc.e-statements.app/Bin/support.ClientSetup.msi?e=Access&y=Guest&c=4-4-2026&c=&c=
family connectwise source urlhaus first seen 2026-04-14 10:56:17 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxp://23.94.232.76:8040/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest
family connectwise source urlhaus first seen 2026-04-14 10:41:12 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://www.dropbox.com/scl/fi/tpxodftkoenzy8fxnn08z/ScreenConnect.ClientSetup.msi?rlkey=7
family connectwise source urlhaus first seen 2026-04-14 07:44:08 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://pub-0a6599d7d6394e379b6da3d6bfb5354a.r2.dev/nenkin.msi
family connectwise source urlhaus first seen 2026-04-13 13:10:15 UTC
VirusTotalurlscanOTXURLhausPulsedive
sslbl_sha1
9adbaea1d6a8bc4c4065569a77ddd9592de54f6e
family ConnectWise source sslbl first seen 2026-04-12 14:58:28
VirusTotalOTX
sslbl_sha1
77ebda500a4e89331291ca82c91d3609d7cd093e
family ConnectWise source sslbl first seen 2026-04-12 14:58:10
VirusTotalOTX
sslbl_sha1
542cbd3458be0c8682edaf5b48d9d8383a566db1
family ConnectWise source sslbl first seen 2026-04-12 14:52:07
VirusTotalOTX
url
hxxps://sesdigitalsolutions.com/files/EventVPcardSC_PU1KQZvw_installer.msi
family connectwise source urlhaus first seen 2026-04-10 21:04:22 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://94.154.32.12/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest
family connectwise source urlhaus first seen 2026-04-10 19:02:21 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://195.177.94.41/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest
family connectwise source urlhaus first seen 2026-04-10 19:02:20 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://104.249.10.37/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest
family connectwise source urlhaus first seen 2026-04-10 19:02:20 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://94.154.32.32/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest
family connectwise source urlhaus first seen 2026-04-10 19:02:20 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxp://94.154.32.74:8040/Bin/ScreenConnect.ClientSetup.exe?e=Access&y=Guest
family connectwise source urlhaus first seen 2026-04-10 19:02:19 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://94.154.32.12/Bin/ScreenConnect.ClientSetup.exe?e=Access&y=Guest
family connectwise source urlhaus first seen 2026-04-10 19:02:19 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://94.154.32.29/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest
family connectwise source urlhaus first seen 2026-04-10 19:02:19 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://195.177.94.30/Bin/ScreenConnect.ClientSetup.exe?e=Access&y=Guest
family connectwise source urlhaus first seen 2026-04-10 19:02:19 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxp://94.154.32.74:8040/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest
family connectwise source urlhaus first seen 2026-04-10 19:02:18 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://104.249.10.37/Bin/ScreenConnect.ClientSetup.exe?e=Access&y=Guest
family connectwise source urlhaus first seen 2026-04-10 19:02:14 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://195.177.94.74/Bin/ScreenConnect.ClientSetup.exe?e=Access&y=Guest
family connectwise source urlhaus first seen 2026-04-10 19:02:14 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxp://94.154.32.80:8040/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest
family connectwise source urlhaus first seen 2026-04-10 19:02:14 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://94.154.32.32/Bin/ScreenConnect.ClientSetup.exe?e=Access&y=Guest
family connectwise source urlhaus first seen 2026-04-10 19:02:13 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxp://94.154.32.80:8040/Bin/ScreenConnect.ClientSetup.exe?e=Access&y=Guest
family connectwise source urlhaus first seen 2026-04-10 19:02:12 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://pub-2ac530845a0b40f68c46df8146d4315a.r2.dev/scamily.msi
family connectwise source urlhaus first seen 2026-04-09 07:19:10 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxp://38.240.58.33:8040/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest
family connectwise source urlhaus first seen 2026-04-09 07:14:08 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxp://5.101.82.22:8040/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest&t=massspamming&
family connectwise source urlhaus first seen 2026-04-06 14:30:13 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://themaintechnician.us/Bin/ScreenConnect.ClientSetup.msi
family connectwise source urlhaus first seen 2026-04-02 14:42:16 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://stajestetice.top/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest&c=2Billi&c=&c=
family connectwise source urlhaus first seen 2026-04-01 15:14:17 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://pub-563376bbe356408a8c67e226123a6095.r2.dev/ScreenConnect.ClientSetup.msi
family connectwise source urlhaus first seen 2026-04-01 12:19:11 UTC
