DBeaver malvertising campaign (12-23-2025)
- Description: Malicious Google Search ad for DBeaver
- Severity: Medium
- Reporter: Jérôme Segura
- Reported to Google: 12/23/2025
Google Search Ad
Traffic view
Decoy page
Payload
IOCs
| Cloaking domain | hxxps[://]soccerfamily[.]net/ |
| Decoy wbesite | hxxps[://]dbeaverap[.]com/ |
| Tracker | hxxps[://]adexload[.]com/track[.]php |
| Token generation for unique link | hxxps[://]adexload[.]com/get_token[.]php |
| Payload URL | hxxps[://]ipadvanced[.]s3[.]us-east-005[.]backblazeb2[.]com/applist/dbeaver-ce-25.3.0-x86_64-setup.msi |
| Payload SHA256 | c8a2bde264c1898a38ef5fb2a5bff198c5c2908ec7a4ea66b59681ab9bf82f46 |