ThreatFox IOC Database

You are viewing the ThreatFox database entry for ip:port 116.203.252.195:22021.

Database Entry

This IOC expired

This IOC is an old IOC and hence has expired on 2025-12-25 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.

IOC ID:	377489
IOC:	116.203.252.195:22021
IOC Type :	ip:port
Threat Type :	botnet_cc
Malware:	RedLine Stealer
Malware alias:	RECORDSTEALER
Confidence Level :	Confidence level is high (100%)
ASN:	AS24940 HETZNER-AS
Country:	DE
First seen:	2022-02-02 19:11:26 UTC
Last seen:	2023-08-01 17:56:28 UTC
UUID:	eb7fb2bf-845b-11ec-a824-42010aa4000a
Reporter	abuse_ch
Reward	5 credits from ThreatFox
Tags:	RedLineStealer

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)	SHA256 hash	Bazaar
2022-02-06 08:30:48	3df5ec1135412e64d5b3641c36fb2b34c741ee6286ba9786001a006deb889c85
2022-02-06 08:30:45	18c8739978fdfd2592fb1441aa82af6cb365bbd85044339b8f178049defd9a29
2022-02-03 16:05:11	0ec522dfd9307772bf8b600a8b91fd6facd0bf4090c2b386afd20e955b25206a
2022-02-03 02:41:14	0e041d06cf4c8b7ed4e1fd8bd71bc4d06d575365fc261db2013ca046414827e1
2022-02-02 19:16:38	8eb464ddff8d1b4844641e7e1eefdcb9cd5830a3e63d19fe0c061db6a21b4405