ThreatFox IOC Database

You are viewing the ThreatFox database entry for url https://discord.com/api/webhooks/960954050583613549/YAkGomn5eYtrPChuOPz87pIkS7WK2XpB5Y3ozZQXaAho2VCBN99g7k9oqSAPJ9Ji7bTr.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1779757
IOC: https://discord.com/api/webhooks/960954050583613549/YAkGomn5eYtrPChuOPz87pIkS7WK2XpB5Y3ozZQXaAho2VCBN99g7k9oqSAPJ9Ji7bTr
IOC Type :url
Threat Type :botnet_cc
Malware: Unknown malware
Confidence Level : Confidence level is high (100%)
Is compromised? : False
ASN:AS13335 CLOUDFLARENET
Country:- US
First seen:2026-04-01 05:01:36 UTC
Last seen:never
UUID:0097d248-2d3d-11f1-9af6-42010aa4000a
Reporter isaac1
Reward 5 credits from ThreatFox
Tags:botnet discord-c2

Avatar
isaac1
Discord C2 webhook extracted via static strings analysis from ELF botnet sample (SHA256: 94f2e4d8d4436874785cd14e6e6d403507b8750852f7f2040352069a75da4c00). Sample captured via Cowrie SSH honeypot, disguised as sshd, deployed alongside mdrfckr SSH backdoor key. Webhook confirmed inactive as of 31/03/2026.