ThreatFox IOC Database

You are viewing the ThreatFox database entry for domain igotnofriendsonlineorirl-imgonnakmslmao.skyhanni.cloud.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1800005
IOC: igotnofriendsonlineorirl-imgonnakmslmao.skyhanni.cloud
IOC Type :domain
Threat Type :botnet_cc
Malware: Unknown malware
Confidence Level : Confidence level is moderate (49%)
Is compromised? : False
ASN:AS13335 CLOUDFLARENET
Country:- US
First seen:2026-04-25 14:39:39 UTC
Last seen:never
UUID:f929e370-40a8-11f1-8759-42010aa4000a
Reporter johannes
Reward 5 credits from ThreatFox
Tags:DoubleFantasy Gibberish LiteLLM payload teampcp telnyx
Reference: https://www.stepsecurity.io/blog/elementary-data-compromised-on-pypi-and-ghcr-forged-release-pushed-via-github-actions-script-injection

Avatar
johannes
exfiltration domain, from the Step Security report "elementary-data Compromised on PyPI and GHCR: Forged Release Pushed via GitHub Actions Script Injection". See all IOC from that report at https://rosti.dev/reports/7Q9kjJW2