ThreatFox IOC Database

You are viewing the ThreatFox database entry for ip:port 138.199.156.22:443.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1767290
IOC: 138.199.156.22:443
IOC Type :ip:port
Threat Type :botnet_cc
Malware: Rhadamanthys
Confidence Level : Confidence level is elevated (75%)
Is compromised? : False
ASN:AS24940 HETZNER-AS
Country:- DE
First seen:2026-03-16 06:33:02 UTC
Last seen:never
UUID:7624d2ba-20a5-11f1-9af6-42010aa4000a
Reporter Lenny_3BO
Reward 5 credits from ThreatFox
Tags:ClickFix infostealer Rhadamanthys
Reference: https://www.darktrace.com/blog/unpacking-clickfix-darktraces-detection-of-a-prolific-social-engineering-tactic

Avatar
Lenny_3BO
ClickFix C2 infrastructure from Darktrace. 193.36.38.237 and 188.34.195.44 used for automated data exfiltration with Unix epoch timestamp URIs (/1744205200, /1741714208). 138.199.156.22 blocked by Darktrace Autonomous Response. 87.120.93.98 Rhadamanthys infostealer C2.