ThreatFox IOC Database

You are viewing the ThreatFox database entry for ip:port 91.84.123.231:8888.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1780267
IOC: 91.84.123.231:8888
IOC Type :ip:port
Threat Type :botnet_cc
Malware: HijackLoader
Malware alias:DOILoader, GHOSTPULSE, IDAT Loader, SHADOWLADDER
Confidence Level : Confidence level is elevated (75%)
Is compromised? : False
ASN:AS216071 VDSINA
Country:- AE
First seen:2026-04-02 06:23:42 UTC
Last seen:2026-05-06 02:35:14 UTC
UUID:70971f88-2e20-11f1-9af6-42010aa4000a
Reporter Lenny_3BO
Reward 5 credits from ThreatFox

Avatar
Lenny_3BO
HijackLoader C2 panel (AutoVault MaaS framework). React frontend + PHP 8.4.5 backend on port 8888. Favicon MMH3: 2086204293. JS bundle: main.3bc2c05e.js (SHA256: 9f10630ab4ce4d21936282ea7832f5bec4a0f41aa0a3912b43aa9bca6041e46d). VT communicating files include Rugmi/Penguish/Androm samples. Ref: Lenny-3BO hunt.