ThreatFox IOC Database

You are viewing the ThreatFox database entry for domain bokphotguest.pro.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1771411
IOC: bokphotguest.pro
IOC Type :domain
Threat Type :botnet_cc
Malware: EtherRAT
Confidence Level : Confidence level is high (100%)
Is compromised? : False
ASN:AS13335 CLOUDFLARENET
Country:- US
First seen:2026-03-19 12:18:03 UTC
Last seen:never
UUID:5d413c40-238c-11f1-9af6-42010aa4000a
Reporter Lenny_3BO
Reward 5 credits from ThreatFox
Tags:blockchain-C2 ClickFix EtherRat Node.js TON

Avatar
Lenny_3BO
EtherRAT-TON variant. ClickFix delivery via PS UA gating. AES-256-CBC encrypted Node.js payload. TON smart contract dead drop resolver via tonapi.io. WebSocket C2 with ECDH secp256k1 handshake + AES-256-CBC session encryption. downloadAndRun + code execution capabilities.