ThreatFox IOC Database

You are viewing the ThreatFox database entry for ip:port 87.249.53.87:63820.

Database Entry

This IOC expired

This IOC is an old IOC and hence has expired on 2025-12-16 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.

IOC ID:	286054
IOC:	87.249.53.87:63820
IOC Type :	ip:port
Threat Type :	botnet_cc
Malware:	RedLine Stealer
Malware alias:	RECORDSTEALER
Confidence Level :	Confidence level is high (100%)
ASN:	AS9123 TimeWeb-AS
Country:	RU
First seen:	2021-12-24 23:06:05 UTC
Last seen:	2023-08-01 18:05:48 UTC
UUID:	122f4691-650e-11ec-8ab6-42010aa4000a
Reporter	abuse_ch
Reward	5 credits from ThreatFox
Tags:	RedLineStealer

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)	SHA256 hash	Bazaar
2021-12-25 13:01:51	fb34e5cbdfc7f2a045a019ef8a038736c83d60641e6c360278b4baeca9e7721f
2021-12-25 10:00:56	caa85e212277dfaa413bd82fbad96fa083aa76029cf1812cd09c2a18f42f772d
2021-12-25 08:41:06	0f9b30402f73d225631915acc66cfd6fa860e4050aa7db8e24b111dcb407dc35
2021-12-25 08:06:06	3f654cc740b18a83fdb840f27cf46f7c8299f51a9a2a6b97b9583ca9e9d9ca5f
2021-12-25 08:02:06	b554190fa5cf3c176bf3372cf00a6ca84a66a0bdb0f44071c9019f3db31d4c2a
2021-12-24 23:06:07	b7573458498a18eb51b1195903a93f04e8f1e82bebf51fe92e3d42d291ba038b