ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://194.238.26.34:8880/r8x4k2m9/stager_linux_amd64.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1825827
IOC: http://194.238.26.34:8880/r8x4k2m9/stager_linux_amd64
IOC Type :url
Threat Type :payload_delivery
Malware: XMRIG
Confidence Level : Confidence level is high (85%)
Is compromised? : False
ASN:AS40021 CONTABO-40021
Country:- DE
First seen:2026-06-10 09:10:17 UTC
Last seen:never
UUID:60589e14-64ab-11f1-a345-42010aa4000a
Reporter nullblue67
Reward 5 credits from ThreatFox
Tags:boyzee stager TeamTNT
Reference: https://twitter.com/NullBlue67

Avatar
nullblue67
Boyzee TeamTNT stager host; Redis cron 87.249.134.4 fetches stager to /tmp/.sys with Phoenix C2. 2026-06-10 NullBlue67