ThreatFox IOC Database
You are viewing the ThreatFox database entry for ip:port 176.111.174.140:80.
Database Entry
This IOC expired
This IOC is an old IOC and hence has expired on 2026-06-15 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.
| IOC ID: | 1337250 |
|---|---|
| IOC: | 176.111.174.140:80 |
| IOC Type : | ip:port |
| Threat Type : | botnet_cc |
| Malware: | Amadey |
| Confidence Level : | Confidence level is high (100%) |
| Is compromised? : | False |
| ASN: | AS57523 changway-as |
| Country: |  HK |
| First seen: | 2024-10-17 17:22:00 UTC |
| Last seen: | 2024-11-15 23:48:10 UTC |
| UUID: | 8f7d4097-8ca7-11ef-a42e-42010aa4000a |
| Reporter |  Riordz |
| Reward | 5 credits from ThreatFox |
| Tags: | Amadey exe opendir stealer |
Riordz
http://176.111.174.140/s.exehttp://176.111.174.140/t9bdjZsL2/index.php
http://176.111.174.140/api/loader.bin
http://176.111.174.140/ywx.exe
http://176.111.174.140/srfhvc.exe
http://176.111.174.140/api/bot64.bin
Config:
"C2": "176.111.174.140",
"URL": "http://176.111.174.140/t9bdjZsL2/index.php",
"Version": "5.03",
"Options": {
"Drop directory": "87d87ee084",
"Drop name": "Gxtuum.exe"
},