ThreatFox IOC Database
You are viewing the ThreatFox database entry for domain kingshakes1.linkpc.net.
Database Entry
This IOC expired
This IOC is an old IOC and hence has expired on 2026-06-04 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.
| IOC ID: | 536579 |
|---|---|
| IOC: | kingshakes1.linkpc.net |
| IOC Type : | domain |
| Threat Type : | botnet_cc |
| Malware: | NetWire RC |
| Malware alias: | NetWeird, NetWire, Recam |
| Confidence Level : | Confidence level is high (100%) |
| Is compromised? : | False |
| ASN: | AS29465 VCG-AS |
| Country: |  NG |
| First seen: | 2022-04-27 06:00:18 UTC |
| Last seen: | 2022-07-27 14:44:05 UTC |
| UUID: | 510b9b53-c5ef-11ec-bfce-42010aa4000a |
| Reporter |  AndreGironda |
| Reward | 5 credits from ThreatFox |
| Tags: | NetWire |
| Reference: | https://tria.ge/220427-gezt3acheq |
AndreGironda
MITRE T1566.002Date: Tue, 26 Apr 2022 22:30-23:00 +0100
Received: from [172.20.10.8] ([134.19.179.243]) by fwd72.t-online.de
Content-Type: multipart/alternative; boundary="===============1704944963=="
MIME-Version: 1.0
Subject: Flight Availability Request - Urgent
To: Recipients <tadic@t-online.de>
From: "Charter" <martin.staedler@t-online.de>
Reply-To: ronhsouthlandstructural@aol.com
Message-ID: <1njSn1-3nu2LM0@fwd72.t-online.de>
X-TOI-EXPURGATEID: 150726::1651008738-0000B7AB-2D1C8F58/10/27652804830 SUSPECT URL
X-TOI-MSGID: 9b37b0dd-c8d5-4ce0-a675-015adb1813be
Return-Path: martin.staedler@t-online.de
Message Body URL: hXXps://cdn.discordapp[.]com/attachments/932634991513468961/968566759856668692/Flight_Travel_Intinery_Details.js
JScript SHA256: 5f4bbe855651ea0417c10f470c010eb86a8eae4ac3b1569bcfaaac4eab648c9f
Netwire Executable SHA256: 098395dd13565519cc7f1804f4b3337a47f65aff3281f9f429b1337fa8876a3b