ThreatFox IOC Database

You are viewing the ThreatFox database entry for ip:port 91.92.240.117:80.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1779167
IOC: 91.92.240.117:80
IOC Type :ip:port
Threat Type :botnet_cc
Malware: DCRat
Malware alias:DarkCrystal RAT
Confidence Level : Confidence level is high (100%)
Is compromised? : False
ASN:AS202412 OMEGATECH-AS
Country:- GB
First seen:2026-03-30 18:39:05 UTC
Last seen:never
UUID:de4c1dd2-2c62-11f1-9af6-42010aa4000a
Reporter Lenny_3BO
Reward 5 credits from ThreatFox
Tags:bulletproof ClickFix dcrat Omegatech
Reference: https://www.virustotal.com/gui/file/6de95d766775a84a6683ffb116160078ca7c5a75a552cd79b748b652d151c222

Avatar
Lenny_3BO
DCRat C2 on OMEGATECH AS202412 bulletproof hosting. Apache 2.4.66 Debian. Self-signed cert CN=njord1.us. Also hosts 35+ Apple iCloud/Find My phishing domains targeting LATAM and Turkey. ClickFix IRM|IEX delivery.