ThreatFox IOC Database

You are viewing the ThreatFox database entry for ip:port 91.199.163.124:8888.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1780266
IOC: 91.199.163.124:8888
IOC Type :ip:port
Threat Type :botnet_cc
Malware: HijackLoader
Malware alias:DOILoader, GHOSTPULSE, IDAT Loader, SHADOWLADDER
Confidence Level : Confidence level is elevated (75%)
Is compromised? : False
ASN:AS209272 AS-ALVIVA
Country:- SC
First seen:2026-04-02 06:23:42 UTC
Last seen:never
UUID:709183dc-2e20-11f1-9af6-42010aa4000a
Reporter Lenny_3BO
Reward 5 credits from ThreatFox

Avatar
Lenny_3BO
HijackLoader C2 panel (AutoVault MaaS framework). React frontend + PHP 8.4.5 backend on port 8888. Favicon MMH3: 2086204293. JS bundle: main.3bc2c05e.js (SHA256: 9f10630ab4ce4d21936282ea7832f5bec4a0f41aa0a3912b43aa9bca6041e46d). VT communicating files include Rugmi/Penguish/Androm samples. Ref: Lenny-3BO hunt.