ThreatFox IOC Database
You are viewing the ThreatFox database entry for domain m.daga-sv368.com.
Database Entry
| IOC ID: | 1775422 |
|---|---|
| IOC: | m.daga-sv368.com |
| IOC Type : | domain |
| Threat Type : | botnet_cc |
| Malware: | RedLine Stealer |
| Malware alias: | RECORDSTEALER |
| Confidence Level : | Confidence level is high (100%) |
| Is compromised? : | False |
| ASN: | AS13335 CLOUDFLARENET |
| Country: |  US |
| First seen: | 2026-03-25 12:55:54 UTC |
| Last seen: | 2026-03-25 12:08:56 UTC |
| UUID: | 2d70c582-282b-11f1-9af6-42010aa4000a |
| Reporter | Anonymous |
| Reward | 5 credits from ThreatFox |
| Tags: | access c2 malware torjan virus |
| Reference: | https://www.virustotal.com/gui/file/88b52641be4fc2a170ff72f47c6fb8f67ccd64a30f8f68b9c3e07869359bd9a4/relations |
Anonymous
I am formally reporting the domain daga-sv368.com for severe violations. This domain is functioning as an active Command & Control (C2) infrastructure for highly malicious payloads, specifically RedLine Stealer and Cobalt Strike Beacons.Technical Evidence:
Automated sandbox analysis (Tria.ge and VirusTotal) confirms that this domain is used to exfiltrate stolen credentials, session cookies, and cryptocurrency wallets from infected Windows machines. The network traffic patterns show persistent heartbeat signals (beacons) to this host.
Verification Links:
VirusTotal: https://www.virustotal.com/gui/file/88b52641be4fc2a170ff72f47c6fb8f67ccd64a30f8f68b9c3e07869359bd9a4/relations
Triage (Malware Sandbox): https://tria.ge/260325-k5dajacx5z/static1
Threat Type: Botnet C2 / Credential Theft
Hosting such malicious infrastructure poses a direct threat to global cybersecurity. I request an immediate suspension of this domain to prevent further data exfiltration. Failure to act may result in this domain being escalated to global blocklists like Spamhaus and Google Safe Browsing.
Regards,