ThreatFox IOC Database
You are viewing the ThreatFox database entry for url http://2.56.59.31/purelogs/index.php.
Database Entry
This IOC expired
This IOC is an old IOC and hence has expired on 2025-12-16 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.
| IOC ID: | 393041 |
|---|---|
| IOC: | http://2.56.59.31/purelogs/index.php |
| IOC Type : | url |
| Threat Type : | botnet_cc |
| Malware: | Azorult |
| Malware alias: | PuffStealer, Rultazo |
| Confidence Level : | Confidence level is high (100%) |
| ASN: | AS399471 AS-DESEQUITY |
| Country: |  NL |
| First seen: | 2022-03-08 16:59:19 UTC |
| Last seen: | 2023-09-27 14:01:44 UTC |
| UUID: | 183a7fd3-9f01-11ec-a022-42010aa4000a |
| Reporter |  AndreGironda |
| Reward | 5 credits from ThreatFox |
| Tags: | AZORult |
| Reference: | https://tria.ge/220308-vb4whacbdr |
AndreGironda
MITRE T1566.001Date: 08 Mar 2022 10:30-11:00 +0100
Received: from plain.staythai.com (185.102.170.150)
From: Frans Stapelberg <frans@glencore.co.za>
Subject: Please Quote // RFQ GC-0016862
Message-ID: <20220308103549.13D9FF89397E0074@glencore.co.za>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_000_0012_6781276E.FCCE23EB"
Return-Path: frans@glencore.co.za
Attachment Name: Please Quote RFQ GC-0016862.pdf.gz
Gzipfile SHA256: b64ba261e9ed9bfa7ec977a22f7f7929d33815f58cdc1fd5eecc01f3e3ddeeb4
Executable Name: OPEN_2022-03-08_10-05.exe
Executable SHA256: 115aa1897c771a95c9d7e20926264e7804f48dcb5db25cfa67b83257cbe2fe6b
AZORult Unpacked Executable SHA256: b2a5354fb878c713f04b0e99dc5731c24901af73dd43652673492913efe0c490
Malware Samples
The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).