ThreatFox IOC Database

You are viewing the ThreatFox database entry for ip:port 95.216.2.96:33816.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1744116
IOC: 95.216.2.96:33816
IOC Type :ip:port
Threat Type :botnet_cc
Malware: RedLine Stealer
Malware alias:RECORDSTEALER
Confidence Level : Confidence level is elevated (75%)
Is compromised? : False
ASN:AS24940 HETZNER-AS
Country:- DE
First seen:2026-02-09 19:21:30 UTC
Last seen:2026-02-10 00:47:57 UTC
UUID:89de18b2-05ec-11f1-a068-42010aa4000a
Reporter abuse_ch
Reward 10 credits from miguelmiralles
Tags:RedLine
Reference: https://bazaar.abuse.ch/sample/4644d296b810ceeb381f5d28cf9f5fb2cefde13e5446b6cd0bdd81949f2dba91/

Avatar
abuse_ch
redline (aka RECORDSTEALER) botnet C2

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)SHA256 hashBazaar
2026-02-10 02:30:13 7dce26dea5fe8cfee7d161ce30d45f009d4d10978b3a11942aa2344a3abe15d7
2026-02-09 20:00:08 4644d296b810ceeb381f5d28cf9f5fb2cefde13e5446b6cd0bdd81949f2dba91