ThreatFox IOC Database

You are viewing the ThreatFox database entry for ip:port 216.250.253.99:2478.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1608892
IOC: 216.250.253.99:2478
IOC Type :ip:port
Threat Type :botnet_cc
Malware: XWorm
Confidence Level : Confidence level is high (100%)
ASN:AS396073 MAJESTIC-HOSTING-01
Country:- US
First seen:2025-10-07 18:00:56 UTC
Last seen:2025-10-14 14:34:10 UTC
UUID:92d76f8f-a3a7-11f0-894e-42010aa4000a
Reporter DonPasci
Reward 10 credits from netresec
10 credits from akanine1337
10 credits from Saber
Tags:AS396073 c2 triage XWorm
Reference: https://tria.ge/251007-rgxslatshw

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)SHA256 hashBazaar
2025-10-08 12:45:19 169d87b4ec1fca136e4738b4a9a94210a605b8d4d39e4cf7288b34024c604288
2025-10-07 18:05:15 a02f741d30e33d72c6fdecf0ae1fafa2c44bfd40987a9480c2a11d8f5cd058d4