ThreatFox IOC Database

You are viewing the ThreatFox database entry for url https://dapala.net/95126aeb-4120-56b1-8c9e-63fdf0c0b6f9/v3.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1783923
IOC: https://dapala.net/95126aeb-4120-56b1-8c9e-63fdf0c0b6f9/v3
IOC Type :url
Threat Type :payload_delivery
Malware: IClickFix
Confidence Level : Confidence level is high (90%)
Is compromised? : False
ASN:AS62904 AS62904
Country:- US
First seen:2026-04-11 07:06:00 UTC
Last seen:never
UUID:d6f40c04-34fb-11f1-9af6-42010aa4000a
Reporter Lenny_3BO
Reward 5 credits from ThreatFox
Tags:CastleLoader ClickFix shellcode

Avatar
Lenny_3BO
Stage 3 encrypted CastleLoader delivery. 292KB blob, RC4+XOR encrypted. Renamed from v3AB. Six Python stager variants (scr1-scr6) at same UUID path.