ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://217.69.0.159/dq1IMEteQ4AbO3daeYGXZw%3D%3D.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1765427
IOC: http://217.69.0.159/dq1IMEteQ4AbO3daeYGXZw%3D%3D
IOC Type :url
Threat Type :payload_delivery
Malware: GlassWorm
Confidence Level : Confidence level is high (100%)
Is compromised? : False
ASN:AS20473 AS-VULTR
Country:- US
First seen:2026-03-13 16:20:40 UTC
Last seen:never
UUID:6aa551c9-1ee1-11f1-9af6-42010aa4000a
Reporter tipo_deincognito
Reward 5 credits from ThreatFox
Tags:glassworm infostealer kill-switch macOS
Reference: https://gist.github.com/tip-o-deincognito/d0d05e148e87a515f534b5a8e9ed3b36

Avatar
tipo_deincognito
Latest GlassWorm payload URL. Port 80 now live, serving kill switch (process.exit(0), 20 bytes base64). Third payload path rotation on this server in 3.5 hours. Previous path already deactivated. Solana memo tx at 2026-03-13T12:57:05Z.