ThreatFox IOC Database
You are viewing the ThreatFox database entry for domain impresa.pub.
Database Entry
| IOC ID: | 1837044 |
|---|---|
| IOC: | impresa.pub |
| IOC Type : | domain |
| Threat Type : | payload_delivery |
| Malware: | Backdoorit |
| Malware alias: | backd00rit |
| Confidence Level : | Confidence level is high (100%) |
| Is compromised? : | False |
| ASN: | AS13335 CLOUDFLARENET |
| Country: |  US |
| First seen: | 2026-06-25 03:13:35 UTC |
| Last seen: | never |
| UUID: | 1a75d023-6fee-11f1-97fa-42010aa4000a |
| Reporter | Anonymous |
| Reward | 5 credits from ThreatFox |
| Tags: | backdoor |
Anonymous
impresa.pub is a malicious CS:GO cheat/mod menu distribution platform operating as a front for malware distribution via backdoored cheat software. The platform charges premium/extreme prices for what are presented as CS:GO cheats but are confirmed backdoored executables, giving threat actors persistent remote access to victim systems.Confirmed violations include:Backdoored cheat software — mod menus sold at premium prices contain hidden backdoors granting remote access to buyer systems
Trojan/RAT distribution — executables confirmed to contain remote access trojans disguised as legitimate game cheats
Financial fraud — charging extreme prices for software that is simultaneously stealing from and compromising the buyer
Credential theft — stealer components harvest Steam credentials, browser data, crypto wallets, and system information
Targeted attack vector — specifically targets the gaming community (CS:GO players) who commonly disable AV to run cheats, maximizing infection success rate
No abuse contact, no ownership transparency, no refund policy
Multiple victim witnesses confirmed
The platform exploits the gaming community's trust and AV-disabling behavior to maximize stealer/RAT deployment at scale.Recommended action: Immediate domain suspension, hosting termination, payment processor termination, and law enforcement referral.