ThreatFox IOC Database

You are viewing the ThreatFox database entry for domain opfiksotpffff.com.

Database Entry

IOC ID:	1834923
IOC:	opfiksotpffff.com
IOC Type :	domain
Threat Type :	botnet_cc
Malware:	NetSupportManager RAT
Malware alias:	NetSupport
Confidence Level :	Confidence level is high (100%)
Is compromised? :	False
First seen:	2026-06-21 18:27:25 UTC
Last seen:	never
UUID:	2a36b2f6-6d95-11f1-9258-42010aa4000a
Reporter	Justice_Hammer
Reward	5 credits from ThreatFox
Tags:	c2-rotation ClickFix evalusion merry-florist NetSupport single-gateway unc2190

Justice_Hammer

NetSupport RAT C2 rotating domain set — all resolve exclusively to 176.65.144.30:443/1337. GSK keys (per-wave rotation): ZSFDSFF(*SS / SADSADFESETRBEY / &TT8{V_3QR / SDFYDFSGDF%FSDF. Bulletproof hosting: DEDIK AS209413 / DolphinHost AS214717. Registrars: MAT BAO 39% / NICENIC 33% / Metaregistrar BV 12% / Spaceship 9% / GDG 6%. EVALUSION/UNC2190 cluster attribution (medium confidence). Shared RADIUSSecret + cracked licensee DCVTTTUUEEW23 + infra co-location. Caveat: cracked-toolkit artifacts; cluster-level selectivity only. No country attributed.