ThreatFox IOC Database

You are viewing the ThreatFox database entry for ip:port 95.216.21.217:20158.

Database Entry

This IOC expired

This IOC is an old IOC and hence has expired on 2025-12-11 01:15:02 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.

IOC ID:	315658
IOC:	95.216.21.217:20158
IOC Type :	ip:port
Threat Type :	botnet_cc
Malware:	RedLine Stealer
Malware alias:	RECORDSTEALER
Confidence Level :	Confidence level is high (100%)
ASN:	AS24940 HETZNER-AS
Country:	DE
First seen:	2022-01-23 17:05:34 UTC
Last seen:	never
UUID:	adbe40a8-7c6e-11ec-8ab6-42010aa4000a
Reporter	abuse_ch
Reward	5 credits from ThreatFox
Tags:	RedLineStealer

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)	SHA256 hash	Bazaar
2022-01-24 13:15:39	2f4401237b1c8fb0fd9caf31e280f73dadeaac62e837f30ed0b580d42d75d899
2022-01-24 11:55:30	1d954347b4549a195aebc8a176ea7f1140c902bd3f8fddaba2099d8a6f86a216
2022-01-24 11:15:34	973549247e54570bae7013e0346274e5afefef1d7bf2dae489c7c32e210df67c
2022-01-24 09:55:24	e709230351716712a3fc0683afa91a4855f79a07582d317ff8b449278150d4b2
2022-01-23 17:05:37	bfbb5f477e58c173f83ab157415782b680694c9ba43d20bef89dda58bc840c06