ThreatFox IOC Database

You are viewing the ThreatFox database entry for ip:port 216.173.65.250:443.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1836162
IOC: 216.173.65.250:443
IOC Type :ip:port
Threat Type :botnet_cc
Malware: KV
Confidence Level : Confidence level is elevated (75%)
Is compromised? : False
ASN:AS149440 EVOXTSDNBHD-AS-AP
Country:- MY
First seen:2026-06-23 06:52:00 UTC
Last seen:never
UUID:5aabb6fb-6e82-11f1-9258-42010aa4000a
Reporter Anonymous
Reward 5 credits from ThreatFox
Tags:botnet G1017 JDY recon VoltTyphoon
Reference: https://github.com/yankywilson/jdy-tasking-decryption

Avatar
Anonymous
JDY botnet C2/payload cluster (China-nexus, KV/JDY lineage, Volt Typhoon, MITRE G1017). All share the jdyfj self-signed TLS cert (SHA-256 2b640582bbbffe58c4efb8ab5a0412e95130e70a587fd1e194fbcd4b33d432cf). IPs rotate; 149.248.3.38 is a shared host — scope blocking accordingly. Full enumeration: https://github.com/yankywilson/jdy-tasking-decryption