indicatorurl
hxxp://83[.]142[.]209[.]203:8080/ringtone.wav
- First seen
- 2026-05-13
- Last seen
- 2026-05-13
- Sightings
- 2
Posts referencing this indicator
- TeamPCP Compromises Telnyx Python SDK to Deliver Credential-Stealing Malware
Endpoint serving the Linux/macOS second-stage payload (Python harvester script embedded in WAV audio frames).
- TeamPCP’s Telnyx Attack Marks a Shift in Tactics Beyond LiteLLM
URL hosting the Linux/macOS payload hidden via WAV steganography.