ThreatFox IOC Database

You are viewing the ThreatFox database entry for ip:port 108.181.161.143:1912.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1627945
IOC: 108.181.161.143:1912
IOC Type :ip:port
Threat Type :botnet_cc
Malware: RedLine Stealer
Malware alias:RECORDSTEALER
Confidence Level : Confidence level is high (100%)
ASN:AS40676 AS40676
Country:- US
First seen:2025-10-28 06:01:49 UTC
Last seen:2025-10-28 09:00:05 UTC
UUID:97fcd2e6-b3c3-11f0-894e-42010aa4000a
Reporter DonPasci
Reward 10 credits from ujin
Tags:AS40676 c2 RedLine RedLineStealer stealer triage
Reference: https://tria.ge/251028-fnlhcsvjfx

Avatar
DonPasci
5DFFE07A7ECD269BADAEB5623D7D5591

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)SHA256 hashBazaar
2025-10-28 21:30:12 8a2fecb22aeb3adcce1348ebf450f1b0d1f86ab3990ae1797dbf3bdf769c0296
2025-10-28 19:10:13 882d402a462b05dd11f46dd4792560b085dbf5b07d39f815c03b5df7c3723e31