ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://45.153.34.212:8181/.rupemnasa/.config4.json.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1815850
IOC: http://45.153.34.212:8181/.rupemnasa/.config4.json
IOC Type :url
Threat Type :payload_delivery
Malware: XMRIG
Confidence Level : Confidence level is high (90%)
Is compromised? : False
ASN:AS51396 PFCLOUD
Country:- DE
First seen:2026-05-18 08:03:10 UTC
Last seen:never
UUID:8ac422f5-528f-11f1-b930-42010aa4000a
Reporter nullblue67
Reward 5 credits from ThreatFox
Tags:docker-exploit monero romanian-operator xmrig

Avatar
nullblue67
Romanian-operator XMRig dropper infrastructure. Captured 2026-05-18 via Docker honeypot (containers exec exploit). Romanian language identifiers in payload (nenea, pisamsystemu, muiecoaie). Discord webhook C2 for install reporting embedded in dropper script.