ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://217.69.11.99/module/wrtc.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1764209
IOC: http://217.69.11.99/module/wrtc
IOC Type :url
Threat Type :payload_delivery
Malware: GlassWorm
Confidence Level : Confidence level is high (95%)
Is compromised? : False
ASN:AS20473 AS-VULTR
Country:- US
First seen:2026-03-13 06:14:02 UTC
Last seen:never
UUID:95aa4562-1e68-11f1-9af6-42010aa4000a
Reporter tipo_deincognito
Reward 5 credits from ThreatFox
Tags:glassworm macOS proxy tcp-tunnel

Avatar
tipo_deincognito
GlassWorm TCP tunnel proxy module delivery URL. ~700 lines Node.js with custom binary protocol (37-byte headers). Operator toggles availability (500 when disabled, 200 with module when enabled). Endpoint name suggests earlier WebRTC use but captured module is pure TCP tunnel with no WebRTC dependency. Captured during live monitoring.