ThreatFox IOC Database

You are viewing the ThreatFox database entry for ip:port 151.243.113.57:443.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1824189
IOC: 151.243.113.57:443
IOC Type :ip:port
Threat Type :payload_delivery
Malware: Unknown Stealer
Confidence Level : Confidence level is high (100%)
Is compromised? : False
ASN:AS207043 DEDIK-IO
First seen:2026-06-07 07:23:08 UTC
Last seen:never
UUID:8d4fc505-6214-11f1-a345-42010aa4000a
Reporter miikie
Reward 5 credits from ThreatFox
Reference: https://otx.alienvault.com/pulse/6a23c8bd4940266d4f3ae8dd

Avatar
miikie
Browser infostealer delivered via fake Warframe "cheat" on GitHub. CMSTP-lineage loader (Latest_Build.exe) side-loads cmutil.dll, which resolves C2 from a Steam Community profile dead-drop (domain in display-name field) and fetches /api/config. Network UA: SystemInfo Client/1.0. Linked to WallStealer by ET signature + shared C2 (bantamoro.icu) with a Themida-packed EXE variant.