ThreatFox IOC Database

You are viewing the ThreatFox database entry for url https://pastebin.com/raw/0RmxqY57.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1799727
IOC: https://pastebin.com/raw/0RmxqY57
IOC Type :url
Threat Type :botnet_cc
Malware: Unknown malware
Confidence Level : Confidence level is moderate (49%)
Is compromised? : False
ASN:AS13335 CLOUDFLARENET
Country:- US
First seen:2026-04-25 14:40:51 UTC
Last seen:2026-04-24 19:43:44 UTC
UUID:e4b89e0c-4015-11f1-8759-42010aa4000a
Reporter johannes
Reward 5 credits from ThreatFox
Tags:agenteV2
Reference: https://any.run/cybersecurity-blog/brazilian-banking-phishing-campaign/

Avatar
johannes
Dead-drop resolver contains plaintext IP:port, from the ANY.RUN’s Cybersecurity Blog report "Inside agenteV2: How Brazilian Attackers Use Fake Court Summons to Steal Banking Credentials in Real Time". See all IOC from that report at https://rosti.dev/reports/OEXtCnfC