ThreatFox IOC Database

You are viewing the ThreatFox database entry for ip:port 43.160.241.151:443.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1786822
IOC: 43.160.241.151:443
IOC Type :ip:port
Threat Type :botnet_cc
Malware: Unknown Webinject
Confidence Level : Confidence level is high (100%)
Is compromised? : False
ASN:AS132203 TENCENT-NET-AP-CN
Country:- CN
First seen:2026-04-14 10:39:22 UTC
Last seen:never
UUID:c96d432e-37e7-11f1-8759-42010aa4000a
Reporter HuntTeam
Reward 5 credits from ThreatFox
Tags:banking FastAPI Jwr phishing-as-a-service tianka
Reference: https://www.abuseipdb.com/check/43.160.241.151

Avatar
HuntTeam
Active phishing-as-a-service backend hosting 39 brand-impersonation domains targeting AU/NZ/UK/CA bank customers. FastAPI/OpenResty backend. AES-CTR encrypted API + WebSocket C2 at /com/webSocket/QT/. 100 paid victims observed.