ThreatFox IOC Database

You are viewing the ThreatFox database entry for ip:port 195.50.242.110:8080.

Database Entry

This IOC expired

This IOC is an old IOC and hence has expired on 2026-06-06 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.

IOC ID:	1291420
IOC:	195.50.242.110:8080
IOC Type :	ip:port
Threat Type :	botnet_cc
Malware:	HOTCROISSANT
Confidence Level :	Confidence level is moderate (49%)
Is compromised? :	False
ASN:	AS3249 ESTPAK
Country:	EE
First seen:	2024-07-01 10:39:08 UTC
Last seen:	2024-11-29 15:59:22 UTC
UUID:	12ed91b1-3794-11ef-8261-42010aa4000a
Reporter	johannes
Reward	5 credits from ThreatFox
Tags:	Rifdoor
Reference:	https://asec.ahnlab.com/en/67558/

johannes

C&C Server Addresses / HotCroissant, from the AhnLab Security Intelligence Center report "Xctdoor Malware Used in Attacks Against Korean Companies (Andariel)". See all IOC from that report at https://rosti.bin.re/reports/x3JL7Bzy