ThreatFox IOC Database

You are viewing the ThreatFox database entry for ip:port 220.154.3.197:9003.

Database Entry


IOC ID:1843418
IOC: 220.154.3.197:9003
IOC Type :ip:port
Threat Type :botnet_cc
Malware: Unknown malware
Confidence Level : Confidence level is elevated (75%)
Is compromised? : False
ASN:AS141679 CHINATELECOM-IDC-BTHBD-AP
Country:- CN
First seen:2026-07-02 11:44:21 UTC
Last seen:never
UUID:9a370a34-75ec-11f1-97fa-42010aa4000a
Reporter navneeet
Reward 5 credits from ThreatFox
Tags:Mythic MythicC2

Avatar
navneeet
Live Mythic C2 teamserver. Self-signed cert `O=Mythic C2` (SHA1 `BD1386A84B35235BF2E953B219998FDF09615F41`, NotAfter 2027-06-29) on TCP/9003. HTTP responds with the Mythic backend CORS headers (Access-Control-Allow-Origin: *; Methods GET,POST,PUT,DELETE,OPTIONS). Verified live via read-only TLS handshake + check-host.net neutral nodes 2026-07-02. 0 detections on VirusTotal; not in ThreatFox. Host: China Telecom (CN).

Hunted via automated infrastructure fingerprinting using Claude Code-assisted workflows.