ThreatFox IOC Database

You are viewing the ThreatFox database entry for url https://devilxclusive.lol/api_config.php.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1796280
IOC: https://devilxclusive.lol/api_config.php
IOC Type :url
Threat Type :botnet_cc
Malware: Unknown malware
Confidence Level : Confidence level is high (100%)
Is compromised? : False
ASN:AS24940 HETZNER-AS
Country:- DE
First seen:2026-04-23 05:22:07 UTC
Last seen:never
UUID:918cb2d0-3e83-11f1-8759-42010aa4000a
Reporter Cachuco
Reward 5 credits from ThreatFox
Reference: https://www.virustotal.com/gui/file/e494ce6af136876cba1adfe3f9d6e151f1dcf9a38059897cfb509e30e12b8c7b/detection

Avatar
Cachuco
Family: NGate / NFCGate-derived Android NFC-relay banker (Spain fork, internal designation NGate-ES-2026-04).
Library libucjnet.so exports NFCGate JNI symbols verbatim. Victim: Kutxabank customer (ES). Multi-target via C2 branding.
Reference: https://www.virustotal.com/gui/file/e494ce6af136876cba1adfe3f9d6e151f1dcf9a38059897cfb509e30e12b8c7b/detection
<YARA rule link in repo future>.