VirusTotalurlscanOTXURLhausPulsedive
sslbl_sha1
bca47a4d874b87ac2ebd5f2284c813daae1a2be9
family ConnectWise source sslbl first seen 2026-04-01 05:54:19
VirusTotalOTX
url
hxxps://fidels.b-cdn.net/ScreenConnect.ClientSetup.msi
family connectwise source urlhaus first seen 2026-03-29 14:00:17 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxp://167.148.41.234:8040/bin/support.client.exe?i=&e=Support&y=Guest&r=
family connectwise source urlhaus first seen 2026-03-28 06:46:08 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://brsrys.com/Bin/ScreenConnect.ClientSetup.msi
family connectwise source urlhaus first seen 2026-03-26 15:33:37 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://pub-43852e2f13f44540903efdf59f8a7582.r2.dev/ScreenConnect.ClientSetup.msi
family connectwise source urlhaus first seen 2026-03-26 15:33:36 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://server.admirableskreen.top/Bin/ScreenConnect.ClientSetup.msi
family connectwise source urlhaus first seen 2026-03-26 15:33:36 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://wesneet.it.com/Bin/ScreenConnect.ClientSetup.msi
family connectwise source urlhaus first seen 2026-03-26 15:33:34 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxp://94.154.32.198:8040/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest
family connectwise source urlhaus first seen 2026-03-26 08:13:12 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxp://94.154.32.198/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest
family connectwise source urlhaus first seen 2026-03-26 08:12:05 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://pub-6d532b12105b49bd96b29361979b87a1.r2.dev/tIcUpcByNeyfYctCqpeWBhnfxWDUta/ScreenC
family connectwise source urlhaus first seen 2026-03-25 14:56:10 UTC
VirusTotalurlscanOTXURLhausPulsedive
sslbl_sha1
8fbf834f37dadb65140fa1b980c421af7a5c74cc
family ConnectWise source sslbl first seen 2026-03-24 07:49:33
VirusTotalOTX
url
hxxps://heavyvaultpanel.top/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest
family connectwise source urlhaus first seen 2026-03-23 09:04:24 UTC
VirusTotalurlscanOTXURLhausPulsedive
sslbl_sha1
7da0a76b514869395da864dff3444a294c5bc73b
family ConnectWise source sslbl first seen 2026-03-23 09:03:15
VirusTotalOTX
url
hxxp://5.252.21.239/files/1323113534/0GEqRqp.msi
family connectwise source urlhaus first seen 2026-03-22 03:52:11 UTC
VirusTotalurlscanOTXURLhausPulsedive
sslbl_sha1
a6e03deb01aff6efdfb37d961c5310d939541fe4
family ConnectWise source sslbl first seen 2026-03-20 07:35:28
VirusTotalOTX
url
hxxps://cloud.pearlpeel.com/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest
family connectwise source urlhaus first seen 2026-03-18 11:45:14 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://drive.google.com/uc?id=1pRB6od3pM8uHbdKoY6ykQobAcJhh13eC&export=download
family connectwise source urlhaus first seen 2026-03-18 11:45:08 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://pub-aa4b4a4b76964ef7b9e03a074612353a.r2.dev/ScreenConnect.ClientSetup.exe
family connectwise source urlhaus first seen 2026-03-18 11:39:12 UTC
VirusTotalurlscanOTXURLhausPulsedive
sslbl_sha1
37866f376bf1335fa8974bcfc033cd5083433522
family ConnectWise source sslbl first seen 2026-03-16 20:39:54
VirusTotalOTX
url
hxxps://pub-1ec2bbf13b3f4e7a9f948cb72ded816d.r2.dev/ScreenConnect.ClientSetup.msi
family connectwise source urlhaus first seen 2026-03-16 20:36:14 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://pub-72dca37cb1ce4100a2f8db504cb4502f.r2.dev/ScreenConnect.ClientSetup.msi
family connectwise source urlhaus first seen 2026-03-14 16:22:11 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxp://158.94.208.7/vidar/random.exe
family connectwise source urlhaus first seen 2026-03-12 15:02:08 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://teak.gen.tr/Z/zoom/Windows/download.php
family connectwise source urlhaus first seen 2026-03-10 15:56:16 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://preciosasjoyitas.com.mx/pdf/pdf/ScreenConnect.ClientSetup.msi
family connectwise source urlhaus first seen 2026-03-10 14:24:34 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://pub-cb25e0ca1e5b4d3b8b4dc881580f5473.r2.dev/ScreenConnect.ClientSetup.msi
family connectwise source urlhaus first seen 2026-03-10 14:24:21 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxp://158.94.211.222/files/7093422244/JHvHyiz.msi
family connectwise source urlhaus first seen 2026-03-09 15:13:17 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://ov.uqoo.nl/ukc/Adobe.ClientSetup.msi
family connectwise source urlhaus first seen 2026-03-08 19:08:37 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://ovv.uqoo.nl/la/Adobe.ClientSetup.msi
family connectwise source urlhaus first seen 2026-03-08 19:08:26 UTC
VirusTotalurlscanOTXURLhausPulsedive
url
hxxps://dmv.uqoo.nl/a/Adobe.ClientSetup.msi
family connectwise source urlhaus first seen 2026-03-08 19:08:23 UTC
VirusTotalurlscanOTXURLhausPulsedive
Showing 1-100 of 651
Prev 1 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin