ThreatFox IOC Database

You are viewing the ThreatFox database entry for domain pixel.analyticstrack-pzh.click.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1833584
IOC: pixel.analyticstrack-pzh.click
IOC Type :domain
Threat Type :botnet_cc
Malware: HijackLoader
Malware alias:DOILoader, GHOSTPULSE, IDAT Loader, SHADOWLADDER
Confidence Level : Confidence level is elevated (75%)
Is compromised? : False
ASN:AS13335 CLOUDFLARENET
Country:- US
First seen:2026-06-18 07:22:11 UTC
Last seen:never
UUID:5a1af0ee-6a78-11f1-9258-42010aa4000a
Reporter Anonymous
Reward 5 credits from ThreatFox
Tags:Cloudflare cracked-games HijackLoader Prospero renengine telemetry
Reference: https://www.virustotal.com/gui/file/7123e1514b939b165985560057fe3c761440a9fff9783a3b84e861fd2888d4ab

Avatar
Anonymous
RenEngine loader install-tracking/telemetry beacon (GET /?id=&data[hash]= -> HTTP 204). Cloudflare-fronted; backend PROSPERO OOO AS200593 (RU, bulletproof). Affiliate pub tags B_B810_eb4_p6b_57 and B_B810_eb9_p6b_91. Loader SHA256 7123e1514b939b165985560057fe3c761440a9fff9783a3b84e861fd2888d4ab. Final stealer family undetermined (Rhadamanthys and ACR excluded by TTP: payload is .NET via MSBuild, downloaded at runtime).