ThreatFox IOC Database

You are viewing the ThreatFox database entry for url https://iopv.net/init.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1780083
IOC: https://iopv.net/init
IOC Type :url
Threat Type :payload_delivery
Malware: Unknown malware
Confidence Level : Confidence level is high (100%)
Is compromised? : False
ASN:AS205775 neoncorenetworks
Country:- US
First seen:2026-04-01 11:25:59 UTC
Last seen:never
UUID:8f2c5aed-2dbd-11f1-9af6-42010aa4000a
Reporter HuntYethHounds
Reward 5 credits from ThreatFox
Tags:ClickFix User-Agent Check

Avatar
HuntYethHounds
The HTTP GET request must have a User-Agent containing the string powershell. If this is absent then the server will respond with another Base64 encoded script containing multiple decimal and hexadecimal XOR encoded strings. This script is intended to confuse and waste analyst time containing within it the URL for Raphire - Win11Debloat.