brk1 - AbuseIPDB User Profile

JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

User brk1 joined AbuseIPDB in July 2025 and has reported 1 IP addresses.

Standing (weight) is good.

INACTIVE USER

IP	Date	Comment	Categories
🇻🇳 103.209.61.108	16 Apr 2026	This IP was observed as active C2 infrastructure for a PySteal infostealer (Troj/PySteal-BT) infecti ... show more This IP was observed as active C2 infrastructure for a PySteal infostealer (Troj/PySteal-BT) infection on a Windows endpoint. Two python.exe processes originating from a malicious dropper staged in AppData established persistent outbound connections to 103.209.61.108:56001. The malware was delivered via obfuscated batch file launchers using environment variable substitution to evade AV. The payload (python.txt, SHA256: d3bb9ce36b89f8a2e5a1b916b3273e7f6fc21f918eab2d0b098171ea99a03e20) was confirmed malicious by Sophos, ESET-NOD32, ZoneAlarm, and Google on VirusTotal (4/16). Shodan shows open ports 135, 445, 5985 (WinRM) on this IP consistent with a compromised Windows VPS used as C2. show less	Hacking Exploited Host