indicatordomain
models[.]litellm[.]cloud
- First seen
- 2026-05-13
- Last seen
- 2026-05-13
- Sightings
- 3
Posts referencing this indicator
- Your Supply Chain Breach Is Someone Else's Payday
Command and control (C2) infrastructure utilized by TeamPCP for credential exfiltration.
- The Telnyx PyPI Compromise and the 2026 TeamPCP Supply Chain Attacks
C2 domain used by the LiteLLM stealer
- Your AI Gateway Was a Backdoor: Inside the LiteLLM Supply Chain Compromise
Exfiltration C2 domain for the LiteLLM credential harvesting payload.