ThreatFox IOC Database

You are viewing the ThreatFox database entry for ip:port 104.225.129.185:443.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1782882
IOC: 104.225.129.185:443
IOC Type :ip:port
Threat Type :payload_delivery
Malware: SmartApeSG
Malware alias:HANEYMANEY, ZPHP
Confidence Level : Confidence level is elevated (75%)
Is compromised? : False
ASN:AS395092 SHOCK-1
Country:- US
First seen:2026-04-08 14:54:57 UTC
Last seen:never
UUID:7f602f6d-334b-11f1-9af6-42010aa4000a
Reporter Lenny_3BO
Reward 5 credits from ThreatFox
Tags:ClickFix ShockHosting SmartApeSG
Reference: https://github.com/Lenny-3BO/threat-hunting

Avatar
Lenny_3BO
SmartApeSG HTA + payload delivery server. Hosts prennixo.com. Shock Hosting LLC (AS395092). Serves HTA dropper at /react (curl UA gated) and trojanized AIMP Portable ZIP at //pnpm.