ThreatFox IOC Database
You are viewing the ThreatFox database entry for ip:port 220.154.3.197:9003.
Database Entry
| IOC ID: | 1843418 |
|---|---|
| IOC: | 220.154.3.197:9003 |
| IOC Type : | ip:port |
| Threat Type : | botnet_cc |
| Malware: | Unknown malware |
| Confidence Level : | Confidence level is elevated (75%) |
| Is compromised? : | False |
| ASN: | AS141679 CHINATELECOM-IDC-BTHBD-AP |
| Country: | CN |
| First seen: | 2026-07-02 11:44:21 UTC |
| Last seen: | never |
| UUID: | 9a370a34-75ec-11f1-97fa-42010aa4000a |
| Reporter | |
| Reward | 5 credits from ThreatFox |
| Tags: | Mythic MythicC2 |
navneeet
Live Mythic C2 teamserver. Self-signed cert `O=Mythic C2` (SHA1 `BD1386A84B35235BF2E953B219998FDF09615F41`, NotAfter 2027-06-29) on TCP/9003. HTTP responds with the Mythic backend CORS headers (Access-Control-Allow-Origin: *; Methods GET,POST,PUT,DELETE,OPTIONS). Verified live via read-only TLS handshake + check-host.net neutral nodes 2026-07-02. 0 detections on VirusTotal; not in ThreatFox. Host: China Telecom (CN).Hunted via automated infrastructure fingerprinting using Claude Code-assisted workflows.
CN