ThreatFox IOC Database

You are viewing the ThreatFox database entry for ip:port 217.69.11.99:4789.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1764206
IOC: 217.69.11.99:4789
IOC Type :ip:port
Threat Type :botnet_cc
Malware: GlassWorm
Confidence Level : Confidence level is high (100%)
Is compromised? : False
ASN:AS20473 AS-VULTR
Country:- US
First seen:2026-03-13 06:14:03 UTC
Last seen:2026-03-13 00:27:32 UTC
UUID:94c13638-1e68-11f1-9af6-42010aa4000a
Reporter tipo_deincognito
Reward 5 credits from ThreatFox
Tags:glassworm infostealer macOS RAT supply-chain Vultr

Avatar
tipo_deincognito
Current GlassWorm C2. Port 80: payload and module delivery (stealer, TCP tunnel proxy). Port 4789: Socket.IO command channel (check_version bot inventory observed live; eval and start_socks/stop_socks capabilities confirmed in code). Active since 2026-02-25. Vultr France (AS20473). Confirmed via DHT config, Solana blockchain memos, and live probing from multiple GCP regions over 57 hours.