ThreatFox IOC Database

You are viewing the ThreatFox database entry for url https://nginx.web-framework-kesh.1398747042169696.cn-shanghai.fc.devsapp.net/reccampportal/HwPortalReccamp.js.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1021040
IOC: https://nginx.web-framework-kesh.1398747042169696.cn-shanghai.fc.devsapp.net/reccampportal/HwPortalReccamp.js
IOC Type :url
Threat Type :botnet_cc
Malware: Cobalt Strike
Malware alias:Agentemis, BEACON, CobaltStrike, cobeacon
Confidence Level : Confidence level is high (100%)
ASN:AS37963 ALIBABA-CN-NET
Country:- CN
First seen:2022-11-20 10:25:33 UTC
Last seen:never
UUID:aa4250d6-68bd-11ed-8c16-42010aa4000a
Reporter drb_ra
Reward 5 credits from ThreatFox
Tags:CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.Ltd. CobaltStrike

Avatar
drb_ra
Cobalt Strike Server Found
C2: HTTPS @ 139[.]196[.]171[.]222:443
C2 Server: nginx[.]web-framework-kesh[.]1398747042169696[.]cn-shanghai[.]fc[.]devsapp[.]net,/reccampportal/HwPortalReccamp[.]js
POST URI: /socRecruitment/HwPortalRecmng[.]js
Country: China
ASN: CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd.