ThreatFox IOC Database

You are viewing the ThreatFox database entry for ip:port 193.36.38.237:443.

Database Entry

IOC ID:	1767288
IOC:	193.36.38.237:443
IOC Type :	ip:port
Threat Type :	botnet_cc
Malware:	Rhadamanthys
Confidence Level :	Confidence level is elevated (75%)
Is compromised? :	False
ASN:	AS56380 AS-ITFRUIT
Country:	MD
First seen:	2026-03-16 06:33:05 UTC
Last seen:	never
UUID:	760d31f1-20a5-11f1-9af6-42010aa4000a
Reporter	Lenny_3BO
Reward	5 credits from ThreatFox
Tags:	ClickFix infostealer Rhadamanthys
Reference:	https://www.darktrace.com/blog/unpacking-clickfix-darktraces-detection-of-a-prolific-social-engineering-tactic

Lenny_3BO

ClickFix C2 infrastructure from Darktrace. 193.36.38.237 and 188.34.195.44 used for automated data exfiltration with Unix epoch timestamp URIs (/1744205200, /1741714208). 138.199.156.22 blocked by Darktrace Autonomous Response. 87.120.93.98 Rhadamanthys infostealer C2.