ThreatFox IOC Database

You are viewing the ThreatFox database entry for ip:port 47.238.239.22:443.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1582216
IOC: 47.238.239.22:443
IOC Type :ip:port
Threat Type :botnet_cc
Malware: Cobalt Strike
Malware alias:Agentemis, BEACON, CobaltStrike, cobeacon
Confidence Level : Confidence level is high (100%)
ASN:AS45102 ALIBABA-CN-NET
Country:- CN
First seen:2025-09-05 08:00:52 UTC
Last seen:2025-10-18 17:50:49 UTC
UUID:717fd214-8a2e-11f0-bfa6-42010aa4000a
Reporter DonPasci
Reward 10 credits from anonymous
Tags:ALIBABA-CN-NET AS45102 c2 censys CobaltStrike cs-watermark-987654321
Reference: https://search.censys.io/hosts/47.238.239.22

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)SHA256 hashBazaar
2025-09-12 09:50:11 55a914e23ef743c5dd3b052f3a9ef17a3817e31a138972cf28878d4fc5c69e94
2025-09-12 09:45:14 7d9a831dc5c66eb1df2cfa737c5a452b6dcc150c38f1036a2941db6105f3e612
2025-09-12 09:45:12 bc66f2d5329a171291bfd55b5447f97b631c825e5119fe28983c7c3f745d9859