ThreatFox IOC Database

You are viewing the ThreatFox database entry for ip:port 179.43.139.10:8888.

Database Entry

IOC ID:	1780260
IOC:	179.43.139.10:8888
IOC Type :	ip:port
Threat Type :	botnet_cc
Malware:	HijackLoader
Malware alias:	DOILoader, GHOSTPULSE, IDAT Loader, SHADOWLADDER
Confidence Level :	Confidence level is elevated (75%)
Is compromised? :	False
ASN:	AS51852 PLI-AS
Country:	PA
First seen:	2026-04-02 06:23:44 UTC
Last seen:	2026-05-06 02:35:13 UTC
UUID:	6e596b3c-2e20-11f1-9af6-42010aa4000a
Reporter	Lenny_3BO
Reward	5 credits from ThreatFox

Lenny_3BO

HijackLoader C2 panel (AutoVault MaaS framework). React frontend + PHP 8.4.5 backend on port 8888. Favicon MMH3: 2086204293. JS bundle: main.3bc2c05e.js (SHA256: 9f10630ab4ce4d21936282ea7832f5bec4a0f41aa0a3912b43aa9bca6041e46d). VT communicating files include Rugmi/Penguish/Androm samples. Ref: Lenny-3BO hunt.