ThreatFox IOC Database
You are viewing the ThreatFox database entry for ip:port 154.205.157.159:52962.
Database Entry
This IOC expired
This IOC is an old IOC and hence has expired on 2026-06-06 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.
| IOC ID: | 1590748 |
|---|---|
| IOC: | 154.205.157.159:52962 |
| IOC Type : | ip:port |
| Threat Type : | botnet_cc |
| Malware: | Bashlite |
| Malware alias: | gayfgt, Gafgyt, qbot, torlus, lizkebab |
| Confidence Level : | Confidence level is high (100%) |
| Is compromised? : | False |
| ASN: | AS138915 KAOPU-HK |
| Country: |  CN |
| First seen: | 2025-09-16 06:49:05 UTC |
| Last seen: | never |
| UUID: | af5702d5-9279-11f0-bfa6-42010aa4000a |
| Reporter | Anonymous |
| Reward | 5 credits from ThreatFox |
| Tags: | c2 DDoS Gafgyt trojan |
Anonymous
97972e672140c19ec8e8e3473a757d543ee6360780da6e6cd8327a19c857d340090685d700c4f990e0e4049eb0ab602b386e10313799468ba8450748e9b364fb
8438a02e19612d81171a5dd6681dc6816cf841cad31eb4b826e172da2014a6c2
0b23109a5278b7f8aec32b44e4c233f35271b5b09dc1d1dcf93a42ffa0ae2d51
c99284b189ad50ea184e8080f9d1e2a6e2865398eeaae7e3efb5c9afcf9fcfa2
4ee932ad9e97fb8feb7d09baf47058bb0b7e3082b6791ee926b3b83a0ec853fc
c65f83f95df4cb8b8be9bc23820c7d426027973c3f8e49b5ee3f76917d5364d1
bba1677aec264e520eb580b5b8a435d9834cad10efe221298bc850f445f69252
09ed359c22b9770c4adc28f4f267b37fc80a971998b70cb951378e2d7da61468
eaaed6f12dca54b40d74e2d015663c478b1e6b47aa21c41a067c9829997c3fc0
773e18428e608c8f34ddb076d6c2cd30d862d631c9ebbeb513917c97ec994119
282e078a9401e60a10845745a952582d89a0724c3861797a6f3467daf7d7fa09
9198cb65b1be69dfeb1930b1e11b0173a96fc9fad15dbe8d519002292870d329
97972e672140c19ec8e8e3473a757d543ee6360780da6e6cd8327a19c857d340
6e7263084153c16cefab749f55f10b1fdd2ad3b65d59423b75225d866ed0e1a8
use opennic domains with TXT encoded/encrypted records
mineplex.libre
lin.libre