ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://91.92.240.117/privateRequest/AuthlongpollWindows/dumpPhpuploadsBetter/WordpresstemporaryWordpressDump/Centraltemp/PipelineBigload/1Pipesql/poll/8TestMariadbsql/downloads/vmjavascript_GeoUpdateMultiGeneratortrafficprivateDownloads.php.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1779168
IOC: http://91.92.240.117/privateRequest/AuthlongpollWindows/dumpPhpuploadsBetter/WordpresstemporaryWordpressDump/Centraltemp/PipelineBigload/1Pipesql/poll/8TestMariadbsql/downloads/vmjavascript_GeoUpdateMultiGeneratortrafficprivateDownloads.php
IOC Type :url
Threat Type :botnet_cc
Malware: DCRat
Malware alias:DarkCrystal RAT
Confidence Level : Confidence level is high (100%)
Is compromised? : False
ASN:AS202412 OMEGATECH-AS
Country:- GB
First seen:2026-03-30 18:39:04 UTC
Last seen:never
UUID:e4fb5aa1-2c62-11f1-9af6-42010aa4000a
Reporter Lenny_3BO
Reward 5 credits from ThreatFox
Tags:ClickFix dcrat Omegatech
Reference: https://www.virustotal.com/gui/file/6de95d766775a84a6683ffb116160078ca7c5a75a552cd79b748b652d151c222

Avatar
Lenny_3BO
DCRat C2 POST endpoint. Obfuscated PHP path with randomized directory names. Extracted from process memory dump during dynamic analysis.