ThreatFox IOC Database

You are viewing the ThreatFox database entry for ip:port 85.137.52.21:80.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1832411
IOC: 85.137.52.21:80
IOC Type :ip:port
Threat Type :botnet_cc
Malware: Stealc
Confidence Level : Confidence level is high (80%)
Is compromised? : False
ASN:AS43641 Sollutium-NL
Country:- PL
First seen:2026-06-15 16:29:24 UTC
Last seen:never
UUID:73823e35-68d5-11f1-9258-42010aa4000a
Reporter techjoe
Reward 5 credits from ThreatFox
Tags:etherhiding FakeGit LuaJIT Polygon SmartLoader
Reference: https://www.derp.ca/research/fakegit-luajit-github-campaign/

Avatar
techjoe
FakeGit/SmartLoader LuaJIT loader -> StealC. C2 resolved at runtime from Polygon dead-drop contract 0x1823A9a0Ec8e0C25dD957D0841e3D41a4474bAdc (getData/0x3bc5de30). Lure github.com/navd-ctrl/facebook-marketplace-scraper. Current on-chain rotation value, absent from prior public reports.